WGU C838 ALL VERSIONS MANAGING CLOUD SECURITY EXAM RATED WITH VERIFIED 1000+ qs and Ans

WGU C838 ALL VERSIONS MANAGING CLOUD SECURITY EXAM RATED WITH VERIFIED 1000+ qs and Ans Which of the following best describes data masking? A A method where the last few numbers in a dataset are not obscured. These are often used for authentication. B A method for creating similar but inauthentic datasets used for software testing and user training. C A method used to protect prying eyes from data such as social security numbers and credit card data. D Data masking involves stripping out all similar digits in a string of numbers so as to obscure the original number. Database activity monitoring (DAM) can be: A Used in the place of encryption B Used in place of data masking C Host-based or network-based D Server-based or client-based SOAP is a protocol specification providing for the exchange of structured information or data in web services. Which of the following is not true of SOAP? A Works over numerous protocols B Standards-based C Reliant on XML D Extremely fast Dynamic application security testing (DAST) is best described as which of the following? A Masking B Test performed on an application or software product while being consumed by cloud customers C Test performed on an application or software product while it is being executed in memory in an operating system D Test performed on an application or software product while it is using real data in production Which of the following best describes SAML? A A standard for exchanging usernames and passwords across devices B A standard for exchanging authentication and authorization data between security domains C A standard for developing secure application management logistics D A standard used for directory synchronization Web application firewalls (WAFs) are designed primarily to protect applications from common attacks like A Syn floods B Password cracking C XSS and SQL injection D Ransomware The application normative framework is best described as which of the following? A A superset of the ONF B The complete ONF C A stand-alone framework for storing security practices for the ONF D A subset of the ONF In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party? A A contracted third party/the various member organizations of the federation B Each member organization/each member organization C Each member organization/a trusted third party D The users of the various organizations within the federation/a CASB Which of the following best describes the purpose and scope of ISO/IEC 27034-1? A Provides an overview of network and infrastructure security designed to secure cloud applications B Serves as a newer replacement for NIST 800-53 r4 C Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security D Describes international privacy standards for cloud computing Which of the following best describes the Organizational Normative Framework (ONF)? A A set of application security, and best practices, catalogued and leveraged by the organization B A framework of containers for all components of application security, best practices, catalogued and leveraged by the organization C A container for components of an application's security, best practices, catalogued and leveraged by the organization D A framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization Which of the following best describes SAST? A set of technologies that analyze application bit code, and binaries for coding and design problems that would indicate a security problem or vulnerability B A set of technologies that analyze application source code, and bit code for coding and design problems that would indicate a security problem or vulnerability C A set of technologies that analyze application source code for coding and design problems that would indicate a security problem or vulnerability D A set of technologies that analyze application source code, byte code, and binaries for coding and design problems that would indicate a security problem or vulnerability Which of the following is not one of the SDLC phases? A Design B Test C Define D Reject Sandboxing provides which of the following? A A testing environment that prevents isolated code from running in a nonproduction environment. B A test environment that isolates untrusted code changes for testing in a production environment. C A test environment that isolates untrusted code changes for testing in a nonproduction environment. D A testing environment where new and experimental code can be tested in a nonproduction environment. Which of the following best describes a sandbox? A An isolated space where untested code and experimentation can safely occur separate from the production environment B An isolated space where transactions are protected from malicious software C A space where you can safely execute malicious code to see what it does D An isolated space where untested code and experimentation can safely occur within the production environment Which of the following best represents the definition of REST? A Built on protocol standards B Lightweight and scalable C Relies heavily on XML D Only supports XML output Which of the following best describes data masking? A Data masking is used in place of production data. B Data masking is used in place of encryption for better performance. C Data masking is used to hide PII. D Data masking is used to create a similar, inauthentic dataset used for training and software testing. APIs are defined as which of the following? A A set of routines and tools for building software applications to access webbased software applications B A set of protocols, and tools for building software applications to access a webbased software application or tool C A set of standards for building software applications to access a web-based software application or tool D A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or tool Identity and access management (IAM) is a security discipline that ensures which of the following? A That the right individual gets access to the right resources at the right time for the right reasons B That all users are properly authorized C That unauthorized users will get access to the right resources at the right time for the right reasons D That all users are properly authenticated