WGU C838 MANAGING CLOUD SECURITY FINAL EXAM 2024-
2025 QUESTIONS AND ANSWERS
What EU data directive principle states any entity holding an individual's personal information
is responsible for protecting that information and is ultimately liable for any unauthorized
disclosure of that data? - ANSWER--security
What EU data directive principle states all entities that have any personal data of any EU citizen
understand that they are subject toe enforcement actions by the EU authorities? - ANSWER-
enforcement
What is a data subject? - ANSWER--This is the person whos data is being stored.
What is a data controller? - ANSWER--This is the person who has overall control over all the
Information/Data.
What is a data processor? - ANSWER--Performing any manipulation, storage or transmission of
PII
What does PIPEDA stand for? - ANSWER--Personal Information Protection and Electronic
Documents Act
What act conforms to the EU Data Directive and Privacy Regulation? - ANSWER-- PIPEDA
,What personal privacy principle informs an individual that personal information about them is
being gathers or created? - ANSWER--notice
What personal privacy principle includes whether the information will be shared with any other
entity? - ANSWER--purpose
What personal privacy principle allows an individual to get copies of any of their own
information held by any entity? - ANSWER--access
What personal privacy principle allows an individual to correct any of their own information if it
is inaccurate? - ANSWER--integrity
What is the process of identifying and obtaining electronic evidence for either prosecutorial or
litigation purposes? - ANSWER--eDiscovery
What are the 5 ISO/IEC standards for international digital forensics? - ANSWER-- 27037:2012
27041:2015
27042:2015
27043:2015
27050-1:2016
what ISO/IEC standard is a guide for collecting, identifying, and preserving electronic evidence?
- ANSWER--27037:2012
,what ISO/IEC standard is a guide for incident invetigations? - ANSWER-- 27041:2015
what ISO/IEC standard is a guide for digital evidence analysis? - ANSWER-- 27042:2015
what ISO/IEC standard is a incident investigation principles and processes? -
ANSWER--27043:2015
what ISO/IEC standard is an overview and principles for eDiscovery? - ANSWER-- 27050-1:2016
What identifier is the characteristics and traits of an individual that could reveal the identity of
that person? - ANSWER--indirect
What identifier could reveal a specific individual with specific data elements? - ANSWER--direct
What is the purpose of gap analysis? - ANSWER--To begin the benchmarking process
What is the best example of a key component of regulated PII? - ANSWER-- Mandatory breach
reporting
What is the least challenging part of eDiscovery in the cloud? - ANSWER--Forensic analysis
, What statute addresses security and privacy matters in the financial industry? - ANSWER--GLBA
What does the doctrine of proper law refer to? - ANSWER--How jurisdictional disputes are
settled
What is the best advantage of external audits? - ANSWER--Independence
What SOC report subtype represents a point in time? - ANSWER--Type I
What is not associated with HIPPA controls? - ANSWER--financial controls
What is the key component of GLBA? - ANSWER--information security program
T/F: The value of data is a component of contractual PII - ANSWER--False
What is the primary purpose of an SOC 3 report? - ANSWER--Seal of approval
T/F: SAS 70 report is no longer being used - ANSWER--True
2025 QUESTIONS AND ANSWERS
What EU data directive principle states any entity holding an individual's personal information
is responsible for protecting that information and is ultimately liable for any unauthorized
disclosure of that data? - ANSWER--security
What EU data directive principle states all entities that have any personal data of any EU citizen
understand that they are subject toe enforcement actions by the EU authorities? - ANSWER-
enforcement
What is a data subject? - ANSWER--This is the person whos data is being stored.
What is a data controller? - ANSWER--This is the person who has overall control over all the
Information/Data.
What is a data processor? - ANSWER--Performing any manipulation, storage or transmission of
PII
What does PIPEDA stand for? - ANSWER--Personal Information Protection and Electronic
Documents Act
What act conforms to the EU Data Directive and Privacy Regulation? - ANSWER-- PIPEDA
,What personal privacy principle informs an individual that personal information about them is
being gathers or created? - ANSWER--notice
What personal privacy principle includes whether the information will be shared with any other
entity? - ANSWER--purpose
What personal privacy principle allows an individual to get copies of any of their own
information held by any entity? - ANSWER--access
What personal privacy principle allows an individual to correct any of their own information if it
is inaccurate? - ANSWER--integrity
What is the process of identifying and obtaining electronic evidence for either prosecutorial or
litigation purposes? - ANSWER--eDiscovery
What are the 5 ISO/IEC standards for international digital forensics? - ANSWER-- 27037:2012
27041:2015
27042:2015
27043:2015
27050-1:2016
what ISO/IEC standard is a guide for collecting, identifying, and preserving electronic evidence?
- ANSWER--27037:2012
,what ISO/IEC standard is a guide for incident invetigations? - ANSWER-- 27041:2015
what ISO/IEC standard is a guide for digital evidence analysis? - ANSWER-- 27042:2015
what ISO/IEC standard is a incident investigation principles and processes? -
ANSWER--27043:2015
what ISO/IEC standard is an overview and principles for eDiscovery? - ANSWER-- 27050-1:2016
What identifier is the characteristics and traits of an individual that could reveal the identity of
that person? - ANSWER--indirect
What identifier could reveal a specific individual with specific data elements? - ANSWER--direct
What is the purpose of gap analysis? - ANSWER--To begin the benchmarking process
What is the best example of a key component of regulated PII? - ANSWER-- Mandatory breach
reporting
What is the least challenging part of eDiscovery in the cloud? - ANSWER--Forensic analysis
, What statute addresses security and privacy matters in the financial industry? - ANSWER--GLBA
What does the doctrine of proper law refer to? - ANSWER--How jurisdictional disputes are
settled
What is the best advantage of external audits? - ANSWER--Independence
What SOC report subtype represents a point in time? - ANSWER--Type I
What is not associated with HIPPA controls? - ANSWER--financial controls
What is the key component of GLBA? - ANSWER--information security program
T/F: The value of data is a component of contractual PII - ANSWER--False
What is the primary purpose of an SOC 3 report? - ANSWER--Seal of approval
T/F: SAS 70 report is no longer being used - ANSWER--True
