WGU: Managing Cloud Security

WGU: Managing Cloud Security

Leave the first rating Students also studied Terms in this set (125) Science Computer Science Computer Security and Reliability Save WGU Course C838 - Managing Clou...1,037 terms WieldyStone2 Preview D320 - Managing Cloud Security 701 terms SpaceChimpanzee Preview C838 ISO/IEC and NIST Standards 45 terms Jeff_KimuraPreview D320 29 terms Clif Practice questions for this set Learn1 / 7Study using Learn Occurs in a situation where a customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints.Infrastructure as a Service (IaaS)Allows the customer to install all software, including operating systems (OSs) on hardware housed and connected by the cloud vendor.Platform as a Service (PaaS)Contains everything included in IaaS, with the addition of OSs. This model is especially useful for software development operations (DevOps).Choose an answer 1Vendor lock-out2Both are very specific to it 3Vendor lock-in4Database Don't know?

Software as a Service (SaaS)Includes everything listed in the previous Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) models, with the addition of software programs.EncryptionOffers a degree of assurance that nobody without authorization will be able to access your data in a meaningful way.Cloud Service Provider (CSP)Provides administrative assistance for the customer and the customer's data and processing needs. Examples include Amazon Web Services, Rackspace, and Microsoft's Azure.VirtualizationA process of creating a virtual version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources.Vendor lock-inOccurs in a situation where a customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints.Cloud providerA service provider that offers customer storage or software solutions available via a public network, usually the Internet.Cloud portabilityThe ability to move applications and associated data between one cloud provider and another, or between legacy and cloud environments.Cloud Access Security Broker (CASB)A third-party entity offering independent identity and access management (IAM) services to CSPs and cloud customers, often as an intermediary.We use what to determine the critical paths, processes, and assets of an organization?BIA (The business impact analysis is designed to ascertain the value of the organization's assets, and learn the critical paths and processes.) If a cloud customer wants a bare-bones environment in which to replicate their own enterprise for BC/DR purposes, which cloud service model would probably be best?IaaS - IaaS offers what is basically a hot/warm DR site, with hardware, connectivity, and utilities, allowing the customer to build out any kind of software configuration (including choosing OSs).If a service or solution does not meet all of the specified key characteristics listed below, it is said to be not true cloud computing. Please select the valid cloud computing characteristics out of the terms identified below.

Here are the characteristics of cloud computing:

Broad network access Resource pooling Measured service On demand self-service Rapid expansion The risk that a cloud provider might go out of business and the cloud customer might not be able to recover

data is known as:

Vendor lock-out Cloud Access Security Brokers (CASBs) might offer all the

following services except:

BC/DR/COOP (CASBs don't usually offer BC/DR/COOP services; that's something offered by cloud providers.) MitigationA process of taking steps to decrease the likelihood or the impact of the risk.

TransferenceA risk management strategy that involves the contractual shifting of a risk from one organization to another.Layered defensesThe practice of having multiple overlapping means of securing the environment with a variety of methods.Risk appetiteRefers to the level, amount, or type of risk that the organization finds acceptable.AvoidanceEliminating the risk that is simply too high and cannot be compensated for with adequate control mechanism.IaaS boundariesThe cloud provider creates and administers the hardware assets on which the customer's programs and data will ride.PaaS boundariesThe cloud provider is responsible for installing, maintaining, and administering the OS.In which cloud service model is the customer required to maintain and update only the applications?PaaS (In PaaS, the provider supplies the hardware, connectivity, and OS; the customer installs and maintains applications. In IaaS, the customer must also install the OS, and in SaaS, the provider supplies and maintains the applications.) In which cloud service model is the customer only responsible for the data?SaaS The cloud customer and provider negotiate their respective responsibilities and rights regarding the capabilities and data of the cloud service. Where is the eventual agreement codified?Contract Which of the following is considered a physical control? Fence (Fences are physical controls; carpets and ceilings are architectural features, and a door is not necessarily a control: the lock on the door would be a physical security control. Although you might think of a door as a potential answer, the best answer is the fence; the exam will have questions where more than one answer is correct, and the answer that will score you points is the one that is most correct.) What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first?Homomorphic encryption JurisdictionThe geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled.PatentThe legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life.Data auditA powerful tool to regularly review, inventory, and inspect usage and condition of the information that an organization owns.

CryptoshreddingInvolves encrypting the data with a strong encryption engine, and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the keys.Retention periodDefines how long the data should be kept by an organization and is often expressed in a number of years.Retention formatA policy that contains a description of how the data is actually archived, that is, what type of media it is stored on.Data classificationRefers to the responsibility of the data owner which takes place in the Create phase and is assigned according to an overall organizational motif based on a specific characteristic of the given dataset.DataminingRefers to a kind of data analysis which is an outgrowth of the possibilities offered by the regular use of the cloud, also known as "big data." CopyrightThe legal protection for expressions of ideas is known as "copyright" and it doesn't include ideas, specific words, slogans, recipes, or formulae.TrademarkProtects the esteem and goodwill that an organization has built among the marketplace, especially in public perception.DegaussingInvolves applying strong magnetic fields to the hardware and media where the data resides, effectively making them blank.What is the federal agency that accepts applications for new patents?

USPTO Object-based storageAllows a significant level of description, including the marking, labels, classification and categorization; it also enhances the opportunity for indexing capabilities.DatabaseProvides some sort of structure for stored data; it is backend storage in the datacenter, accessed by users utilizing online apps.RandomizationA technique which allows the replacement of the data with random characters, leaving the other traits intact such as length of the string and character set.Homomorphic encryptionA developing technology that is intended to allow for processing of encrypted material without decrypting it first.ShufflingA technique which uses different entries from within the same data set to represent the data.MaskingA technique that hides the data with useless characters, e.g., showing only the last four digits of a social security number.Key recoveryEntails a procedure that involves multiple people, each with access to only a portion of the key.