C838- MANAGING CLOUD
SECURITY(WGU) COMPLETE
QUESTIONS AND CORRECT
ANSWERS ||A+ GRADED
1. Assets can be what? - ANSWER ✅Tangible
Intangible
Personnel
2. What is white box testing? - ANSWER ✅The tester is using
knowledge of the program's internals.
3. What is black box testing? - ANSWER ✅The tester is testing
without knowledge of the internals.
4. What are 4 cloud application assurance and validation
methods? - ANSWER ✅Approved APIs
Secure code reviews
runtime application self-protection
securing open source software
5. What allows applications to consume web services from the
application, to expand its capabilities? - ANSWER ✅approved
APIs
6. What identifies and mitigates codes in an application that has
exposed a potential vulnerability? - ANSWER ✅secure code
reviews
1
, 7. What protects itself without human intervention and assists in
the prevention of successful attack? - ANSWER ✅runtime
application self-protection
8. What allows users to make modifications that they choose in
order to add or enhance the functionality? - ANSWER ✅securing
open source software
9. What cloud model removes and reduces the authority and
execution of security controls in the environment - ANSWER
✅deployment model
10. What is SAML - ANSWER ✅A standard for exchanging
authentication and authorization data between security domains
11. What is the most widely used federation standard? - ANSWER
✅Security Assertion Markup Language(SAML)
12. What is an API? - ANSWER ✅A set of routines, standards,
protocols, and tools for building software applications to access a
web-based software application or tool
13. What is SAST? - ANSWER ✅A set of technologies that
analyze application source code, byte code, and binaries for coding
and design problems that would indicate a security problem or
vulnerability
14. What is ONF? - ANSWER ✅A framework of containers for
all components of application security, best practices, catalogued
and leveraged by the organization
15. What is data masking? - ANSWER ✅A method for creating
similar but inauthentic datasets used for software testing and user
2
,training.
16. What does Business Impact Analysis do? - ANSWER
✅Defines which of the assets provide the intrinsic value of an
organization.
17. What is risk appetite - ANSWER ✅Level, Amount, or Type of
risk that an org finds acceptable
18. What is the IaaS boundary? - ANSWER ✅The provider is
responsible for connectivity and power and the customer is in
charge for installation of software.
19. What is the PaaS boundary? - ANSWER ✅The provider is
responsible for updates and administration of the OS and the
customer monitors and reviews software events.
20. What is the SaaS boundary? - ANSWER ✅The provider is
responsible for system maintenance and the customer supplies and
processes data to and in the system.
21. What should encryption be used for in a cloud datacenter? -
ANSWER ✅Long-term storage/archiving
Protecting near-term stored files, such as snapshots of virtualized
instances
Preventing unauthorized access to specific datasets by authorized
personnel
22. What should encryption be used for in communications
between cloud providers and users? - ANSWER ✅Creating secure
sessions
Ensuring the integrity and confidentiality of data in transit
3
, 23. What are 4 controls/mechanisms a cloud provider should play
a role in in layered defense? - ANSWER ✅Strong personnel
controls
Technological controls
Physical controls
Governance mechanisms
24. In cloud layered defense what are examples of personnel
controls? - ANSWER ✅background checks
continual monitoring
25. What are the 4 characteristics of cloud computing? - ANSWER
✅Broad network access
On-demand services
Resource Pooling
Measured or "metered" service
26. What NIST publication number defines cloud computing? -
ANSWER ✅800-145
27. What ISO/IEC standard provides information on cloud
computing? - ANSWER ✅17788
28. What is another way of describing a functional business
requirement? - ANSWER ✅necessary
29. What is another way of describing a nonfunctional business
requirement? - ANSWER ✅not necessary
30. What is the greatest driver pushing orgs to the cloud? -
ANSWER ✅Cost savings
31. What is cloud bursting? - ANSWER ✅Ability to increase
4
SECURITY(WGU) COMPLETE
QUESTIONS AND CORRECT
ANSWERS ||A+ GRADED
1. Assets can be what? - ANSWER ✅Tangible
Intangible
Personnel
2. What is white box testing? - ANSWER ✅The tester is using
knowledge of the program's internals.
3. What is black box testing? - ANSWER ✅The tester is testing
without knowledge of the internals.
4. What are 4 cloud application assurance and validation
methods? - ANSWER ✅Approved APIs
Secure code reviews
runtime application self-protection
securing open source software
5. What allows applications to consume web services from the
application, to expand its capabilities? - ANSWER ✅approved
APIs
6. What identifies and mitigates codes in an application that has
exposed a potential vulnerability? - ANSWER ✅secure code
reviews
1
, 7. What protects itself without human intervention and assists in
the prevention of successful attack? - ANSWER ✅runtime
application self-protection
8. What allows users to make modifications that they choose in
order to add or enhance the functionality? - ANSWER ✅securing
open source software
9. What cloud model removes and reduces the authority and
execution of security controls in the environment - ANSWER
✅deployment model
10. What is SAML - ANSWER ✅A standard for exchanging
authentication and authorization data between security domains
11. What is the most widely used federation standard? - ANSWER
✅Security Assertion Markup Language(SAML)
12. What is an API? - ANSWER ✅A set of routines, standards,
protocols, and tools for building software applications to access a
web-based software application or tool
13. What is SAST? - ANSWER ✅A set of technologies that
analyze application source code, byte code, and binaries for coding
and design problems that would indicate a security problem or
vulnerability
14. What is ONF? - ANSWER ✅A framework of containers for
all components of application security, best practices, catalogued
and leveraged by the organization
15. What is data masking? - ANSWER ✅A method for creating
similar but inauthentic datasets used for software testing and user
2
,training.
16. What does Business Impact Analysis do? - ANSWER
✅Defines which of the assets provide the intrinsic value of an
organization.
17. What is risk appetite - ANSWER ✅Level, Amount, or Type of
risk that an org finds acceptable
18. What is the IaaS boundary? - ANSWER ✅The provider is
responsible for connectivity and power and the customer is in
charge for installation of software.
19. What is the PaaS boundary? - ANSWER ✅The provider is
responsible for updates and administration of the OS and the
customer monitors and reviews software events.
20. What is the SaaS boundary? - ANSWER ✅The provider is
responsible for system maintenance and the customer supplies and
processes data to and in the system.
21. What should encryption be used for in a cloud datacenter? -
ANSWER ✅Long-term storage/archiving
Protecting near-term stored files, such as snapshots of virtualized
instances
Preventing unauthorized access to specific datasets by authorized
personnel
22. What should encryption be used for in communications
between cloud providers and users? - ANSWER ✅Creating secure
sessions
Ensuring the integrity and confidentiality of data in transit
3
, 23. What are 4 controls/mechanisms a cloud provider should play
a role in in layered defense? - ANSWER ✅Strong personnel
controls
Technological controls
Physical controls
Governance mechanisms
24. In cloud layered defense what are examples of personnel
controls? - ANSWER ✅background checks
continual monitoring
25. What are the 4 characteristics of cloud computing? - ANSWER
✅Broad network access
On-demand services
Resource Pooling
Measured or "metered" service
26. What NIST publication number defines cloud computing? -
ANSWER ✅800-145
27. What ISO/IEC standard provides information on cloud
computing? - ANSWER ✅17788
28. What is another way of describing a functional business
requirement? - ANSWER ✅necessary
29. What is another way of describing a nonfunctional business
requirement? - ANSWER ✅not necessary
30. What is the greatest driver pushing orgs to the cloud? -
ANSWER ✅Cost savings
31. What is cloud bursting? - ANSWER ✅Ability to increase
4
