OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • November 28, 2024

Question 01

Which of the following frameworks is primarily designed for securing credit card transactions?

A. HIPAA
B. PCI DSS
C. NIST SP 800-53
D. ISO/IEC 27001

Correct Answer: B. PCI DSS

Explanation: PCI DSS is specifically designed to secure credit card data and transactions. HIPAA focuses on healthcare information, NIST SP 800-53 provides security guidelines for federal systems, and ISO/IEC 27001 is a general information security standard.

Question 02

Which of the following encryption methods allows data to be processed while still encrypted, ensuring data protection during use?

A. Symmetric Encryption
B. Homomorphic Encryption
C. Tokenization
D. Disk Encryption

Correct Answer: B. Homomorphic Encryption

Explanation: Homomorphic Encryption enables data to be processed while still encrypted, protecting it while in use. Tokenization and Disk Encryption protect data at rest, and Symmetric Encryption is not designed to process data in use.

Question 03

Which operational process is designed to identify and resolve issues before they lead to incidents in a cloud environment?

A. Incident Management
B. Capacity Management
C. Problem Management
D. Change Management

Correct Answer: C. Problem Management

Explanation: Problem Management focuses on identifying and resolving issues before they escalate into incidents. Incident Management addresses issues as they occur, Capacity Management ensures sufficient resources, and Change Management oversees modifications to the environment.

Question 04

Which of the following best describes a risk management strategy that involves outsourcing or purchasing insurance to share risk with another party?

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

Correct Answer: D. Risk Transference

Explanation: Risk Transference involves sharing the risk with another party, such as through insurance or outsourcing. Risk Avoidance eliminates the risk, Risk Mitigation reduces the risk, and Risk Acceptance involves accepting the risk.

Question 05

Which U.S. law is designed to protect the privacy of student education records?

A. HIPAA
B. FERPA
C. SOX
D. GLBA

Correct Answer: B. FERPA

Explanation: FERPA (Family Educational Rights and Privacy Act) protects the privacy of student educational records. HIPAA deals with healthcare information, SOX focuses on corporate governance, and GLBA addresses financial data protection.

Question 06

Which of the following best describes the function of a Security Information and Event Management (SIEM) system?

A. Managing access controls
B. Encrypting data in transit
C. Centralizing and analyzing security logs
D. Configuring firewall rules

Correct Answer: C. Centralizing and analyzing security logs

Explanation: SIEM systems centralize and analyze security logs to detect and respond to security threats. They do not directly manage access controls, encrypt data, or configure firewall rules.

Question 07

Which process ensures that cloud services meet or exceed the terms defined in a service level agreement (SLA)?

A. Service Level Management
B. Change Management
C. Incident Management
D. Capacity Management

Correct Answer: A. Service Level Management

Explanation: Service Level Management ensures that cloud services meet or exceed SLA terms. Change Management handles service modifications, Incident Management addresses incidents, and Capacity Management ensures adequate resources.

Question 08

 What is the process of evaluating risks based on their potential impact and likelihood called?

A. Risk Transference
B. Risk Mitigation
C. Risk Acceptance
D. Risk Assessment

Correct Answer: D. Risk Assessment

Explanation: Risk Assessment involves identifying, analyzing, and prioritizing risks based on their potential impact and likelihood. Risk Mitigation reduces risks, Risk Acceptance involves accepting risks, and Risk Transference shifts risk to another party.

Question 09

Which legal framework addresses cross-border data transfers between the EU and other countries?

A. HIPAA
B. SOX
C. GDPR
D. Safe Harbor Framework

Correct Answer: C. GDPR

Explanation: The GDPR (General Data Protection Regulation) governs the protection of personal data in the EU and regulates cross-border transfers. The Safe Harbor Framework has been replaced by the EU-U.S. Privacy Shield.

Question 10

Which of the following is used to secure data during transmission over a network?

A. Disk Encryption
B. SSL/TLS
C. Data Masking
D. Biometric Authentication

Correct Answer: B. SSL/TLS

Explanation: SSL/TLS encrypts data during transmission, protecting it from interception or tampering. Disk Encryption secures data at rest, Data Masking hides data in use, and Biometric Authentication controls access to systems.

Question 11

Which type of audit report provides assurance about a cloud provider’s internal controls, including security and privacy?

A. SOC 2
B. HIPAA Compliance Report
C. PCI DSS Report on Compliance
D. ISO/IEC 27001 Certification

Correct Answer: A. SOC 2

Explanation: A SOC 2 report provides assurance about a cloud provider's internal controls, particularly related to security, availability, processing integrity, confidentiality, and privacy. HIPAA and PCI DSS focus on specific industries, and ISO/IEC 27001 certifies information security management systems.

Question 12

Which type of risk assessment involves ranking risks based on severity using subjective judgment rather than numerical values?

A. Quantitative Risk Assessment
B. Risk Mitigation
C. Risk Avoidance
D. Qualitative Risk Assessment

Correct Answer: D. Qualitative Risk Assessment

Explanation: Qualitative Risk Assessment involves ranking risks based on their severity using subjective judgment. Quantitative Risk Assessment uses numerical values to estimate impact.

Question 13

Which of the following requires organizations to implement safeguards to protect personal data?

A. Data Integrity
B. Data Minimization
C. Data Protection by Design
D. Data Breach Notification

Correct Answer: C. Data Protection by Design

Explanation: Data Protection by Design requires organizations to implement appropriate safeguards throughout the data lifecycle. Data Minimization limits data collection, Data Integrity ensures data accuracy, and Data Breach Notification informs individuals when their data is compromised.

Question 14

Which of the following technologies is used to isolate tenants in a multi-tenant cloud environment?

A. VLANs
B. Shared Virtual Machines
C. Data Masking
D. Encryption

Correct Answer: A. VLANs

Explanation: VLANs (Virtual Local Area Networks) can isolate tenants in a multi-tenant cloud environment, ensuring data separation. Shared Virtual Machines could compromise security, while Data Masking and Encryption protect data but do not provide isolation.

Question 15

Which operational process is focused on ensuring cloud resources are used efficiently and meet demand?

A. Incident Management
B. Capacity Management
C. Problem Management
D. Service Level Management

Correct Answer: B. Capacity Management

Explanation: Capacity Management ensures that cloud resources are used efficiently and meet current and future demand. Incident Management deals with resolving issues, Problem Management identifies root causes, and Service Level Management focuses on meeting SLA requirements.

Question 16

Which risk management strategy is used when an organization eliminates a risky activity altogether?

A. Risk Avoidance
B. Risk Mitigation
C. Risk Transference
D. Risk Acceptance

Correct Answer: A. Risk Avoidance

Explanation: Risk Avoidance involves discontinuing a risky activity, eliminating the risk entirely. Risk Mitigation reduces risks, Risk Transference shifts them to another party, and Risk Acceptance means accepting the risks.

Question 17

Which GDPR principle mandates that personal data must only be collected for specified, legitimate purposes?

A. Integrity and Confidentiality
B. Purpose Limitation
C. Accuracy
D. Data Minimization

Correct Answer: B. Purpose Limitation

Explanation: The Purpose Limitation principle under GDPR mandates that personal data be collected for specified, legitimate purposes and not be further processed in a manner incompatible with those purposes.

Question 18

Which encryption protocol is commonly used to secure communication between a web browser and a cloud service?

A. SSL/TLS
B. Hashing
C. Symmetric Encryption
D. Asymmetric Encryption

Correct Answer: A. SSL/TLS

Explanation: SSL/TLS is the encryption protocol used to secure communication between a web browser and a cloud service. Hashing is used for data integrity, while Symmetric and Asymmetric Encryption are used for data protection.

Question 19

 Which operational process involves testing cloud service resilience and reliability under load conditions?

A. Penetration Testing
B. Load Testing
C. Functional Testing
D. Compliance Testing

Correct Answer: B. Load Testing

Explanation: Load Testing evaluates a cloud service's ability to handle heavy traffic or demand. Penetration Testing identifies security vulnerabilities, Functional Testing checks that the service meets requirements, and Compliance Testing ensures it meets legal standards.

Question 20

Which document outlines acceptable levels of risk for an organization and guides risk management?

A. Risk Register
B. Risk Appetite Statement
C. Incident Response Plan
D. Business Continuity Plan

Correct Answer: B. Risk Appetite Statement

Explanation: The Risk Appetite Statement defines the acceptable levels of risk that an organization is willing to tolerate and guides risk management efforts. A Risk Register tracks identified risks, and the Incident Response Plan and Business Continuity Plan ensure operations during disruptions.

Complete the Captcha to view next question set.

Prev Post
WGU D320 Practice Exam Questions – Set 1 – Part 3
Next Post
WGU D320 Practice Exam Questions – Set 2 – Part 2