WGU C838 Certified Cloud Security Specialist
You are the security subject matter expert (SME) for an organization considering a transition from the
... [Show More] legacy environment into a hosted cloud provider 's data center. One of the challenges you 're facing is whether the cloud provider will be able to comply with the existing legislative and contractual frameworks your organization is required to follow. This is a _________ issue.
a. Resiliency
b. Privacy
c. Performance
d. Regulatory --------- CORRECT ANSWER ----- D
76. You are the security subject matter expert (SME) for an organization considering a transition from the legacy environ ment into a hosted cloud provider 's data center. One of the challenges you 're facing is whether the cloud provider will be able to allow your organization to substantiate and determine with some assurance that all of the contract terms are being met. This is a(n) ____________ issue.
a. Regulatory
b. Privacy
c. Resiliency
d. Auditability --------- CORRECT ANSWER ----- D
77. Encryption is an essential tool for affording security to cloud-based operations. While it is possible to encrypt every system, piece of data, and transaction that takes place on the cloud, why might that not be the optimum choice for an organization?
a. K ey length variances don 't provide any actual additional security.
b. It would cause additional processing overhead and time delay.
c. It might result in vendor lockout.
d. The data subjects might be upset by this. --------- CORRECT ANSWER ----- B
78. Encryption is an essential tool for affording security to cloud-based operations. While it is possible to encrypt every system, piece of data, and transaction that takes place on the cloud, why might that not be the optimum choice for an organization?
a. It could increase the possibility of physical theft.
b. Encryption won 't work throughout the environment.
c. The protection might be disproportionate to the value of the asset(s).
d. Users will be able to see everything within the organization. --------- CORRECT ANSWER ----- C
79. Which of the following is not an element of the identification component of identity and access management (IAM)?
a. Provisioning
b. Management
c. Discretion
d. Deprovisioning --------- CORRECT ANSWER ----- C
80. Which of the following entities is most likely to play a vital role in the identity provisioning aspect of a user 's experience in an organization?
a. The accounting department
b. The human resources (HR) office
c. The maintenance team
d. The purchasing office --------- CORRECT ANSWER ----- B
81. Why is the deprovisioning element of the identification component of identity and access management (IAM) so important?
a. Extra accounts cost so much extra money.
b. Open but unassigned accounts are vulnerabilities.
c. User tracking is essential to performance.
d. Encryption has to be maintained. --------- CORRECT ANSWER ----- B
82. All of the following are reasons to perform review and maintenance actions on user accounts except ____________.
a. To determine whether the user still needs the same access
b. To determine whether the user is still with the organization
c. To determine whether the data set is still applicable to the user 's role
d. To determine whether the user is still performing well --------- CORRECT ANSWER ----- D
83. Who should be involved in review and maintenance of user accounts/access?
a. The user 's manager
b. The security manager
c. The accounting department
d. The incident response team --------- CORRECT ANSWER ----- A
84. Which of the following protocols is most applicable to the identification process aspect of identity and access management (IAM)?
a. Secure Sockets Layer (SSL)
b. Internet Protocol security (IPsec)
c. Lightweight Directory Access Protocol (LDAP)
d. Amorphous ancillary data transmission (AADT) --------- CORRECT ANSWER ----- C
85. Privileged user (administrators, managers, and so forth) accounts need to be reviewed more closely than basic user accounts. Why is this?
a. Privileged users have more encryption keys.
b. Regular users are more trustworthy.
c. There are extra controls on privileged user accounts.
d. Privileged users can cause more damage to the organization. --------- CORRECT ANSWER ----- D
86. The additional review activities that might be performed for privileged user accounts could include all of the following except _____________.
a. Deeper personnel background checks
b. Review of personal financial accounts for privileged users
c. More frequent reviews of the necessity for access
d. Pat-down checks of privileged users to deter against physical theft --------- CORRECT ANSWER ----- D
87. If personal financial account reviews are performed as an additional review control for privileged users, which of the following characteristics is least likely to be a useful indicator for review purposes?
a. Too much money in the account
b. Too little money in the account
c. The bank branch being used by the privileged user
d. Specific senders/recipients --------- CORRECT ANSWER ----- C
88. How often should the accounts of privileged users be reviewed?
a. Annually
b. Twice a year
c. Monthly
d. More often than regular user account reviews --------- CORRECT ANSWER ----- D
89. Privileged user account access should be __________.
a. Temporary
b. Pervasive
c. Thorough
d. Granular --------- CORRECT ANSWER ----- A
90. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA 's Notorious Nine list, data breaches can be ____________.
a. Overt or covert
b. International or subterranean
c. From internal or external sources
d. Voluminous or specific --------- CORRECT ANSWER ----- C
91. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, an organization that operates in the cloud environment and suffers a data breach may be required to __________.
a. Notify affected users
b. Reapply for cloud service
c. Scrub all affected physical memory
d. Change regulatory frameworks --------- CORRECT ANSWER ----- A
92. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, an organization that suffers a data breach might suffer all of the following negative effects except __________.
a. Cost of compliance with notification laws
b. Loss of public perception/goodwill
c. Loss of market share
d. Cost of detection --------- CORRECT ANSWER ----- D
93. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, in the event of a data breach, a cloud customer will likely need to comply with all the following data breach notification requirements except ____________.
a. Multiple state laws
b. Contractual notification requirements
c. All standards-based notification schemes
d. Any applicable federal regulations --------- CORRECT ANSWER ----- C
94. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, data loss can be suffered as a result of ____________ activity.
a. Malicious or inadvertent
b. Casual or explicit
c. Web-based or stand-alone
d. Managed or independent --------- CORRECT ANSWER ----- A
95. The Cloud Security Alliance (CSA) publishes, the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, all of the following activity can result in data loss except ____________.
a. Misplaced crypto keys
b. Improper policy
c. Ineffectual backup procedures
d. Accidental overwrite --------- CORRECT ANSWER ----- B
96. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, service traffic high jacking can affect all of the following portions of the CIA triad except ___________.
a. Confidentiality
b. Integrity
c. Availability
d. None. Service traffic high jacking can 't affect any portion of the CIA triad. --------- CORRECT ANSWER ----- D
97. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. The CSA recommends the prohibition of __________ in order to diminish the likelihood of account/service traffic high jacking.
a. All user activity
b. Sharing account credentials between users and services
c. Multifactor authentication
d. Interstate commerce --------- CORRECT ANSWER ----- B
98. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, which aspect of cloud computing makes it particularly susceptible to account/service traffic high jacking?
a. Scalability
b. Metered service
c. Remote access
d. Pooled resources --------- CORRECT ANSWER ----- C
99. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
a. Most of the cloud customer 's interaction with resources will be performed through APIs.
b. APIs are inherently insecure.
c. Attackers have already published vulnerabilities for all known APIs.
d. APIs are known carcinogens. --------- CORRECT ANSWER ----- A/B
100. .The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
a. Cloud customers and third parties are continually enhancing and modifying APIs.
b. APIs can have automated settings.
c. It is impossible to uninstall APIs.
d. APIs are a form of malware. --------- CORRECT ANSWER ----- A
75. Software developers should receive cloud-specific training that highlights the specific challenges involved with having a production environment that operates in the cloud. One of these challenges is ____________.
a. Lack of management oversight
b. Additional workload in creating governance for two environments (the cloud data center and client devices)
c. Increased threat of malware
d. The need for process isolation --------- CORRECT ANSWER ----- D
76. Which security technique is most preferable when creating a limited functionality for customer service personnel to review account data related to sales made to your clientele?
a. Anonymization
b. Masking
c. Encryption
d. Training --------- CORRECT ANSWER ----- B
77. At which phase of the software development life cycle (SDLC) is user involvement most crucial?
a. Define
b. Design
c. Develop
d. Test --------- CORRECT ANSWER ----- A
78. At which phase of the SDLC should security personnel first be involved?
a. Define
b. Design
c. Develop
d. Test --------- CORRECT ANSWER ----- B
79. At which phase of the SDLC is it probably most useful to involve third-party personnel?
a. Define
b. Design
c. Develop
d. Test --------- CORRECT ANSWER ----- D
80. In SDLC implementations that include a Secure Operations phase, which of the following security techniques/tools are implemented during that phase?
a. Vulnerability assessments and penetration testing
b. Performance testing and security control validation
c. Requirements fulfillment testing
d. Threat modeling and secure design review --------- CORRECT ANSWER ----- A
81. A cloud environment that lacks security controls is vulnerable to exploitation, data loss, and interruptions. Conversely, excessive use of security controls ____________.
a. Can lead to data breaches
b. Causes electromagnetic interference
c. Will affect quality of service
d. Can cause regulatory noncompliance --------- CORRECT ANSWER ----- C
82. A cloud environment that lacks security controls is vulnerable to exploitation, data loss, and interruptions. Conversely, excessive use of security controls ____________.
a. Can lead to DDoS
b. Allows malware infections
c. Increases the risk of adverse environmental effects
d. Is an unnecessary expense --------- CORRECT ANSWER ----- D
83. A cloud environment that lacks security controls is vulnerable to exploitation, data loss, and interruptions. Conversely, excessive use of security controls ____________.
a. Can lead to customer dissatisfaction
b. Is a risk to health and human safety
c. Brings down the organization 's stock price
d. Negates the need for insurance --------- CORRECT ANSWER ----- A
84. You are the security manager for an online retail sales company with 100 employees and a production environment hosted in a PaaS model with a major cloud provider. Your company policies have allowed for a bring your own device (BYOD) workforce that work equally from the company offices and their own homes or other locations. The policies also dictate which APIs can be utilized to access and manipulate company data and the process for getting an API added to the list of approved programs. You conduct an approved scan of the company data set in the cloud, with the provider 's permission. This allows you to catalog all APIs that have accessed and manipulated company data through authorized user accounts in the last month. The scan reveals that 300 different APIs were used by authorized personnel. Of these, 30 had been approved by the company and were on the list. Of the following, what is the most reasonable immediate action?
a. Delete accounts of all users who had utilized unapproved APIs to access company data.
b. Suspend access for all users who had utilized unapproved APIs to access company data.
c. Block all unapproved APIs from accessing company data.
d. Notify whomever you report to in the company hierarchy, and suggest bringing the matter to the attention of senior management immediately. --------- CORRECT ANSWER ----- D [Show Less]