Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Managing Cloud Security – C838 > WGU Exam A > Flashcards

WGU Exam A Flashcards

1
Q

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

A

On-demand self-service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (such as mobile phones, tablets, laptops, and workstations).

A

Broad network access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The provider’s computing resources are pooled to serve multiple consumers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (such as country, state, or data center). Examples of resources include storage, processing, memory, and network bandwidth.

A

Resource pooling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

A

Rapid elasticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (such as storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and the consumer of the utilized service.

A

Measured service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Is a specification constructed for making the management of applications easy in terms of a PaaS (Platform as a Service) system.

A

CAMP (cloud application management for platforms)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Are examples of regulatory compliance.

A

HIPAA, SOX, and PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on- or off-premises

A

Private cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on- or off-premises.

A

Community cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the CSP.

A

Public cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)

A

Hybrid cloud:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Is responsible for provisioning, managing, and delivering cloud services.

A

The cloud service manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is a drawback of cloud computing in which a customer depends on a vendor for products and services due to technical or nontechnical constraints.

A

Vendor lock-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is a method to sterilize a device by erasing and overwriting the data it contains.

A

Cryptographic erasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is a technique to replace the old data with new data on the cloud.

A

Data overwriting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Represents the ability of a cloud services data center and its correlated components to continue operating in the event of a natural disaster.

A

Resiliency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Is a commitment between a service provider and a client. Particular aspects of the service, such as quality, availability, and responsibilities are agreed between the service provider and the service user.

A

A service-level agreement (SLA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Analyzes data to determine which controls and policies to apply to it.

A

Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Requires a greater amount of administration and entail the installation of an operating system to store, sort, and retrieve the data.

A

Block storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Data is stored and displayed just as with a file structure in the legacy environment.

A

File storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Architectures allow for a significant level of description, including the marking, labels, classification and categorization specification.

Is commonly found in cloud storage deployments and is different from the common file storage technologies such as file and block modes.

A

Object-based storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The data will be arranged according to characteristics and elements in the data itself, including a specific trait required to file the data known as the primary key.

A

Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Is a form of data caching, usually near geophysical locations of high use demand, for copies of data commonly requested by users.

Is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end-users.

A

Content Delivery Network (CDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Is a type of storage under PaaS and is typically related to storage types such as databases that have defined structures and rules pertaining to how the data is organized and stored.

A

Structured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Is a type used under IaaS, it involves and resembles traditional storage, with a file system and tree structure where data can be organized and accessed in the same manner as a traditional server (by pathname and filename).

A

Volume storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Is a type of storage under PaaS that is used for handling data objects that will not fit within a structured system. This includes websites and web pages, their associated components, media files, images, or anything else that will not fit within a typical database paradigm.

A

Unstructured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Sets random values that will map to actual data.

A

Tokenization

28
Q

What are the three components of DLP?

A

Discovery and Classification, Monitoring, and Enforcement.

29
Q

What are the six steps of tokenization architecture?

A
  1. An application collects or generates a piece of sensitive data.
  2. Data is sent to the tokenization server; it is not stored locally.
  3. The tokenization server generates the token. The sensitive data and the token are stored in the token database.
  4. The tokenization server sends back the token to the application.
  5. The application stores the token instead of the original data.
  6. When the sensitive data is required, an authorized application or user requests for it.
30
Q

Are trusted third parties that hold private keys for individuals or companies. If the private key is lost, the owner can verify their identity to the key escrow and have their key restored.

A

Key Escrow

31
Q

Is among the highest risk component with respect to software vulnerabilities because these vulnerabilities can also affect tenants’ separation.

A

Management Plane Component

32
Q

Is performed to demonstrate the efficacy of the plan and procedures. It sharpens the skills of the personnel involved and allows for additional training opportunities. It is a testing technique that validates a system’s ability to be able to allocate extra resources and to move operations to back-up systems during the server failure due to one or the other reasons.

A

Failover testing

33
Q

Is a part of SDLC that involves both developers and DBAs to determine current performance and make changes to improve performances of the same.

A

Benchmark testing

34
Q

Will act as a gateway or go-between, being placed between a company’s infrastructure and the cloud service provider and provides all the availability requirements of critical company applications.

A

cloud access security broker (CASB)

35
Q

Is a report on controls at a service organization that may be relevant to a user entity’s internal control over financial reporting.

A

SOC 1

36
Q

If this characteristic is not present, it will result in the unauthorized access, viewing, or modification of tenant data. This will is by nature of a cloud deployment requires a logical design that partitions and segregates client and customer data.

A

Multitenancy

37
Q

Failure of this characteristic leads to unsecure operations on the cloud. It provides monitoring and administration of the cloud network platform to keep the whole cloud operation normal and secure.

A

Cloud management plane

38
Q

Should include security requirements and planning for requirements like authentication, data security, and technical security needs.

A

Defining Phase

39
Q

Tasks include vulnerability testing and additional code review of the completed product.

A

Testing Phase

40
Q

Involves security testing of the code, code review, and other development-centric security operations.

A

Development Phase

41
Q

Include security architecture documentation and data flow diagrams.

A

Design Phase

42
Q

Addresses the privacy aspects of cloud computing for consumers. It is the first international set of privacy controls in the cloud. Sets forth a code of practice for protection of PII in public clouds acting as PII processors.

A

ISO/IEC 27018

43
Q

What are the five key principles CSPs adopting ISO/IEC 27018 must operate under?

A
  1. Consent: CSPs must not use the personal data they receive for advertising and marketing unless expressly instructed to do so by the customers. In addition, a customer should be able to employ the service without having to consent to the use of her personal data for advertising or marketing.
  2. Control: Customers have explicit control over how CSPs are to use their information.
  3. Transparency: CSPs must inform customers about items such as where their data resides. CSPs also need to disclose to customers the use of any subcontractors who will be used to process PII.
  4. Communication: CSPs should keep clear records about any incident and their response to it, and they should notify customers.
  5. Independent and yearly audit: To remain compliant, the CSP must subject itself to yearly third-party reviews. This allows the customer to rely upon the findings to support her own regulatory obligations.
44
Q

Facilitates the exchange of data as appropriate about users and access to resources.

A

Federation

45
Q

Serves as the enforcement arm of authentication and authorization.

A

Policy management

46
Q

Compares the identity assertion against an access control list.

A

Authorization

47
Q

Establishes identity by asking who you are and determining whether you are a legitimate user.

A

Authentication

48
Q

Is an interoperable authentication protocol standard, based on the OAuth 2 specification. It allows developers to authenticate their users across websites and applications without having to manage usernames and passwords.

A

OpenID Connect

49
Q

Is a means for users from outside organizations to be verified and validated as authorized users inside or with another organization without the user having to create identities in both locations.

Is a framework for users from outside organizations to be verified and validated as authorized users inside an organization.

A

Security Assertion Markup Language (SAML)

50
Q

Is often used in authorization with mobile apps; the OAuth framework provides third-party applications limited access to HTTP services.

Is an authorization standard that allows a user or a service to access resources. It allows users to authorize access to a third-party resource without providing them with the user credentials.

A

Open Authorization (OAuth)

51
Q

Is a member of the federation that shares resources based on authenticated identities.

A

The Relying Party

52
Q

Is the act of proving something is true and correct. It is a critical component for trusted computing environments, providing an essential proof of trust ability.

A

Attestation

53
Q

Is defined in the given statement. It involves the unauthorized access of data by an individual, application, or service. These are typically geared toward logical or digital data and often conducted over the Internet or a network connection.

A

Data Breaches

54
Q

Is an application layer protocol developed by Netscape to manage the security of a message transmission on the Internet. It is used to transmit private documents via the Internet and uses a combination of the public key and symmetric encryption to provide communication privacy, authentication, and message integrity. Using the this protocol, clients and servers can communicate in a way that prevents eavesdropping and tampering of data on the Internet.

A

Secure Sockets Layer (SSL)

55
Q

Provides a standardized way of describing threats by their attributes.

A

STRIDE

56
Q

Is performed on systems where the attacker has knowledge of the systems involved.

A

SAST testing

57
Q

Is one of the most widely seen application flaws, next to injections. This occurs when an application allows untrusted data to be sent to a web browser without proper validation or escaping. This then allows the malicious user to execute code or hijack sessions in the user’s browser.

It uses the Web server to attack the client-side. This injects a code fragment from a scripting language into an input field in order to have that code executed within the browser of a user visiting a site.

A

Cross-site scripting (XSS)

58
Q

Occurs when a malicious user attempts to inject a string of some type into a field in order to manipulate the application’s actions or reveal unauthorized data. Examples include SQL, LDAP, and OS injections.

A

Injection

59
Q

Is an attack that manipulates a logged-on user’s browser to send a forged HTTP request along with cookies and other authentication information in an effort to force the victim’s browser to generate a request that a vulnerable application thinks is a legitimate request from the user.

A

Cross-site request forgery (CSRF)

60
Q

Is a common Web attack mechanism that is used by attackers to steal data from organizations. In this attack, an attacker inserts malicious code into SQL command strings for the purpose of gaining access to data contained in a database.

A

SQL injection

61
Q

Is done against a system or application in its actual runtime state, and where the testers do not have specific knowledge about the configurations or technologies employed on it.

It must discover all interfaces and paths to test, but unlike penetration testing, it does not attempt to actively exploit vulnerabilities that could cause system outages, impact to users, or damage to the system or data.

A

Dynamic application security testing (DAST)

62
Q

Is done against offline systems, where the testers have knowledge ahead of time about the application and its configuration. This can include documentation about system design and the specific technologies used, as well as access to the source code and programming libraries that the application was built upon.

A

static application security testing (SAST)

63
Q

In UI standard ______, the loss of any single system, component, or distribution element will not affect critical operations. Any single loss, event, or personnel activity will not cause downtime of critical operations.

A

Tier 4

64
Q

Is high-speed, highly redundant, and completely dedicated to interconnecting storage devices.

Is a group of devices connected to a network that provides storage space to users. Generally, the storage apportioned to the user is mounted to that user’s machine, like an empty drive. The user can then format and implement a filesystem in that space according to their preference. SANs usually use iSCSI or Fibre Channel protocols.

A

Storage Area Network (SAN)

65
Q

Files are sent over the network rather than blocks of data as in storage area networks.

A

network-attached storage (NAS)

Managing Cloud Security – C838 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions