OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • November 28, 2024

Question 21

Which security control is designed to prevent unauthorized access to cloud services?

A. Firewalls
B. Multi-Factor Authentication (MFA)
C. Data Masking
D. Disk Encryption

Correct Answer: B. Multi-Factor Authentication (MFA)

Explanation: MFA is used to prevent unauthorized access by requiring multiple forms of verification. Firewalls protect network access, Data Masking obscures sensitive data, and Disk Encryption secures data at rest.

Question 22

What is the role of a load balancer in cloud computing?

A. Encrypting data in transit
B. Distributing traffic across multiple servers
C. Managing user identities
D. Configuring firewall rules

Correct Answer: B. Distributing traffic across multiple servers

Explanation: A load balancer distributes incoming traffic across multiple servers to optimize resource usage and ensure availability. Encryption, identity management, and firewall configuration are handled by other technologies.

Question 23

What does the principle of Data Breach Notification under GDPR require organizations to do?

A. Encrypt personal data
B. Minimize the data collected
C. Notify individuals in the event of a breach
D. Ensure data integrity

Correct Answer: C. Notify individuals in the event of a breach

Explanation: Data Breach Notification under GDPR requires organizations to inform individuals if their personal data is compromised. Other principles focus on data minimization, encryption, and integrity.

Question 24

Which audit report is designed to provide public assurance about a cloud provider’s internal controls?

A. SOC 1
B. SOC 2
C. SOC 3
D. PCI DSS

Correct Answer: C. SOC 3

Explanation: SOC 3 reports are designed for public assurance, while SOC 1 focuses on financial controls, SOC 2 audits security and privacy controls, and PCI DSS addresses credit card data security.

Question 25

 What is the primary purpose of encryption?

A. Ensuring availability
B. Securing data from unauthorized access
C. Preventing system outages
D. Managing user identities

Correct Answer: B. Securing data from unauthorized access

Explanation: Encryption protects data by ensuring only authorized parties can access it. Availability, preventing outages, and identity management are handled by other security measures.

Question 26

Which operational activity in cloud computing focuses on restoring services after a disruption?

A. Incident Management
B. Problem Management
C. Disaster Recovery
D. Capacity Management

Correct Answer: C. Disaster Recovery

Explanation: Disaster Recovery focuses on restoring services quickly and effectively after a disruption. Incident Management addresses immediate issues, Problem Management prevents incidents, and Capacity Management ensures resources are available.

Question 27

What is the purpose of Risk Assessment in cloud security?

A. Encrypting sensitive data
B. Prioritizing risks based on their impact and likelihood
C. Ensuring user identities are verified
D. Isolating cloud tenants

Correct Answer: B. Prioritizing risks based on their impact and likelihood

Explanation: Risk Assessment identifies, analyzes, and prioritizes risks to determine their potential impact and likelihood. Other activities involve encryption, identity verification, and tenant isolation.

Question 28

Which security measure is used to isolate tenants in a multi-tenant cloud environment?

A. Firewalls
B. VLANs
C. Multi-Factor Authentication (MFA)
D. SSL/TLS

Correct Answer: B. VLANs

Explanation: VLANs isolate tenants in a multi-tenant environment, ensuring that data and resources are separated. Firewalls control network access, MFA prevents unauthorized access, and SSL/TLS protects data in transit.

Question 29

Which regulation requires U.S. financial institutions to develop information security plans to protect customer data?

A. HIPAA
B. GDPR
C. GLBA
D. SOX

Correct Answer: C. GLBA

Explanation: The Gramm-Leach-Bliley Act (GLBA) requires U.S. financial institutions to develop security plans for protecting customer data. HIPAA governs healthcare data, GDPR protects personal data in the EU, and SOX addresses corporate governance.

Question 30

What type of risk analysis uses numerical values to estimate the impact of risks?

A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Scenario Analysis
D. Risk Mitigation

Correct Answer: B. Quantitative Risk Analysis

Explanation: Quantitative Risk Analysis uses numerical values to estimate the impact of risks, while Qualitative Risk Analysis ranks risks based on severity. Scenario Analysis evaluates risk scenarios, and Risk Mitigation reduces risks.

Question 31

Which U.S. regulation focuses on corporate financial practices and transparency?

A. GDPR
B. HIPAA
C. SOX
D. PCI DSS

Correct Answer: C. SOX

Explanation: The Sarbanes-Oxley Act (SOX) focuses on corporate financial practices and transparency. HIPAA governs healthcare data, GDPR protects personal data in the EU, and PCI DSS secures payment card data.

Question 32

Which type of encryption is commonly used to protect sensitive data during transmission between applications?

A. Symmetric Encryption
B. Asymmetric Encryption
C. SSL/TLS
D. Homomorphic Encryption

Correct Answer: C. SSL/TLS

Explanation: SSL/TLS is commonly used to secure data in transit between applications. Symmetric and Asymmetric Encryption are general encryption methods, while Homomorphic Encryption is used for encrypted data processing.

Question 33

Which risk management strategy involves shifting the responsibility for managing a risk to another party?

A. Risk Acceptance
B. Risk Transference
C. Risk Mitigation
D. Risk Avoidance

Correct Answer: B. Risk Transference

Explanation: Risk Transference involves shifting the responsibility for managing a risk to another party, such as through outsourcing or insurance. Risk Acceptance tolerates the risk, Risk Mitigation reduces it, and Risk Avoidance eliminates it.

Question 34

 What is the purpose of Data Integrity in cloud security?

A. Ensuring that only authorized users can access data
B. Preventing unauthorized changes to data
C. Protecting data from being intercepted during transmission
D. Encrypting data in the cloud

Correct Answer: B. Preventing unauthorized changes to data

Explanation: Data Integrity ensures that data is accurate and protected from unauthorized changes. Other options involve access control, transmission security, and encryption.

Question 35

Which type of testing is focused on identifying vulnerabilities in cloud services during the development stage?

A. Penetration Testing
B. Load Testing
C. Compliance Testing
D. Functional Testing

Correct Answer: A. Penetration Testing

Explanation: Penetration Testing identifies security vulnerabilities in cloud services during development. Load Testing evaluates system performance, Compliance Testing ensures adherence to regulations, and Functional Testing verifies if the service meets requirements.

Question 36

Which operational process in cloud computing focuses on ensuring that systems are configured correctly and consistently?

A. Incident Management
B. Configuration Management
C. Change Management
D. Problem Management

Correct Answer: B. Configuration Management

Explanation: Configuration Management ensures systems are configured consistently and correctly. Incident Management addresses issues after they occur, Change Management handles system modifications, and Problem Management identifies root causes of issues.

Question 37

Which regulation mandates that healthcare providers secure patient data in the U.S.?

A. GLBA
B. HIPAA
C. SOX
D. GDPR

Correct Answer: B. HIPAA

Explanation: HIPAA mandates that healthcare providers secure patient data in the U.S. GLBA covers financial data, SOX focuses on corporate governance, and GDPR governs personal data protection in the EU.

Question 38

Which operational activity involves identifying and documenting all assets and configurations in a cloud environment?

A. Asset Management
B. Configuration Management
C. Incident Management
D. Capacity Management

Correct Answer: A. Asset Management

Explanation: Asset Management involves identifying and documenting all assets and configurations in a cloud environment. Configuration Management ensures systems are configured correctly, Incident Management addresses issues, and Capacity Management ensures resource availability.

Question 39

 What is the primary purpose of encrypting data in the cloud?

A. Securing data from unauthorized access
B. Ensuring availability
C. Managing user identities
D. Monitoring system performance

Correct Answer: A. Securing data from unauthorized access

Explanation: Encryption protects data by ensuring that only authorized users can access it. Availability, identity management, and performance monitoring are handled by other controls.

Question 40

Which cloud computing service model gives the customer the most control over the operating system and application deployment?

A. SaaS
B. PaaS
C. IaaS
D. Public Cloud

Correct Answer: C. IaaS

Explanation: IaaS (Infrastructure as a Service) gives the customer the most control over operating system and application deployment. SaaS and PaaS offer more managed services, while Public Cloud is a deployment model, not a service model.

Complete the Captcha to view next question set.

Prev Post
WGU D320 Practice Exam Questions – Set 4 – Part 1
Next Post
WGU D320 Practice Exam Questions – Set 4 – Part 3