WGU C838 OA EXAM QUESTIONS AND ANSWERS (VERIFIED ANSWERS) LATEST UPDATE 2025

WGU C838 OA EXAM QUESTIONS AND ANSWERS (VERIFIED ANSWERS) LATEST UPDATE 2025 "A cloud administrator recommends using tokenization as an alternative to protecting data without encryption. The administrator needs to make an authorized application request to access the data. Which step should occur immediately before this action is taken? (A) The application collects a token. (B) The application stores the token. (C) The tokenization server generates the token. (D) The tokenization server returns the token to the application." - RIGHT ANSWER -(B) The application stores the token "A cloud customer is setting up communication paths with the cloud service provider that will be used in the event of an incident. Which action facilitates this type of communication? (A) Using existing open standards (B) Incorporating checks on API calls (C) Identifying key risk indicators (KRIs) (D) Performing a vulnerability assessment" - RIGHT ANSWER -Using existing open standards "A company has recently defined classification levels for its data. During which phase of the cloud data life cycle should this definition occur? (A) Use (B) Share (C) Create (D) Archive" - RIGHT ANSWER -Create "A CSP operating in Australia experiences a security breach that results in disclosure of personal information that is likely to result in serious harm. Who is the CSP legally required to notify? (A) Cloud Security Alliance (B) Information commissioner (C) Australian privacy foundation (D) Asian-Paci?c privacy control board" - RIGHT ANSWER -Information commissioner "A CSP provides services in European Union (EU) countries that are subject to the network information security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the essential services being provided. Who is the CSP required to notify under the NIS directive? (A) Competent authorities (B) Data protection regulator (C) Provider's services suppliers (D) Personal Information Protection Commission" - RIGHT ANSWER -Competent authorities "An architect needs to constrain problems to a level that can be controlled when the problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of the plan will provide this guarantee? (A) Ensuring data backups (B) Managing plane controls (C) Handling provider outages (D) Evaluating portability alternatives" - RIGHT ANSWER -Handling provider outages "How do immutable workloads effect security overhead? (A) They reduce the management of the hosts. (B) They create patches for a running workload. (C) They restrict the amount of instances in a cluster. (D) They automatically perform vulnerability scanning as they launch." - RIGHT ANSWER -They reduce the management of the hosts "How is the compliance of the cloud service provider's legal and regulatory requirements verified when securing personally identifiable information (PII) data in the cloud? (A) E-discovery process (B) Contractual agreements (C) Researching data retention laws (D) Third-party audits and attestations" - RIGHT ANSWER -Third-party audits and attestations "In which situation could cloud clients find it impossible to recover or access their own data if their cloud provider goes bankrupt? (A) Multicloud (B) Multitenant (C) Vendor lock-in (D) Vendor lock-out" - RIGHT ANSWER -Vendor lock-out "The security administrator for a global cloud services provider (CSP) is required to globally standardize the approaches for using forensics methodologies in the organization. Which standard should be applied? (A) Sarbanes-Oxley act (SOX) (B) Cloud controls matrix (CCM) (C) International electrotechnical commission (IEC) 27037 (D) International organization for standardization (ISO) 27050-1" - RIGHT ANSWER -International organization for standardization (ISO) 27050-1 "There is a threat to a banking cloud platform service. The developer needs to provide inclusion in a relational database that is seamless and readily searchable by search engine algorithms. Which platform as a service (PaaS) data type should be used? (A) Structured (B) Unstructured (C) Long-term storage (D) Short-term storage" - RIGHT ANSWER -Structured "What is a component of device hardening? (A) Patching (B) Unit testing (C) Versioning (D) Configuring VPN access" - RIGHT ANSWER -Patching "What is a key capability of infrastructure as a service (IaaS)? (A) Multiple hosting environments (B) Hosted application management (C) Converged network and IT capacity pool (D) Leased application and software licensing" - RIGHT ANSWER -Converged network and IT capacity pool "What is a key capability of security information and event management? (A) Secure remote access (B) Intrusion prevention capabilities (C) Automatic remediation of issues (D) Centralized collection of log data" - RIGHT ANSWER -Centralized collection of log data "What is a key component of the infrastructure as a service (IaaS) cloud service model? (A) High reliability and resilience (B) Allows choice and reduces lock-in (C) Ease of use and limited administration (D) Supports multiple languages and frameworks" - RIGHT ANSWER -High reliability and resilience "What is a key method associated with a risk-based approach to business continuity planning? (A) Using existing network technology (B) Leveraging software-defined networking (C) Applying internal authentication and credential passing (D) Considering the degree of continuity required for assets" - RIGHT ANSWER -Considering the degree of continuity required for assets "What part of the logical infrastructure design is used to configure cloud resources, such as launching virtual machines or configuring virtual networks? (A) Management plane (B) Database management (C) Identity access management (D) Management orchestration software" - RIGHT ANSWER -Management plane "Where should the location be for the final data backup repository in the event that the disaster recovery plan is enacted for the CSP of disaster recovery (DR) service? (A) Tape drive (B) Local storage (C) Cloud platform (D) Company headquarters" - RIGHT ANSWER -Cloud platform "Which action enhances cloud security application deployment through standards such as ISO/IEC 27034 for the development, acquisition, and configuration of software systems? (A) Applying the steps of a cloud software development lifecycle (B) Providing developer access to supporting components and services (C) Outsourcing the infrastructure and integration platform management (D) Verifying the application has an appropriate level of confidentiality and integrity" - RIGHT ANSWER -Applying the steps of a cloud software development lifecycle "Which action is required for breaches of data under the general data protection regulation (GDPR) within 72 hours of becoming aware of the event? (A) Notifying the affected persons (B) Reporting to the supervisory authority (C) Suspending the processing operations (D) Informing consumer credit reporting services" - RIGHT ANSWER -Reporting to the supervisory authority "Which approach is considered a black-box security testing method? (A) Source code review (B) Binary code inspection (C) Static application security testing (D) Dynamic application security testing" - RIGHT ANSWER -Dynamic application security testing "Which artifact may be required as a data source for a compliance audit in a cloud environment? (A) Customer SLAs (B) Change management details (C) Quarterly revenue projections (D) Annual actual-to-budgeted expense reports" - RIGHT ANSWER -Change management details "Which artifact may be required as a data source for a regulatory compliance audit (i.e., HIPAA, PCI-DSS) in a cloud environment? (A) System configuration details (B) Quarterly revenue projections (C) System performance benchmarks (D) Annual actual-to-budgeted expenses" - RIGHT ANSWER -System configuration details "Which aspect of business continuity planning considers the alternatives to be used when there is a complete loss of the provider? (A) Ensuring resiliency (B) Managing plane controls (C) Considering portability options (D) Managing cloud provider outages" - RIGHT ANSWER -Considering portability options "Which assumption about a CSP should be avoided when considering risks in a disaster recovery (DR) plan? (A) Provider's history (B) Continuity planning (C) Level of resiliency (D) Costs will remain the same" - RIGHT ANSWER -Level of resiliency "Which attack vector is associated with cloud infrastructure? (A) Compromised API credentials (B) Data storage locations in multiple jurisdictions (C) Seizure and examination of a physical disk (D) Licensing fees tied to the deployment of software based on a per-CPU licensing model" - RIGHT ANSWER -Compromised API credentials "Which cloud computing technology unlocks business value through digital and physical access to maps? (A) Multitenancy (B) Cloud application (C) On-demand self-service (D) Application programming interface" - RIGHT ANSWER -Application Programming interface "Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring? (A) Data loss prevention (DLP) (B) Web application ?rewall (WAF) (C) Content delivery network (CDN) (D) Cloud access security broker (CASB)" - RIGHT ANSWER -Cloud access security broker (CASB) "Which cloud computing tool may help detect data migrations to cloud services? (A) Cloud data transfer (B) Data loss prevention (C) Cloud security gateways (D) Uniform resource locator (URL) Filtering" - RIGHT ANSWER -(B) Data loss prevention "Which cloud data storage architecture allows sensitive data to be replaced with unique identification symbols that retain all the essential information about the data without compromising its security? (A) Obfuscation (B) Tokenization (C) Anonymization (D) Randomization" - RIGHT ANSWER -Tokenization "Which cloud deployment model is operated for a single organization? (A) Private (B) Public (C) Hybrid (D) Consortium" - RIGHT ANSWER -Private "Which cloud infrastructure is shared by several organizations and supports a specific population that has shared concerns (e.g., mission, security requirements, policy, compliance considerations)? (A) Hybrid (B) Public (C) Private (D) Community" - RIGHT ANSWER -Community "Which cloud infrastructure is shared by several organizations with common concerns, such as mission, policy, or compliance considerations? (A) Hybrid cloud (B) Public cloud (C) Private cloud (D) Community cloud" - RIGHT ANSWER -Community cloud "Which cloud model allows the consumer to have sole responsibility for management and governance? (A) Hybrid (B) Public (C) Private (D) Community" - RIGHT ANSWER -Private "Which cloud model offers access to a pool of fundamental IT resources such as computing, networking, or storage? (A) Data (B) Platform (C) Application (D) Infrastructure" - RIGHT ANSWER -Infrastructure "Which cloud model provides data location assurance? (A) Hybrid (B) Public (C) Private (D) Community" - RIGHT ANSWER -Private "Which cloud security control eliminates the risk of a virtualization guest escape from another tenant? (A) Dedicated hosting (B) File integrity monitor (C) Hardware hypervisor (D) Immutable virtual machines" - RIGHT ANSWER -Dedicated hosting "Which cloud security control is a countermeasure for man-in-the-middle attacks? (A) Reviewing log data (B) Backing up data offsite (C) Using block data storage (D) Encrypting data in transit" - RIGHT ANSWER -Encrypting data in transit "Which cloud-specific risk must be considered when moving infrastructure operations to the cloud? (A) Denial of service (B) Natural disasters (C) Regulatory violations (D) Lack of physical access" - RIGHT ANSWER -Lack of physical access "Which consideration should be taken into account when reviewing a cloud service provider's risk of potential outage time? (A) The type of database (B) The provider's support services (C) The unique history of the provider (D) The amount of cloud service offerings" - RIGHT ANSWER -The unique history of the provider "Which control helps mitigate the risk of sensitive information leaving the cloud environment? (A) Data loss prevention (DLP) (B) Disaster recovery plan (DRP) (C) Web application ?rewall (WAF) (D) Identity and access management (IAM)" - RIGHT ANSWER -Data loss prevention (DLP) "Which countermeasure enhances redundancy for physical facilities hosting cloud equipment during the threat of a power outage? (A) Tier 2 network access providers (B) Multiple and independent power circuits to all racks (C) Radio frequency interference (RFI) blocking devices (D) Automated license plate readers (ALPR) at entry points" - RIGHT ANSWER -Multiple and independent power circuits to all racks "Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms? (A) Host lockdown (B) Data sanitization (C) Key management (D) Multifactor authentication" - RIGHT ANSWER -Multifactor authentication "Which countermeasure mitigates the risk of a rogue cloud administrator? (A) Data encryption (B) Platform orchestration (C) Logging and monitoring (D) Multifactor authentication" - RIGHT ANSWER -Logging and monitoring "Which data retention method is stored with a minimal amount of metadata storage with the content? (A) File system (B) Redundant array (C) Block-based (D) Object-based" - RIGHT ANSWER -Block-based "Which data retention policy controls how long health insurance portability and accountability act (HIPAA) data can be archived? (A) Enforcement (B) Maintenance (C) Data classification (D) Applicable regulation" - RIGHT ANSWER -Applicable regulation "Which data retention solution should be applied to a file in order to reduce the data footprint by deleting fixed content and duplicate data? (A) Saving (B) Backup (C) Caching (D) Archiving" - RIGHT ANSWER -Archiving "Which data source provides auditability and traceability for event investigation as well as documentation? (A) Database schema (B) Ephemeral storage (C) Network segmentation (D) Virtualization platform logs" - RIGHT ANSWER -Virtualization platform logs "Which data source provides auditability and traceability for event investigation as well as documentation? (A) Storage files (B) Packet capture (C) Database tables (D) Network interference" - RIGHT ANSWER -Packet Capture "Which description characterizes the application programming interface (API) format known as representational state transfer (REST)? (A) Tolerates errors at a high level (B) Supports only extensible markup language (XML) (C) Delivers a slower performance with complex scalability (D) Provides a framework for developing scalable web applications" - RIGHT ANSWER -Provides a framework for developing scalable web applications "Which design principle of secure cloud computing ensures that the business can resume essential operations in the event of an availability-affecting incident? (A) Access control (B) Resource pooling (C) Disaster recovery (D) Session management" - RIGHT ANSWER -Disaster recovery "Which design principle of secure cloud computing ensures that users can utilize data and applications from around the globe? (A) Scalability (B) Portability (C) Broad network access (D) On-demand self-service" - RIGHT ANSWER -Broad network access "Which design principle of secure cloud computing involves deploying cloud service provider resources to maximize availability in the event of a failure? (A) Elasticity (B) Resiliency (C) Clustering (D) Scalability" - RIGHT ANSWER -Resiliency "Which detection and analysis technique is performed to capture a point-in-time picture of the entire stack at the time of an incident? (A) Review data access logs (B) Examine configuration data (C) Collect metadata during alert (D) Create a snapshot using API calls" - RIGHT ANSWER -Create a snapshot using API calls "Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster? (A) Hot (B) Cold (C) Passive (D) Reserve" - RIGHT ANSWER -HOT "Which disaster recovery plan metric indicates how long critical functions can be unavailable before the organization is irretrievably affected? (A) Recovery time objective (RTO) (B) Mean time to switchover (MTS) (C) Recovery point objective (RPO) (D) Maximum allowable downtime (MAD)" - RIGHT ANSWER -Maximum allowable downtime (MAD) "Which document addresses CSP issues such as guaranteed uptime, liability, penalties, and dispute mediation process? (A) Service level agreement (SLA) (B) Service organization control 3 (SOC 3) (C) General data protection regulation (GDPR) (D) Common criteria assurance framework (CC)" - RIGHT ANSWER -Service level agreement (SLA) "Which element is a cloud virtualization risk? (A) Licensing (B) Jurisdiction (C) Guest isolation (D) Electronic discovery" - RIGHT ANSWER -Guest isolation "Which element is protected by an encryption system? (A) Data (B) Public key (C) Ciphertext (D) Management engine" - RIGHT ANSWER -Data "Which encryption technique connects the instance to the encryption instance that handles all crypto operations? (A) Proxy (B) Database (C) Server-side (D) Externally managed" - RIGHT ANSWER -Proxy "Which environmental consideration should be addressed when planning the design of a data center? (A) Heating and ventilation (B) Utility power availability (C) Expansion possibilities and growth (D) Telecommunications connections" - RIGHT ANSWER -Heating and ventilation "Which factor exemplifies adequate cloud contract governance? (A) The bandwidth that is contractually provided (B) The emphasis of privacy controls in the contract (C) The frequency with which contracts are renewed (D) The flexibility of data types in accordance with a contract" - RIGHT ANSWER -The frequency with which contracts are renewed, "Which group is legally bound by the general data protection regulation (GDPR)? (A) Only corporations headquartered in the EU (B) Only corporations that processes the data of EU citizens (C) Only corporations that have operations in more than one EU nation (D) Only corporations located in countries that have adopted the GDPR standard" - RIGHT ANSWER -Only corporations that processes the data of EU citizens "Which identity management process targets access to enterprise resources by ensuring that the identity of an entity is verified? (A) Federation (B) Provisioning (C) Authentication (D) Policy management" - RIGHT ANSWER -Authentication "Which international standard guide provides procedures for incident investigation principles and processes? (A) ISO/IEC 27034-1:2011 (B) ISO/IEC 27037:2012 (C) ISO/IEC 27001:2013 (D) ISO/IEC 27043:2015" - RIGHT ANSWER -ISO/IEC 27043:2015 "Which issue can be detected with static application security testing (SAST)? (A) Malware (B) Threading (C) Authentication (D) Performance" - RIGHT ANSWER -Threading "Which issue occurs when a web browser is sent data without proper validation? (A) Cross-site scripting (XXS) (B) Cross-site request forgery (CSRF) (C) Insecure direct object access (IDOA) (D) Lightweight directory access protocol (LDAP) injection" - RIGHT ANSWER -Cross-site scripting (XXS) "Which item is required in a cloud contract? (A) Strategy for the SDLC (B) Specifications for unit testing (C) Penalties for failure to meet SLA (D) Diagrams for data flow structures" - RIGHT ANSWER -(C) Penalties for failure to meet SLA "Which item should be part of the legal framework analysis if a company wishes to store prescription drug records in a SaaS solution? (A) U.S. Patriot Act (B) Sarbanes-Oxley Act (C) Federal Information Security Modernization Act (D) Health Insurance Portability and Accountability Act" - RIGHT ANSWER -Health Insurance Portability and Accountability Act "Which item would be a risk for an enterprise considering contracting with a cloud service provider? (A) 99.99% up time guarantees (B) No SLA exclusion penalties (C) Very expensive SLA provider penalties (D) Suspension of service if payment is delinquent" - RIGHT ANSWER -Suspension of service if payment is delinquent "Which jurisdictional data protection controls the ways that Financial institutions deal with the private information of individuals? (A) Sarbanes-Oxley act (SOX) (B) Gramm-Leach-Bliley act (GLBA) (C) Stored communications act (SCA) (D) Health insurance portability and accountability act (HIPAA)" - RIGHT ANSWER -Gramm-Leach-Bliley act (GLBA) "Which jurisdictional data protection includes dealing with the international transfer of data? (A) Privacy regulation (B) Financial modernization (C) Sarbanes-Oxley act (SOX) (D) Secure choice authorization (SCA)" - RIGHT ANSWER -Privacy Regulation "Which jurisdictional data protection safeguards protected health information (PHI)? (A) Directive 95/46/EC (B) Safe harbor regime (C) Personal Data Protection Act of 2000 (D) Health Insurance Portability and Accountability Act (HIPAA)" - RIGHT ANSWER -Health Insurance Portability and Accountability Act (HIPAA) "Which legislation must a trusted cloud service adhere to when utilizing the data of EU citizens? (A) SOX (B) APPI (C) GDPR (D) EMTALA" - RIGHT ANSWER -GDPR "Which logical design decision can be attributed to required regulation? (A) Retention formats (B) Retention periods (C) Database reads/second (D) Database writes/second" - RIGHT ANSWER -Retention periods "Which method is being used when a company evaluates the acceptable loss exposure associated with a cloud solution for a given set of objectives and resources? (A) Risk appetite (B) Risk management (C) Business impact analysis (D) Business continuity planning" - RIGHT ANSWER -Risk appetite "Which method should the cloud consumer use to secure the management plane of the cloud service provider? (A) Credential management (B) Network access control list (C) Agent-based security tooling (D) Disablement of management plane" - RIGHT ANSWER -Credential management "Which methodology could cloud data storage utilize to encrypt all data associated in an infrastructure as a service (IaaS) deployment model? (A) Sandbox encryption (B) Client-side encryption (C) Polymorphic encryption (D) Whole-instance encryption" - RIGHT ANSWER -Whole-instance encryption "Which multi-factor authentication (MFA) option uses a physical universal serial bus (USB) device to generate one-time passwords? (A) Biometrics (B) Hard tokens (C) Out-of-band passwords (D) Transaction authentication numbers" - RIGHT ANSWER -Hard tokens "Which open web application security project (OWASP) Top 9 Coding Flaws leads to security issues? (A) Denial-of-service (B) Client-side injection (C) Cross-site scripting (D) Direct object reference" - RIGHT ANSWER -Direct object reference "Which option should an organization choose if there is a need to avoid software ownership? (A) Software as a service (SaaS) (B) Platform as a service (PaaS) (C) Containers as a service (CaaS) (D) Infrastructure as a service (IaaS)" - RIGHT ANSWER -Software as a service (SaaS) "Which penalty is imposed for privacy violations under the general data protection regulation (GDPR)? (A) Penalty up to 10 million Euros (B) Penalty up to 20 million Euros (C) Penalty up to 2% of gross income (D) Penalty up to 5% of gross income" - RIGHT ANSWER -Penalty up to 20 million Euros "Which phase of the cloud data life cycle is associated with crypto-shredding? (A) Use (B) Store (C) Share (D) Destroy" - RIGHT ANSWER -Destroy "Which phase of the cloud data life cycle uses content delivery networks? (A) Share (B) Create (C) Destroy (D) Archive" - RIGHT ANSWER -Share "Which phase of the cloud data lifecycle allows both read and process functions to be performed? (A) Share (B) Store (C) Create (D) Archive" - RIGHT ANSWER -Create "Which phase of the cloud data security lifecycle typically occurs simultaneously with creation? (A) Use (B) Share (C) Store (D) Destroy" - RIGHT ANSWER -Store "Which phase of the software development life cycle includes determining the business and security requirements for the application to occur? (A) Testing (B) Defining (C) Designing (D) Developing" - RIGHT ANSWER -Defining "Which phase of the software development life cycle includes writing application code? (A) Defining (B) Designing (C) Developing (D) Implementing" - RIGHT ANSWER -Developing "Which platform as a service (PaaS) storage architecture should be used if an organization wants to store presentations, documents, and audio files? (A) Block (B) Object (C) Distributed (D) Relational database" - RIGHT ANSWER -Object "Which primary security control should be used by all cloud accounts, including individual users, in order to defend against the widest range of attacks? (A) Perimeter security (B) Logging and monitoring (C) Redundant infrastructure (D) Multi-factor authentication" - RIGHT ANSWER -Multi-factor authentication "Which problem is known as a common supply chain risk? (A) Data breaches (B) Domain spoofing (C) Source code design (D) Runtime application self-protection" - RIGHT ANSWER -Data breaches "Which process involves the use of electronic data as evidence in a civil or criminal legal case? (A) Due diligence (B) Cloud governance (C) Auditing in the cloud (D) eDiscovery investigations" - RIGHT ANSWER -eDiscovery investigations "Which process prevents the environment from being over-controlled by security measures to the point where application performance is impacted? (A) Private cloud (B) Community cloud (C) Quality of service (QoS) (D) Trusted cloud initiative (TCI)" - RIGHT ANSWER -Quality of service (QoS) "Which regulation in the United States defines the requirements for a CSP to implement and report on internal accounting controls? (A) SOX (B) GDPR (C) HIPAA (D) FERPA" - RIGHT ANSWER -SOX "Which regulation requires a CSP to comply with copyright law for hosted content? (A) SOX (B) SCA (C) GLBA (D) DMCA" - RIGHT ANSWER -DMCA Digital Millennium Copyright Act "Which requirement is included when exceptions, restrictions, and potential risks are highlighted in a cloud services contract? (A) Load balancer algorithm (B) Stockholder expectations (C) Regulatory and compliance (D) Virtual machine and operating system" - RIGHT ANSWER -Regulatory and compliance "Which result is achieved by removing all nonessential services and software of devices for secure configuration of hardware? (A) Patching (B) Lockdown (C) Hardening (D) Maintenance" - RIGHT ANSWER -(C) Hardening "Which risk during the eDiscovery process would limit the usefulness of the requested data from the cloud by third parties? (A) Direct access (B) Authentication (C) Native production (D) Discovery by design" - RIGHT ANSWER -Native production "Which risk is associated with malicious and accidental dangers to a cloud infrastructure? (A) External attacks (B) Personnel threats (C) Natural disasters (D) Regulatory noncompliance" - RIGHT ANSWER -Personnel threats "Which risk is controlled by implementing a private cloud? (A) Eavesdropping (B) Physical security (C) Unauthorized access (D) Denial-of-service (DoS)" - RIGHT ANSWER -Physical security "Which risk is related to interception of data in transit? (A) Virtualization (B) Traffic blocking (C) Man-in-the-middle (D) Software vulnerabilities" - RIGHT ANSWER -Man-in-the-middle "Which security control does the software as a service (SaaS) model require as a shared responsibility of all parties involved? (A) Data (B) Platform (C) Application (D) Infrastructure" - RIGHT ANSWER -Application "Which security method should be included in a defense-in-depth, when examined from the perspective of a content security policy (CSP)? (A) Training programs (B) Technological controls (C) Strong access controls (D) Contractual enforcement of policies" - RIGHT ANSWER -Technological controls "Which security strategy is associated with data rights management solutions? (A) Static policy control (B) Continuous auditing (C) Unrestricted replication (D) Limited documents type support" - RIGHT ANSWER -Continuous auditing "Which security technology can provide secure network communications from on-site enterprise systems to a cloud platform? (A) Web application ?rewall (WAF) (B) Data loss prevention (DLP) (C) Domain name system security extensions (DNSSEC) (D) Internet protocol security (IPSec) virtual private network (VPN)" - RIGHT ANSWER -Internet protocol security (IPSec) virtual private network (VPN "Which security testing approach is used to review source code and binaries without executing the application? (A) Fuzz testing (B) Regression testing (C) Static application security testing (D) Dynamic application security testing" - RIGHT ANSWER -Static application security testing "Which security threat occurs when a developer leaves an unauthorized access interface within an application after release? (A) Easter egg (B) Deprecated API (C) Persistent backdoor (D) Development operations" - RIGHT ANSWER -Persistent backdoor "Which service model influences the logical design by using additional measures in the application to enhance security? (A) Public cloud (B) Hybrid cloud (C) Platform as a service (PaaS) (D) Software as a service (SaaS)" - RIGHT ANSWER -Software as a service (SaaS) "Which standard addresses practices related to acquisition of forensic artifacts and can be directly applied to a cloud environment? (A) ISO/IEC 27001 (B) ISO/IEC 27050-1 (C) NIST SP 500-291 (D) NIST SP 800-145" - RIGHT ANSWER -ISO/IEC 27050-1 "Which standard addresses the privacy aspects of cloud computing for consumers? (A) ISO 19011:2011 (B) ISO 27001:2013 (C) ISO 27018:2014 (D) ISO 27017:2015" - RIGHT ANSWER -ISO 27018:2014 "Which technique scrambles the content of data using a mathematical algorithm while keeping the structural arrangement of the data? (A) Tokenization (B) Dynamic masking (C) Proxy-based encryption (D) Format-preserving encryption" - RIGHT ANSWER -Format-preserving encryption "Which technology allows an organization to control access to sensitive documents stored in the cloud? (A) Digital rights management (DRM) (B) Database activity monitoring (DAM) (C) Identity and access management (IAM) (D) Distributed resource scheduling (DRS)" - RIGHT ANSWER -Digital Rights Management (DRM) "Which technology can an administrator us to remotely manage a fleet of servers? (A) Bastion host (B) Management plane (C) VPN concentrator (D) KVM switch" - RIGHT ANSWER -(B) Management plane "Which technology improves the ability of the transport layer security (TLS) to ensure privacy when communicating between applications? (A) Volume encryption (B) Whole-disk encryption (C) Virtual private networks (VPNs) (D) Advanced application-specific integrated circuits (ASICs)" - RIGHT ANSWER -Advanced application-specific integrated circuits (ASICs) "Which technology is used to manage identity access management by building trust relationships between organizations? (A) Federation (B) Single sign-on (C) Biometric authentication (D) Multifactor authentication" - RIGHT ANSWER -Federation "Which technology should be included in the disaster recovery plan to prevent data loss? (A) Locked racks (B) System patches (C) Offsite backups (D) Video surveillance" - RIGHT ANSWER -Offsite backups "Which technology typically provides security isolation in infrastructure as a service (IaaS) cloud (A) computing? (B) Virtual machines (C) Operating systems (D) Application instance" - RIGHT ANSWER -Virtual machines "Which term describes the action of confirming identity access to an information system? (A) Access (B) Concept (C) Coordination (D) Authentication" - RIGHT ANSWER -Authentication "Which testing method must be performed to demonstrate the effectiveness of a business continuity plan and procedures? (A) SAST (B) DAST (C) Failover (D) Penetration" - RIGHT ANSWER -Failover "Which type of agreement aims to negotiate policies with various parties in accordance with the agreed- upon targets? (A) User license (ULA) (B) Service-level (SLA) (C) Privacy-level (PLA) (D) Operation-level (OLA)" - RIGHT ANSWER -Service-level (SLA) "Which type of cloud deployment model is considered equivalent to a traditional IT architecture? (A) Public (B) Hybrid (C) Private (D) Community" - RIGHT ANSWER -Private "Which type of control is important in order to achieve compliance for risk management? (A) Security (B) Privacy (C) Validation (D) Technical" - RIGHT ANSWER -Security "Which type of control should be used to implement custom controls that safeguard data? (A) Application level (B) Management plane (C) Options for access (D) Public and internal sharing" - RIGHT ANSWER -Application level "Who retains Final ownership for granting data access and permissions in a shared responsibility model? (A) Analyst (B) Manager (C) Customer (D) Developer" - RIGHT ANSWER -Customer "Why is eDiscovery difficult in the cloud? (A) The process is time consuming. (B) The cloud service provider may lack sufficient resources. (C) The client may lack the credentials to access the required data. (D) The customer is responsible for their data on a multi-tenant system." - RIGHT ANSWER -The client may lack the credentials to access the required data. A cloud provider is looking to provide a higher level of assurance to current and potential cloud customers about the design and effectiveness of their security controls. Which of the following audit reports would the cloud provider choose as the most appropriate to accomplish this goal? - RIGHT ANSWER -SOC 3 A medical company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend to use? - RIGHT ANSWER -Community All of the following are part of a Federated Identity System except: - RIGHT ANSWER -Relaying Party All of the following should be included in the Audit Scope Statement except: - RIGHT ANSWER -Cost Allen needs to evaluate, test, and deploy software updates. Which of the following management techniques will she use? - RIGHT ANSWER -Patch Among the following, which involves a top-down approach for addressing and managing risk in an organization during the audit process? - RIGHT ANSWER -Information security management system An organization wants to preserve control of its IT environments and takes advantage of flexibility, scalability, and cost savings. Which cloud deployment model helps the organization do this? - RIGHT ANSWER -Hybrid An organization will conduct a risk assessment to evaluate which of the following? - RIGHT ANSWER -Threats to its assets, vulnerabilities present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, and the residual risk when appropriate controls are properly applied to lessen the vulnerability Data Classification is a core concept of PCI DSS. - RIGHT ANSWER -TRUE In a federated system, which two components serve as its core? - RIGHT ANSWER -The IdP The Relying Party In SaaS the customer has control over: - RIGHT ANSWER -Data In SOC 2 Auditing, how many categories make up the security principle? - RIGHT ANSWER -7 In the ______ cloud model, the provider is responsible for system maintenance, and the customer supplies and processes data to and in the system. - RIGHT ANSWER -SaaS In which of the following cloud deployment models does platform security come under enterprise responsibility? - RIGHT ANSWER -IaaS In which of the following policy and organization risks is the consumer not able to implement all required controls? - RIGHT ANSWER -Loss of governance In which testing method does the entire organization take part in a scenario at a scheduled time, describe its responses during the test, and perform some minimal actions? - RIGHT ANSWER -Dry run IT QoS focuses on measuring which of the following, choose all that apply: - RIGHT ANSWER -Services Health Security Jennifer has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this? - RIGHT ANSWER -Network-attached storage Many organizations, for example, Microsoft, use the DREAD model for threat modeling. What does DREAD stand for? - RIGHT ANSWER -Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability Mark, a security administrator, observes multiple service interruptions caused by a data center design. He decided to migrate the company away from its data center and successfully completed the migration of all data center servers and services to a cloud provider. He is still concerned with the availability requirements of critical company applications. Which of the following should Mark implement next? - RIGHT ANSWER -Cloud access security broker Max is the co-founder of a manufacturing firm. Together with his partner, Joe, he has developed a special type of oil that will dramatically improve the manufacturing process. To keep the formula secret, Max and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs? - RIGHT ANSWER -Trade secret Max, a cloud administrator, needs to find a web service that will allow systems to communicate over FTP using an XML-based protocol. Which of the following communication methods will he use? - RIGHT ANSWER -SOAP Object Storage is usually accessed through: - RIGHT ANSWER -APIs Rex has implemented asymmetric key cryptography for the emails of his company. He is concerned that users may lose their private keys and will not be able to decrypt their messages. Which of the following is the best solution to this problem? - RIGHT ANSWER -Key escrow RFCs are approved by? - RIGHT ANSWER -CAB Rhea, a network administrator, wants to create an entire virtual network with all of the virtual devices needed to support the service or application. Which of the following cloud services will help Rhea to accomplish the task? - RIGHT ANSWER -PaaS RPO and RSL are used to establish when services and data are completely restored. - RIGHT ANSWER -FALSE Sally is interested in developing her application in the cloud without having to worry about administering an operating system. Which type of cloud service should she buy? - RIGHT ANSWER -PaaS Security Scanning should be performed throughout the development process vs waiting for the completed package because (choose all that apply): - RIGHT ANSWER -Project delays Complexity of fixes Single Sign On works by issuing: - RIGHT ANSWER -Tokens The "Data Center Site Infrastructure Tier Standard: Topology" document describes a four-tiered architecture for enterprises to rate their data center designs. What are the names of the four tiers? - RIGHT ANSWER -Redundant Site Infrastructure Capacity Components Basic Data Center Site Infrastructure Concurrently Maintainable Site Infrastructure Fault-Tolerant Site Infrastructure The following are common vulnerabilities in a cloud environment except: - RIGHT ANSWER -DBSS The Sarbanes-Oxley Act is enforced by: - RIGHT ANSWER -SEC This includes policies focused on reducing threats and risks to IT and Data resources. - RIGHT ANSWER -ISMS This is a method of categorizing data by finding patterns and it relies on users to refine it: - RIGHT ANSWER -Data Discovery This is the amount of data required to be maintained or restored in order to restore acceptable functionality: - RIGHT ANSWER -RPO This type of storage is a virtual hard drive attached to a virtual host: - RIGHT ANSWER -Volume Timmy wants to ensure that her organization's cybersecurity team reviews the architecture of a new ERP application that is under development. During which software development life cycle (SDLC) phase should she expect the security architecture to be completed? - RIGHT ANSWER -Designing Vulnerability testing where you have knowledge of the systems involved is called? - RIGHT ANSWER -SAST What are the best practice recommendations to secure host servers within a cloud environment? - RIGHT ANSWER -Secure initial configuration Host hardening Host patching Secure build What are the categories of the personal data that can be processed? - RIGHT ANSWER -Sensitive data Telephone or Internet data Biometric data What are the five Trust Services principles? - RIGHT ANSWER -Security, Availability, Processing Integrity, Confidentiality, and Privacy What are the two main types of APIs used with cloud-based systems and applications? - RIGHT ANSWER -REST and SOAP What are the virtualization components governed by the management plane? - RIGHT ANSWER -Network Storage Compute What are the ways to conduct e-discovery investigations in cloud environments? - RIGHT ANSWER -Third-party e-discovery SaaS-based e-discovery Hosted e-discovery What defines what the audit will produce? - RIGHT ANSWER -Deliverables What is the difference between BC and BCM? - RIGHT ANSWER -BC is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. BCM is defined as a holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause. BCM provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities. What is the relying party? - RIGHT ANSWER -A member of the federation that shares resources based on authenticated identities When does the EU Data Protection Directive (Directive 95/46/EC) apply to data processed? - RIGHT ANSWER -The directive applies to data processed by automated means and data contained in paper files. When using a PaaS solution, what is the capability provided to the customer? - RIGHT ANSWER -To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. When using an IaaS solution, what is a key benefit provided to the customer? - RIGHT ANSWER -Metered and priced usage on the basis of units consumed Which cloud deployment model offers the best scalability and cost effectiveness? - RIGHT ANSWER -Public Which Cloud Model uses mainly databases to store data? - RIGHT ANSWER -SaaS Which component is among the highest risk component with respect to software vulnerabilities? - RIGHT ANSWER -Management plane Which components must the CCSP review to ensure that the distributed IT model does not leave a negative impact on organizations? - RIGHT ANSWER -Clear communications Security reporting Governance of processes and activities Coordination and management of activities Which contractual components include a clear understanding of the permissible forms of data processing, transmission, and storage, along with any limitations or nonpermitted uses? - RIGHT ANSWER -Use of subcontractors Scope of processing Which data-at-rest encryption method encrypts all the data stored on the volume and all snapshots created from the volume? - RIGHT ANSWER -Whole instance encryption Which federation standard allows developers to authenticate their users across websites and applications without having to manage usernames and passwords? - RIGHT ANSWER -OpenID Connect Which is a cloud service model category? - RIGHT ANSWER -PaaS Which is a hardware virtualization technique that allows multiple guest operating systems to run on a single host system at the same time? - RIGHT ANSWER -Hypervisor Which is an act enforced by the SEC? - RIGHT ANSWER -SOX Which is not a step in the BCDR continual process? - RIGHT ANSWER -Auditing Which is not necessarily related directly privacy? - RIGHT ANSWER -SOX Which is the correct order of the Cloud Secure Data Lifecycle? - RIGHT ANSWER -Create, Store, Use, Share, Archive, Destroy Which kind of Data Obfuscation method replaces Data with random values that can be mapped to actual data? - RIGHT ANSWER -Tokenization Which method is more commonly used in federated identity environments? - RIGHT ANSWER -SAML Which model introduced the concept of allowing access controls to change dynamically based on a user's previous actions? - RIGHT ANSWER -Brewer-Nash Which of the following access management methods facilitates the exchange of data as appropriate about users and access to resources? - RIGHT ANSWER -Federation Which of the following acts as a form of data caching to copy data which is commonly used by or requested by users? - RIGHT ANSWER -Content delivery network Which of the following Acts consists of the given sections? - RIGHT ANSWER -GLBA Which of the following are considered to be the building blocks of cloud computing? - RIGHT ANSWER -CPU, RAM, storage, and networking Which of the following are contractual components that the CCSP should review and understand fully when contracting with a CSP? - RIGHT ANSWER -Use of subcontractors Scope of processing Which of the following are essential characteristics of cloud computing? - RIGHT ANSWER -Broad network access Which of the following are objectives of release and deployment management? - RIGHT ANSWER -Ensure knowledge transfer. Ensure the integrity of release packages. Manage stakeholders. Which of the following are storage types used with an IaaS solution? - RIGHT ANSWER -Volume and object Which of the following are the challenges associated with key management? - RIGHT ANSWER -Backup and replication Key storage Access to the keys Which of the following are the data classification categories? - RIGHT ANSWER -Ownership Obligation for retention and preservation Data type Which of the following cloud deployment models may exist on or off premises? - RIGHT ANSWER -Community Private Hybrid Which of the following cloud services provides a key benefit for the developers that the services required by them can be obtained from diverse sources nationally or internationally? - RIGHT ANSWER -PaaS Which of the following frameworks are associated with risk? - RIGHT ANSWER -NIST ENISA ISO 31000:2009 Which of the following gives an overview of various existing certification schemes? - RIGHT ANSWER -CCSL Which of the following guidelines covers eDiscovery? - RIGHT ANSWER -ISO/IEC 27050 Which of the following is a group of devices connected to a network that provides storage space to users? - RIGHT ANSWER -SAN Which of the following is a specification constructed for making the management of applications easy in terms of a PaaS (Platform as a Service) system? - RIGHT ANSWER -CAMP Which of the following is example of threat modeling? - RIGHT ANSWER -STRIDE Which of the following is strongly encouraged for managing access of the directory administrators? - RIGHT ANSWER -PIM Which of the following methods for the safe disposal of electronic records can always be used within a cloud environment? - RIGHT ANSWER -Overwriting Encryption Which of the following metrics is not an example of quality of service (QoS) issues? - RIGHT ANSWER -Contract Which of the following provides an organization with a static point of reference from which to begin work in defining its strategic goals and objectives regarding risk remediation and control implementation? - RIGHT ANSWER -Gap analysis Which of the following provides privacy protections for certain electronic communication and computing services from unauthorized access or interception? - RIGHT ANSWER -SCA Which of the following publishes the most commonly used standards for data center tiers and topologies? - RIGHT ANSWER -Uptime Institute Which of the following should be carried out first when seeking to perform a gap analysis? - RIGHT ANSWER -Obtain management support. Which of the following should be redundant in a data center? Choose all that apply. - RIGHT ANSWER -Inside Power Supply Cooling Power Distribution Outside Power Supply Which of the following software configuration management tools integrates during building, deploying, and managing infrastructure? - RIGHT ANSWER -Chef Which of the following standards sets out terms and definitions, principles, a framework, and a process for managing risk? - RIGHT ANSWER -ISO 31000:2009 Which of the following statements are true of the archive phase? - RIGHT ANSWER -It provides better key management in cryptography. It helps in planning security controls for the data. Which of the following storage requires a greater amount of administration and entail the installation of an operating system to store, sort, and retrieve the data? - RIGHT ANSWER -Block Which of the following vulnerabilities occurs when an application allows untrusted data to be sent to a web browser without proper validation or escaping? - RIGHT ANSWER -Cross-site scripting Which of the following would be covered by an external audit and not by an internal audit? - RIGHT ANSWER - Which SOC 2 report would be run to determine if security controls are suitable based on design and intent. - RIGHT ANSWER -Type 1 Reports Which standard outlines domains which establish frameworks for risk assessment? - RIGHT ANSWER -ISOIEC 27001:2013 Which term is defined as a percentage measurement of how much computing power is necessary on the basis of the required percentage of the production system during a disaster? - RIGHT ANSWER -RSL Which testing technique is performed to demonstrate the efficacy of the plan and procedures? - RIGHT ANSWER -Failover Which type of storage with IaaS will be maintained by the cloud provider and referenced with a key value? - RIGHT ANSWER -Object Which UI standard Tier will work perfectly without any downtime of critical operations even after the loss of any single system, component, or distribution element? - RIGHT ANSWER -Tier 4 Who among the following adds and extends value to the cloud-based services for customers? - RIGHT ANSWER -Cloud services brokerage With whom does a service provider dictate both the technology and the operational procedures being made available to the cloud consumer? - RIGHT ANSWER -Cloud service provider You are a service provider who provides cloud-services and resources to a person using and subscribing them. There is an official commitment (i.e., service-level agreement) between the service provider and the user. Who verifies this official commitment? - RIGHT ANSWER -Cloud service auditor You work as an application developer at XYZ Inc. The company has to use the right type of cloud service to provide you with a complete packaged solution. Which cloud service will the company use? - RIGHT ANSWER -SaaS