WGU - Managing Cloud Security - D320

WGU - Managing Cloud Security - D320 Leave the first rating Students also studied Terms in this set (133) Science Computer Science Computer Security and Reliability Save

WGU D320/CCSP

133 terms laterskaterssPreview D320 80 Question Version (JYO2) 214 terms ashecrimson1 Preview Penetration Testing and Vulnerabilit...Teacher 251 terms ewatuka0Preview

D320 (C

105 term wgu Who is ultimately legally liable for any loss of data even in the case of negligence or malice?Cloud Customers are legally responsible for what?This is considered an asset?Data is considered what?What are the phases of the Data Life Cycle?What process do these ordered steps constitute?

• Create
• Store
• Use
• Share
• Archive
• Destroy

Who is responsible for data Categorization and Classification during the Creation Phase?What is the primary responsibility of the Data Owner What is the preferred upload method to the Cloud during the Store Phase?What are IPSec and TLS 1.2 (or higher version) VPNs used for?What is the recommended "Don't" of crypto key storage? Do not store crypto keys with the cloud provider whether or not the cloud customer chooses to use a CASB.What do Regulators do?Who arranges Cloud Services?What is the role of Transference in addressing risks? What is one of the main methods of addressing risks?what does Critique fall under for copyrighted material? What is the "fair-use" exception for copyrighted material?

What is Anonymization in terms of cloud storage? What is the technique used to obscure data stored in the cloud?What 3 risks are associated with IaaS (Infrastructure as a Service)?What Cloud Service Model is associated with the following risks?

• Personnel Threats
• External Threats
• Lack of Specific Skillsets

What 4 risks are associated with PaaS (Platform as a Service)?What Cloud Service Model is associated with the following risks?

• Interoperability Issues
• Persistent Backdoors
• Virtualization
• Resource Sharing

What 3 risks are associated with SaaS (Software as a Service)?What Cloud Service Model is associated with the following risks?

• Proprietary Formats
• Virtualization
• Web Application Security

What kind of concern do New Dependencies introduce? What is a potential emergent business impact analysis (BIA) Concern?What are the three kinds of Audits?What are these forms of?

• Internal
• External
• Audit Preparation

Who performs Internal Audits?What kind of audit is performed by employees of the organization?Who performs External Audits?What kind of audit is performed by individuals outside of the organization?What is Audit Preparation?What discusses and negotiates parameters of an audit prior to its start?What are the type of SOC Reports?What are the following items types of?

1. SOC 1

2. SOC 2

3. SOC 3

What is the SOC 1 Report used for?What report type is strictly for auditing the financial reporting instruments of a corporation?What is the SOC 2 Report used for?Whis report type is intended to report audits of any controls on an organization's security, availability, processing integrity, confidentiality, and privacy? It includes two sub-types.What is SOC 2 Type 1?What report reviews the design of controls, not how they are implemented or maintained?

What is SOC 2 Type 2?What report is used for getting a true Assessment of an organization's security posture?What is the SOC 3 report used for?What report type is designed to be shared with the public and offers a seal of approval?It does not contain any actual data about the security controls of the audit target.What is the Secure Logical Framework a part of? What is a part of the Operating Requirements?What should be done to Data when it is at rest? What should be encrypted when at rest?What method was created by Microsoft to describe threats by their attributes?What is the STRIDE Method?

• Spoofing
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Privilege

What is the Industry Standard for uptime?What is the 5 9's 99.9999%?Tiers according to the Uptime Institue (UI)?What does these items form?

• Tier 1
• Tier 2
• Tier 3
• Tier 4

What is required by UI Tier 1?What requires these items?

1. UPS

• Sufficient Cooling
• Power Generator w. minimum 12 hrs of fuel

* WILL CAUSE DOWNTIME

What is required by UI Tier 2?What requires these conditions?

• Critical operations do not have to be interrupted for scheduled replacement or

downtime.

* MAY CAUSE DOWNTIME.

What is required by UI Tier 3?What requires these items?

• Dual Power Supplies for ALL IT systems.
• Can continue with a single component or power element.

What is required by UI Tier 4?What requires redundancy of both IT and electrical systems?

What category is Initial Training in?What is a part of the Security Training delivery category?What is the Electronic Communications Privacy Act

(ECPA)?

What law establishes protections for electronic communications, such as emails, phone calls, and stored data, against unauthorized access, while allowing certain exceptions for law enforcement and government agencies.What is the Graham-Leach-Bliley Act (GLBA)?What law allows banks to merge and own insurance companies?What is the Sarbanes-Oxley Act (SOX)?What law increases transparency into publicly traded corporations' financial activities?What is HIPPA (1996)?What law protects patient records and data (ePHI)?What is FERPA?What law prevents academic institutions from sharing student data with exceptions for students and parents?What is DMCA?What protects owned data on the internet?What is the CLOUD Act?What law allows US law enforcement and courts to compel American companies to disclose data stored in foreign data centers?What is the FedRAMP?What is a US Federal program that mandates a standardized approach to security assessments, authorization, and continuous monitoring of cloud products and services?What is the EU General Data Protection Regulation

(GDPR)?

What is the most significant, powerful personal privacy law in the world and describes the appropriate handling of personal private information of all EU citizens?What are the seven principles of the GDPR?What do these several principles for the core of?

• Notice
• Choice
• Purpose
• Access
• Integrity
• Security
• Enforcement

What is Canada's Personal Information Protection and Electronic Document Act (PIPEDA)?What law governs how private-sector organizations collect, use, and disclose personal information in the course of commercial activities, ensuring individuals' data is protected and giving them control over their information in Canada?What is the Asia-Pacific Economic Cooperation (APEC) Privacy Framework?What is a regional guideline designed to harmonize data privacy standards across Asia-Pacific economies, promoting the protection of personal information while supporting trade and economic growth?What does ISO 31000:2018 focus on?What standard focuses on design, implementation, and management?