OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • November 29, 2024

Question 21

Which international standard provides guidelines for managing information security risks in cloud environments?

A. ISO/IEC 27001
B. ISO/IEC 27005
C. ISO/IEC 27018
D. PCI DSS

Correct Answer: B. ISO/IEC 27005

Explanation: ISO/IEC 27005 provides guidelines for managing information security risks, including in cloud environments. ISO/IEC 27001 focuses on information security management systems, ISO/IEC 27018 is for protecting personal data in the cloud, and PCI DSS is for payment card security.

Question 22

 Which security measure is most effective at preventing unauthorized access to sensitive data in a cloud environment?

A. Firewalls
B. Access Control Lists (ACLs)
C. Multi-Factor Authentication (MFA)
D. Data Masking

Correct Answer: C. Multi-Factor Authentication (MFA)

Explanation: Multi-Factor Authentication (MFA) is highly effective at preventing unauthorized access by requiring multiple forms of verification. Firewalls and ACLs control network access, and Data Masking protects data in use.

Question 23

 Which operational process ensures cloud services can recover quickly after a disruption?

A. Disaster Recovery
B. Problem Management
C. Incident Management
D. Capacity Management

Correct Answer: A. Disaster Recovery

Explanation: Disaster Recovery focuses on restoring cloud services quickly after a disruption. Problem Management identifies root causes, Incident Management resolves incidents, and Capacity Management ensures resources meet demand.

Question 24

Which type of risk analysis calculates the potential financial loss associated with a specific risk?

A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Business Impact Analysis (BIA)
D. Scenario Analysis

Correct Answer: B. Quantitative Risk Analysis

Explanation: Quantitative Risk Analysis calculates the potential financial loss associated with a specific risk. Qualitative Risk Analysis ranks risks by severity, and Scenario Analysis evaluates various risk scenarios.

Question 25

Which U.S. law requires financial institutions to develop information security plans to protect customer data?

A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. California Consumer Privacy Act (CCPA)

Correct Answer: A. Gramm-Leach-Bliley Act (GLBA)

Explanation: The GLBA requires financial institutions to develop information security plans to protect customer data. SOX addresses corporate governance, HIPAA focuses on healthcare, and CCPA protects consumer privacy in California.

Question 26

Which security control is designed to detect and respond to unauthorized access attempts in a cloud environment?

A. Intrusion Detection System (IDS)
B. Firewalls
C. Encryption
D. Multi-Factor Authentication (MFA)

Correct Answer: A. Intrusion Detection System (IDS)

Explanation: An IDS detects unauthorized access attempts and alerts administrators. Firewalls block unauthorized access, Encryption protects data, and MFA strengthens access controls.

Question 27

Which cloud operational activity involves automating the scaling of cloud resources based on demand?

A. Load Balancing
B. Auto-Scaling
C. Continuous Integration/Continuous Deployment (CI/CD)
D. Backup and Restore

Correct Answer: B. Auto-Scaling

Explanation: Auto-Scaling automatically adjusts cloud resources based on demand. Load Balancing distributes traffic, CI/CD automates software deployment, and Backup and Restore manage data protection.

Question 28

Which document tracks identified risks, including their severity and mitigation strategies?

A. Risk Appetite Statement
B. Risk Register
C. Business Continuity Plan
D. Incident Response Plan

Correct Answer: B. Risk Register

Explanation: A Risk Register tracks all identified risks, including severity, potential impact, and mitigation strategies. The Risk Appetite Statement defines acceptable levels of risk, and the Business Continuity Plan and Incident Response Plan address disruptions and incidents.

Question 29

Which of the following principles under GDPR ensures personal data is processed fairly, lawfully, and transparently?

A. Integrity and Confidentiality
B. Lawfulness, Fairness, and Transparency
C. Data Minimization
D. Purpose Limitation

Correct Answer: B. Lawfulness, Fairness, and Transparency

Explanation: GDPR's Lawfulness, Fairness, and Transparency principle ensures personal data is processed fairly, lawfully, and transparently. Integrity and Confidentiality protect data, Data Minimization limits data collection, and Purpose Limitation specifies data use.

Question 30

Which of the following cloud security measures involves creating an isolated environment for testing and development?

A. Sandbox
B. Encryption
C. Multi-Factor Authentication (MFA)
D. Virtual Private Network (VPN)

Correct Answer: A. Sandbox

Explanation: A Sandbox creates an isolated environment for testing and development, protecting production systems from potential security issues. Encryption secures data, MFA strengthens access controls, and VPNs secure network communications.

Question 31

Which operational activity involves continuously monitoring security events and detecting incidents?

A. Security Information and Event Management (SIEM)
B. Incident Management
C. Disaster Recovery
D. Configuration Management

Correct Answer: A. Security Information and Event Management (SIEM)

Explanation: SIEM continuously monitors and analyzes security events to detect and respond to incidents. Incident Management addresses immediate incidents, Disaster Recovery restores services, and Configuration Management ensures systems are properly configured.

Question 32

Which risk analysis evaluates how specific risks could impact business operations under various scenarios?

A. Scenario Analysis
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Risk Transference

Correct Answer: A. Scenario Analysis

Explanation: Scenario Analysis evaluates how specific risks could impact business operations by considering different potential scenarios. BIA assesses overall business impact, Risk Mitigation reduces risks, and Risk Transference shifts risks to another party.

Question 33

Which U.S. regulation requires organizations to implement security controls to protect electronic health records (EHRs)?

A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. General Data Protection Regulation (GDPR)

Correct Answer: C. Health Insurance Portability and Accountability Act (HIPAA)

Explanation: HIPAA requires organizations to implement security controls to protect electronic health records (EHRs). GLBA and SOX address financial information, and GDPR governs personal data protection in the EU.

Question 34

Which security technology ensures that only authorized devices can connect to a cloud network?

A. Network Access Control (NAC)
B. Virtual Private Network (VPN)
C. Web Application Firewall (WAF)
D. Intrusion Detection System (IDS)

Correct Answer: A. Network Access Control (NAC)

Explanation: NAC ensures only authorized devices can connect to a network by enforcing security policies. VPN secures remote access, WAF protects web applications, and IDS detects unauthorized access.

Question 35

Which process ensures that cloud resources are regularly reviewed and adjusted for optimal performance and cost-efficiency?

A. Capacity Management
B. Incident Management
C. Change Management
D. Service Level Management

Correct Answer: A. Capacity Management

Explanation: Capacity Management involves regularly reviewing and adjusting cloud resources to ensure optimal performance and cost-efficiency. Change Management oversees modifications, Incident Management addresses issues, and Service Level Management focuses on meeting SLAs.

Question 36

Which risk management strategy involves accepting the potential consequences of a risk without mitigation or transfer?

A. Risk Avoidance
B. Risk Mitigation
C. Risk Transference
D. Risk Acceptance

Correct Answer: D. Risk Acceptance

Explanation: Risk Acceptance involves taking no action to mitigate or transfer a risk and choosing to accept the potential consequences. Risk Avoidance eliminates the risk, Risk Mitigation reduces it, and Risk Transference shifts it to another party.

Question 37

Which regulation or standard is specifically designed to protect the privacy and security of health information in the U.S.?

A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Payment Card Industry Data Security Standard (PCI DSS)

Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)

Explanation: HIPAA protects the privacy and security of health information in the U.S. SOX focuses on financial transparency, GDPR on personal data in the EU, and PCI DSS on payment card security.

Question 38

Which of the following is a common security measure used to protect cloud APIs from unauthorized access and attacks?

A. API Gateway
B. Encryption
C. Data Masking
D. Biometric Authentication

Correct Answer: A. API Gateway

Explanation: An API Gateway protects cloud APIs from unauthorized access and attacks by enforcing security policies and managing API traffic. Encryption protects data, Data Masking obscures sensitive information, and Biometric Authentication secures user access.

Question 39

 Which cloud operational activity involves the documentation and tracking of changes to cloud infrastructure and applications?

A. Change Management
B. Incident Management
C. Problem Management
D. Capacity Management

Correct Answer: A. Change Management

Explanation: Change Management involves documenting and tracking changes to cloud infrastructure and applications to ensure that they are implemented in a controlled manner. Incident Management addresses immediate issues, Problem Management identifies root causes, and Capacity Management optimizes resource use.

Question 40

Which risk response strategy is most appropriate when an organization decides to insure against potential losses from a cyberattack?

A. Risk Mitigation
B. Risk Transference
C. Risk Acceptance
D. Risk Avoidance

Correct Answer: B. Risk Transference

Explanation: Risk Transference is appropriate when an organization insures against potential losses, effectively shifting the financial risk to the insurance provider. Risk Mitigation reduces the risk, Risk Acceptance involves bearing the risk, and Risk Avoidance eliminates it.

Complete the Captcha to view next question set.

Prev Post
WGU D324 Practice Exam Questions – Set 1 – Part 2
Next Post
WGU D324 Practice Exam Questions – Set 1 – Part 3