WGU D320/CCSP 10

WGU D320/CCSP

10 studiers today Leave the first rating Students also studied Terms in this set (133) Western Governors UniversityD 320 Save WGU Course C838 - Managing Clou...1,037 terms WieldyStone2 Preview D320 - Managing Cloud Security 701 terms SpaceChimpanzee Preview CompTIA PenTest+ (PT0-003) Full C...170 terms Jaivir_BawejaPreview

D320 (C

105 term wgu The management plane is use to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors.What does the management plane typically leverage for this orchestration?

• APIs
• Scripts

C. TLS

D. XML

The management plane uses APIs to execute remote calls across the cloud environment to various management systems, especially hypervisors. This allows a centralized administrative interface, often a web portal, to orchestrate tasks throughout an enterprise. Scripts may be utilized to execute API calls, but they are not used directly to interact with systems. XML is used for data encoding and transmission, but not for executing remote calls. TLS is used to encrypt communications and may be used with API calls, but it is not the actual process for executing commands.When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?

• Contractual
• Jurisdictional
• Regulated
• Legal

Regulated PII pertains to data that is outlined in law and regulations. Violations of the requirements for the protection of regulated PII can carry legal sanctions or penalties. Contractual PII involves required data protection that is determined by the actual service contract between the cloud provider and cloud customer, rather than outlined by law. Violations of the provisions of contractual PII carry potential financial or contractual implications, but not legal sanctions. Legal and jurisdictional are similar terms to regulated, but neither is the official term used.

Although the united states does not have a single, comprehensive privacy and regulatory framework, a number of specific regulations pertain to types of data or populations.Which of the following is NOT a regulatory system from the United States federal government?

A. HIPAA

B. SOX

C. FISMA

D. PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry-regulatory standard, not a governmental one. The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and reporting, as well as transparency requirements for shareholders and other stakeholders. The Health Insurance and Portability Act (HIPAA) was passed in 1996 and pertains to data privacy and security for medical records. FISMA refers to the Federal Information Security Management Act of 2002 and pertains to the protection of all US federal government IT systems, with the exception of national security systems.The president of your company has tsked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.Which of the cloud deployment models would you MOST likely be exploring?

• Hybrid
• Private
• Community
• Public

A hybrid cloud model spans two more different hosting configurations or cloud providers. This would enable an organization to continue using its current hosting configuration, while adding additional cloud services to enable disaster recovery capabilities. The other cloud deployment models--public, private, and community--would not be applicable for seeking a disaster recovery configuration where cloud services are to be leveraged for that purpose rather than production service hosting.If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

• Multitenancy
• Broad network access
• Portability
• Elasticity

Multitenancy is the aspect of cloud computing that involves having multiple customers and applications running within the same system and sharing the same resources. Although considerable mechanisms are in place to ensure isolation and separation, the data and applications are ultimately using shared resources. Broad network access refers to the ability to access cloud services from any location or client. Portability refers to the ability to easily move cloud services between different cloud providers, whereas elasticity refers to the capabilities of a cloud environment to add or remove services, as needed, to meet current demand.The REST API is a widely used standard for communications of web-based services between clients and the servers hosting them.Which protocol does the REST API depend on?

A. HTTP

B. SSH

C. SAML

D. XML

Representational State Transfer (REST) is a software architectural scheme that applies the components, connectors, and data conduits for many web applications used on the Internet. It uses and relies on the HTTP protocol and supports a variety of data formats. Extensible Markup Language (XML) and Security Assertion Markup Language (SAML) are both standards for exchanging encoded data between two parties, with XML being for more general use and SAML focused on authentication and authorization data. Secure Shell client (SSH) is a secure method for allowing remote login to systems over a network.Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?

• Modify data
• Modify metadata
• New data
• Import data

Modifying the metadata does not change the actual data. Although this initial phase is called "create", it can also refer to modification. In essence, any time data is considered "new", it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and is modified into a new form or value.

Most APIs will support a variety of different data formats or structures.However, the SOAP API will only support which one of the following data formats?

A. XML

B. XSLT

C. JSON

D. SAML

The Simple Object Access Protocol (SOAP) protocol only supports the Extensible Markup Language (XML) data format. Although the other options are all data formats or data structures, they are not supported by SOAP Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

• Structured
• Unstructured
• Volume
• Object

Object storage is typically used to house virtual machine images because it is independent from other systems and is focused solely on storage. It is also the most appropriate for handling large individual files. Volume storage, because it is allocated to a specific host, would not be appropriate for the storing of virtual images. Structured and unstructured are storage types specific to PaaS and would not be used for storing items used throughout a cloud environment.With an API, various features and optimizations are highly desirable to scalability, reliability, and security.What does the REST API support that the SOAP API does NOT support?

• Acceleration
• Caching
• Redundancy
• Encryption

The Simple Object Access Protocol (SOAP) does not support caching, whereas the Representational State Transfer (REST) API does. The other options are all capabilities that are either not supported by SOAP or not supported by any API and must be provided by external features.Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.Which concept encapsulates this?

• Validity
• Integrity
• Accessibility
• Confidentiality

Integrity refers to the trustworthiness of data and whether its format and values are true and have not been corrupted or otherwise altered through unauthorized means. Confidentiality refers to keeping data from being accessed or viewed by unauthorized parties. Accessibility means that data is available and ready when needed by a user or service. Validity can mean a variety of things that are somewhat similar to integrity, but it's not the most appropriate answer in this case.Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery.Which of the following are the three components that comprise required disclosure?

• Possession, ownership, control
• Ownership, use, creation
• Control, custody, use
• Possession, custody, control

Data that falls under the pruview of an eDiscovery requres is that which is in the possession, custody, or control of the organization. Although this is an easy concept in traditional data center, it can be difficult to distinguish who acctually possesses and controls the data in a cloud environment due to multitenancy and resource pooling controls the data in a cloud environment due to multitenancy and resource pooling. Although these options provide similar-sounding terms, they are ultimately incorrect.

Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?

• Cross-site scripting
• Missing function-level access control
• Injection
• Cross-site forgery

An injection attack is where a malicious actor will send commands or other arbitrary data through input and data fields with intent of having the application or system execute the code as part of its normal processing and queries. This can trick an application into exposing data that is not intended or authorized to be exposed, or it could potentially allow an attacker to gain insight into configurations or security controls. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes.With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?

• Structured and hierarchical
• Volume and object
• Volume and database
• Structured and unstructured

The question is describing the Infrastructure as a Service (IaaS) cloud offering, and as such, the volume and object storage types will be available to the customer. Structured and unstructured are storage types associated with PaaS, and although the other answers present similar-sounding storage types, they are a mix of real and fake names.Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?

• Inter-cloud provider
• Cloud service business manager
• Cloud service administrator
• Cloud service integrator

The inter-cloud provider is responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services. A cloud service administrator is responsible for testing, monitoring, and securing cloud services, as well as providing usage reporting and dealing with service problems. The cloud service integrator is responsible for connecting existing systems and services with a cloud. The cloud service business manager is responsible for overseeing the billing, auditing, and purchasing of cloud services.Which data state would be most likely to use TLS as a protection mechanism ?

• Data in use
• Data at rest
• Archived
• Data in transit

TLS would be used with data in transit, when packets are exchanged between clients or services and sent across a network. During the data-in-use state, the data is already protected via a technology such as TLS as it is exchanged over the network and then relies on other technologies such as digital signatures for protection while being used. The data-at-rest state primarily uses encryption for stored file objects. Archived data would be the same as data at rest.You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.Which of the following would be most appropriate action to take first?

• Take a snapshot of the virtual machines
• Escrow the encryption keys
• Copy the data
• Notify the customer

When a cloud service provider receives an eDiscovery order pertaining to one of their customers, the first action they must take is to notify the customer. This allows the customer to be aware of what was received, as well as to conduct a review to determine if any challenges are necessary or warranted. Taking snapshots of virtual machines, copying data, and escrowing encryption keys are all processes involved in the actual collection of data and should not be performed until the customer has been notified of the request.