D320 80 Question Version (JYO2)

D320 80 Question Version (JYO2) Leave the first rating Students also studied Terms in this set (214) Western Governors UniversityD 320 Save WGU Course C838 - Managing Clou...1,037 terms WieldyStone2 Preview

WGU D320/CCSP

133 terms laterskaterssPreview D320 - Managing Cloud Security 701 terms SpaceChimpanzee Preview

D320 (C

105 term wgu Business Impact Analysis (BIA)A process that assesses and identifies the potential effects of disruptions to a business operation.SPOFA component or system that, if it fails, will cause the entire system to fail.QuantitativeRisk assessment that uses specific numerical values QualitativeRisk assessment that uses non-numerical categories that are relative in nature, such as high, medium, and low.Risk appetitelevel, amount, or type of risk that the organization finds acceptable Residual riskThe remaining risk that exists after countermeasures have been applied.IaaSService model where cloud customer has the most responsibility and authority.Cloud provider is only liable for the underlying hardware.PaaSService model where cloud customer loses more control because the cloud provider is responsible for installing, maintaining, and administering the OS as well as underlying hardware.

SaaSService model where cloud customer loses all control of the environment. Cloud provider is responsible for all of the underlying hardware and software.Homomorphic encryptionA method of processing data in the cloud while it remains encrypted.Defense in depthA security strategy that involves implementing multiple overlapping layers of security measures to protect an environment.Data ownerOrganization that has collected or created the data.Data CustodianPerson or entity that is tasked with the daily maintenance and administration of the data.Data ProcessorAny org or person who manipulates, stores, or moves the data on behalf of the data owner Data discoveryThe process of creating an inventory or conducting e-discovery to identify and locate data.Label-based discoveryA data discovery method that is aided by labels created by the data owner.Metadata-based discoveryA data discovery method that involves discovering data using metadata traits and characteristics.Content-based discoveryRefers to finding information or resources based on their characteristics, attributes, or content rather than relying on predefined keywords or categories.Structured dataData that is organized and formatted in a way that is easily searchable and can be processed by computers.Unstructured dataqualitative data; natural-language text; incorporate media (audio, video, images); contains JSON, XML, binary objects (images encoded as text strings); important for data analytic strategies; noSQL IRM (Information Rights Management)A set of controls and technologies used to protect certain types of assets, such as intellectual property or sensitive information.CopyrightLegal protection for expressions of ideas, such as literary, artistic, or musical works.DMCA (Digital Millennium Copyright Act)Legislation that provides additional protections for creative works in digital formats.TrademarksLegal protection for specific words, phrases, symbols, or designs that distinguish a product or service.

PatentA grant of exclusivity that gives the holder the right to produce, sell, and import an invention.PKI (Public Key Infrastructure)A framework for secure communication using cryptographic techniques, such as digital certificates and public-private key pairs.File-based storageA method of storing data as files and folders, similar to how data is organized on a traditional file system.Block storageAllocates a large chunk of storage for access as a disk volume managed by the operating system.Object storageStores files as individual objects managed by the cloud service provider.CDN (Content Delivery Network)A system that caches commonly requested content in geographically distributed servers to improve performance and reduce latency.Transparent encryptionA form of encryption where the encryption key is stored on the same data store.RandomizationThe process of replacing data with random characters to make it less predictable and harder to decipher.HashingThe process of creating a unique fixed-size string, called a hash, from an input data using a cryptographic function.ShufflingA technique that involves using different entries from the same dataset to represent data, making it harder to identify specific data points.MaskingA method of hiding sensitive data by replacing it with useless characters or symbols.SIEM (Security Information and Event Management) A tool or system that allows for the monitoring, analysis, and management of security events and information within an organization.DLP (Data Loss Prevention)A set of tools and processes designed to protect sensitive information from unauthorized access, sharing, or loss. It helps organizations prevent the accidental or intentional leakage of confidential data.Private CloudA distributed computing environment that is dedicated to a single customer or organization.Community CloudA cloud computing model where resources are shared among a specific affinity group or community.PortabilityThe ease or difficulty of transferring data out of a cloud provider's data center to another environment or provider.Vendor Lock-InA situation where a cloud provider uses proprietary data formats or mediums, making it difficult for a customer to switch to another provider.

Vendor Lock-OutThe inability to access and recover data due to issues or disputes with a cloud provider.Hybrid CloudA cloud computing model that combines two or more other cloud models, such as private, public, or community clouds.HoneypotA security tool or system that is used to distract and analyze potential attacks, allowing organizations to gather information about attackers and their methods.Vulnerability AssessmentThe process of scanning a network or system to identify known vulnerabilities and weaknesses.Zero-Day VulnerabilityA vulnerability that is unknown to the software vendor or developer, and for which no patch or fix has been released.ISO/IEC 27034-1ISO Standard for secure application development.Organization Normative Framework (ONF)A framework that defines application security controls and best practices.Application Normative Frameworks (ANF)Subset of the Organization Normative Framework (ONF) that focuses on specific applications.Transport Layer Security (TLS)A protocol that provides secure communication between applications over a network, ensuring the confidentiality and integrity of data.Secure Socket Layer (SSL)A cryptographic protocol that is used to encrypt data transmissions between endpoints, such as a web browser and a web server.Whole-Disk EncryptionThe process of encrypting the entire disk or storage volume, ensuring that all data stored on it remains encrypted.Volume EncryptionThe process of encrypting a specific partition or volume on a hard drive, providing protection for the data stored on that partition.Cross-Site Scripting (XSS)A type of application vulnerability that allows untrusted data to be included in web pages without proper validation, potentially leading to malicious code execution.InjectionA type of attack where a malicious user injects a string or code into an application to manipulate its behavior or gain unauthorized access.Cross-Site Request Forgery (CSRF)An attack that manipulates a logged-on user's browser to send a forged HTTP request along with cookies to generate a request that a vulnerable application thinks is legitimate.White-Box Testing (SAST)a form of application testing that provides the tester with complete knowledge of the application being tested, including access to source code and design documents.