WGU Course C838 - Managing Cloud
Security (CCSP)
_______ drive security decisions.
A Public opinion
B Business requirements
C Surveys
D Customer service responses - ------------ANS: B
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
B The tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ------------ANS: D
A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident.
Which action facilitates this type of communication?
A Incorporating checks on API calls
B Using existing open standards
C Identifying key risk indicators (KRIs)
D Performing a vulnerability assessment - ------------ANS: B
Which of the following statements is true of key management?
A Uses key management interoperability protocol to generate keys
B Includes generation of random number of keys
C Manages keys within an encryption engine
D Used in file-level encryption - ------------ANS: B
Which of the following supplemental security devices implements the DLP (data loss
prevention) security control?
A XML gateways
B API gateway
C Web application firewall
D Database activity monitoring - ------------ANS: A
,Which of the following techniques for ensuring cloud datacenter storage resiliency
uses encrypted chunks of data?
A RAID
B Data dispersion
C SAN
D Cloud-bursting - ------------ANS: B
Which of the following techniques for ensuring cloud datacenter storage resiliency
uses parity bits and disk striping?
A Cloud-bursting
B RAID
C Data dispersion
D SAN - ------------ANS: B
Which of the following technologies is used to ensure that secure API (Application
Programming Interface) access?
A Virtual private network
B Message-level crypto-access
C Data loss prevention
D ID.AM (Identity—Asset Management) - ------------ANS: B
Which of the following terms is not associated with cloud forensics?
A Analysis
B Plausibility
C Chain of custody
D eDiscovery - ------------ANS: B
Which of the following testing is referred to as white-box testing and is used to
determine the coding errors?
A DAST (Dynamic application security testing)
B RASP (Runtime application self-protection)
C Penetration testing
D SAST (Static application security testing) - ------------ANS: D
Which of the following threats is a form of cache poisoning in which forged data is
placed in the cache of the name server?
,A Data modification
B Footprinting
C Redirection
D Spoofing - ------------ANS: D
Which of the following threats occurs due to the loss of relevant encryption keys?
A Insider
B Service traffic hijacking
C Data loss
D Data breach - ------------ANS: C
Which of the following types of storage do cloud infrastructure services use?
A Structured
B Unstructured
C Content and file
D Volume - ------------ANS: D
Which of the following vulnerabilities exploits a user's browser to generate
unauthorized commands?
A Cross-site request forgery
B Cross-site scripting
C Sensitive data exposure
D Invalidated redirects and forwards - ------------ANS: A
Which of the following will help achieve redundancy in virtual switches?
Each correct answer represents a complete solution. Choose all that apply.
1) Kerberos
2) CHAP
3) Port channeling
4) Physical NICs
A 3,4
B 1,2 - ------------ANS: A
Which open web application security project (OWASP) Top 9 Coding Flaws leads to
security issues?
A Direct object reference
B Cross-site scripting
, C Denial-of-service
D Client-side injection - ------------ANS: A
Which option should an organization choose if there is a need to avoid software
ownership?
A Software as a service (SaaS)
B Platform as a service (PaaS)
C Containers as a service (CaaS)
D Infrastructure as a service (IaaS) - ------------ANS: A
Which organization focuses on enhancing the need to protect privacy using personal
data using a practical, risk-management-based approach?
A General Data Protection Regulation
B Asia-Pacific Economic Cooperation
C Organization for Economic Cooperation and Development
D EU data protection directive - ------------ANS: C
Which penalty is imposed for privacy violations under the general data protection
regulation (GDPR)?
A Penalty up to 2% of gross income
B Penalty up to 10 million Euros
C Penalty up to 5% of gross income
D Penalty up to 20 million Euros - ------------ANS: D
Which phase forms the security and foundation for IAM (Identity and Access
Management) within the cloud environment?
A Privileged user management
B Authentication and access management
C Provisioning and deprovisioning
D Centralized directory services - ------------ANS: B
Which phase of the cloud data life cycle allows both read and process functions to
be performed?
A Create
B Archive
C Store
D Share - ------------ANS: A
Which phase of the cloud data life cycle is associated with crypto-shredding?
Security (CCSP)
_______ drive security decisions.
A Public opinion
B Business requirements
C Surveys
D Customer service responses - ------------ANS: B
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
B The tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ------------ANS: D
A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident.
Which action facilitates this type of communication?
A Incorporating checks on API calls
B Using existing open standards
C Identifying key risk indicators (KRIs)
D Performing a vulnerability assessment - ------------ANS: B
Which of the following statements is true of key management?
A Uses key management interoperability protocol to generate keys
B Includes generation of random number of keys
C Manages keys within an encryption engine
D Used in file-level encryption - ------------ANS: B
Which of the following supplemental security devices implements the DLP (data loss
prevention) security control?
A XML gateways
B API gateway
C Web application firewall
D Database activity monitoring - ------------ANS: A
,Which of the following techniques for ensuring cloud datacenter storage resiliency
uses encrypted chunks of data?
A RAID
B Data dispersion
C SAN
D Cloud-bursting - ------------ANS: B
Which of the following techniques for ensuring cloud datacenter storage resiliency
uses parity bits and disk striping?
A Cloud-bursting
B RAID
C Data dispersion
D SAN - ------------ANS: B
Which of the following technologies is used to ensure that secure API (Application
Programming Interface) access?
A Virtual private network
B Message-level crypto-access
C Data loss prevention
D ID.AM (Identity—Asset Management) - ------------ANS: B
Which of the following terms is not associated with cloud forensics?
A Analysis
B Plausibility
C Chain of custody
D eDiscovery - ------------ANS: B
Which of the following testing is referred to as white-box testing and is used to
determine the coding errors?
A DAST (Dynamic application security testing)
B RASP (Runtime application self-protection)
C Penetration testing
D SAST (Static application security testing) - ------------ANS: D
Which of the following threats is a form of cache poisoning in which forged data is
placed in the cache of the name server?
,A Data modification
B Footprinting
C Redirection
D Spoofing - ------------ANS: D
Which of the following threats occurs due to the loss of relevant encryption keys?
A Insider
B Service traffic hijacking
C Data loss
D Data breach - ------------ANS: C
Which of the following types of storage do cloud infrastructure services use?
A Structured
B Unstructured
C Content and file
D Volume - ------------ANS: D
Which of the following vulnerabilities exploits a user's browser to generate
unauthorized commands?
A Cross-site request forgery
B Cross-site scripting
C Sensitive data exposure
D Invalidated redirects and forwards - ------------ANS: A
Which of the following will help achieve redundancy in virtual switches?
Each correct answer represents a complete solution. Choose all that apply.
1) Kerberos
2) CHAP
3) Port channeling
4) Physical NICs
A 3,4
B 1,2 - ------------ANS: A
Which open web application security project (OWASP) Top 9 Coding Flaws leads to
security issues?
A Direct object reference
B Cross-site scripting
, C Denial-of-service
D Client-side injection - ------------ANS: A
Which option should an organization choose if there is a need to avoid software
ownership?
A Software as a service (SaaS)
B Platform as a service (PaaS)
C Containers as a service (CaaS)
D Infrastructure as a service (IaaS) - ------------ANS: A
Which organization focuses on enhancing the need to protect privacy using personal
data using a practical, risk-management-based approach?
A General Data Protection Regulation
B Asia-Pacific Economic Cooperation
C Organization for Economic Cooperation and Development
D EU data protection directive - ------------ANS: C
Which penalty is imposed for privacy violations under the general data protection
regulation (GDPR)?
A Penalty up to 2% of gross income
B Penalty up to 10 million Euros
C Penalty up to 5% of gross income
D Penalty up to 20 million Euros - ------------ANS: D
Which phase forms the security and foundation for IAM (Identity and Access
Management) within the cloud environment?
A Privileged user management
B Authentication and access management
C Provisioning and deprovisioning
D Centralized directory services - ------------ANS: B
Which phase of the cloud data life cycle allows both read and process functions to
be performed?
A Create
B Archive
C Store
D Share - ------------ANS: A
Which phase of the cloud data life cycle is associated with crypto-shredding?
