WGU C838 ALL VERSIONS MANAGING CLOUD SECURITY EXAM RATED
WITH VERIFIED 1000+ qs and Ans
Which of the following best describes data masking?
A A
... [Show More] method where the last few numbers in a dataset are not obscured. These are
often used for authentication.
B A method for creating similar but inauthentic datasets used for software testing
and user training.
C A method used to protect prying eyes from data such as social security numbers
and credit card data.
D Data masking involves stripping out all similar digits in a string of numbers so as
to obscure the original number.
Database activity monitoring (DAM) can be:
A Used in the place of encryption
B Used in place of data masking
C Host-based or network-based
D Server-based or client-based
SOAP is a protocol specification providing for the exchange of structured
information or data in web services. Which of the following is not true of SOAP?
A Works over numerous protocols
B Standards-based
C Reliant on XML
D Extremely fast
Dynamic application security testing (DAST) is best described as which of the
following?
A Masking
B Test performed on an application or software product while being consumed by
cloud customers
C Test performed on an application or software product while it is being executed
in memory in an operating system
D Test performed on an application or software product while it is using real data
in production
Which of the following best describes SAML?
A A standard for exchanging usernames and passwords across devices
B A standard for exchanging authentication and authorization data between
security domains
C A standard for developing secure application management logistics
D A standard used for directory synchronization
Web application firewalls (WAFs) are designed primarily to protect applications
from common attacks like
A Syn floods
B Password cracking
C XSS and SQL injection
D Ransomware
The application normative framework is best described as which of the following?
A A superset of the ONF
B The complete ONF
C A stand-alone framework for storing security practices for the ONF
D A subset of the ONF
In a federated identity arrangement using a trusted third-party model, who is the
identity provider and who is the relying party?
A A contracted third party/the various member organizations of the federation
B Each member organization/each member organization
C Each member organization/a trusted third party
D The users of the various organizations within the federation/a CASB
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?
A Provides an overview of network and infrastructure security designed to secure
cloud applications
B Serves as a newer replacement for NIST 800-53 r4
C Provides an overview of application security that introduces definitive concepts,
principles, and processes involved in application security
D Describes international privacy standards for cloud computing
Which of the following best describes the Organizational Normative Framework
(ONF)?
A A set of application security, and best practices, catalogued and leveraged by
the organization
B A framework of containers for all components of application security, best
practices, catalogued and leveraged by the organization
C A container for components of an application's security, best practices,
catalogued and leveraged by the organization
D A framework of containers for some of the components of application security,
best practices, catalogued and leveraged by the organization
Which of the following best describes SAST?
A set of technologies that analyze application bit code, and binaries for coding
and design problems that would indicate a security problem or vulnerability
B A set of technologies that analyze application source code, and bit code for
coding and design problems that would indicate a security problem or
vulnerability
C A set of technologies that analyze application source code for coding and design
problems that would indicate a security problem or vulnerability
D A set of technologies that analyze application source code, byte code, and
binaries for coding and design problems that would indicate a security problem or
vulnerability
Which of the following is not one of the SDLC phases?
A Design
B Test
C Define
D Reject
Sandboxing provides which of the following?
A A testing environment that prevents isolated code from running in a
nonproduction environment.
B A test environment that isolates untrusted code changes for testing in a
production environment.
C A test environment that isolates untrusted code changes for testing in a
nonproduction environment.
D A testing environment where new and experimental code can be tested in a
nonproduction environment.
Which of the following best describes a sandbox?
A An isolated space where untested code and experimentation can safely occur
separate from the production environment
B An isolated space where transactions are protected from malicious software
C A space where you can safely execute malicious code to see what it does
D An isolated space where untested code and experimentation can safely occur
within the production environment
Which of the following best represents the definition of REST?
A Built on protocol standards
B Lightweight and scalable
C Relies heavily on XML
D Only supports XML output
Which of the following best describes data masking?
A Data masking is used in place of production data.
B Data masking is used in place of encryption for better performance.
C Data masking is used to hide PII.
D Data masking is used to create a similar, inauthentic dataset used for training
and software testing.
APIs are defined as which of the following?
A A set of routines and tools for building software applications to access webbased software applications
B A set of protocols, and tools for building software applications to access a webbased software application or tool
C A set of standards for building software applications to access a web-based
software application or tool
D A set of routines, standards, protocols, and tools for building software
applications to access a web-based software application or tool
Identity and access management (IAM) is a security discipline that ensures which
of the following?
A That the right individual gets access to the right resources at the right time for
the right reasons
B That all users are properly authorized
C That unauthorized users will get access to the right resources at the right time
for the right reasons
D That all users are properly authenticated [Show Less]