OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • November 28, 2024

Question 21

Which international standard provides guidelines for managing information security risks within a cloud computing environment?

A. ISO/IEC 27001
B. ISO/IEC 27018
C. ISO/IEC 27005
D. PCI DSS

Correct Answer: C. ISO/IEC 27005

Explanation: ISO/IEC 27005 provides guidelines for managing information security risks within an organization, including cloud environments. ISO/IEC 27001 is a broader standard for information security management systems, ISO/IEC 27018 focuses on protecting personal data in the cloud, and PCI DSS is for payment card security.

Question 22

Which security measure is most effective for preventing unauthorized access to sensitive data in a cloud environment?

A. Firewalls
B. Access Control Lists (ACLs)
C. Multi-Factor Authentication (MFA)
D. Data Masking

Correct Answer: C. Multi-Factor Authentication (MFA)

Explanation: MFA provides strong protection against unauthorized access by requiring multiple forms of verification. Firewalls and ACLs control access at the network and resource levels, while Data Masking protects data in applications but does not prevent unauthorized access.

Question 23

Which operational process is focused on ensuring that cloud services can recover quickly and effectively after a disruption?

A. Disaster Recovery
B. Problem Management
C. Incident Management
D. Capacity Management

Correct Answer: A. Disaster Recovery

Explanation: Disaster Recovery focuses on restoring cloud services quickly and effectively after a disruption. Problem Management identifies root causes, Incident Management deals with resolving incidents, and Capacity Management ensures resources are sufficient to meet demand.

Question 24

Which type of risk analysis involves calculating the potential financial loss associated with a specific risk?

A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Business Impact Analysis (BIA)
D. Scenario Analysis

Correct Answer: B. Quantitative Risk Analysis

Explanation: Quantitative Risk Analysis calculates the potential financial loss associated with a risk, providing numerical estimates. Qualitative Risk Analysis ranks risks based on severity, BIA assesses the impact on business functions, and Scenario Analysis explores different risk scenarios.

Question 25

Which U.S. regulation requires financial institutions to develop written information security plans to protect customer information?

A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. California Consumer Privacy Act (CCPA)

Correct Answer: A. Gramm-Leach-Bliley Act (GLBA)

Explanation: GLBA requires financial institutions to develop written information security plans to protect customer information. SOX addresses corporate financial practices, HIPAA focuses on healthcare data, and CCPA protects consumer privacy in California.

Question 26

Which of the following controls is most effective for detecting and responding to unauthorized access attempts in a cloud environment?

A. Intrusion Detection System (IDS)
B. Firewalls
C. Encryption
D. Multi-Factor Authentication (MFA)

Correct Answer: A. Intrusion Detection System (IDS)

Explanation: IDS is designed to detect unauthorized access attempts and alert administrators. Firewalls prevent unauthorized access, Encryption protects data, and MFA strengthens access control, but IDS specifically focuses on detection and response.

Question 27

Which type of cloud operation involves automating the deployment and scaling of applications based on demand?

A. Continuous Integration/Continuous Deployment (CI/CD)
B. Auto-Scaling
C. Load Balancing
D. Backup and Restore

Correct Answer: B. Auto-Scaling

Explanation: Auto-Scaling automatically adjusts the number of running instances of an application based on demand, ensuring efficient resource use. CI/CD automates software deployment, Load Balancing distributes traffic, and Backup and Restore manage data protection.

Question 28

Which document records all identified risks, including their severity, potential impact, and mitigation strategies?

A. Risk Appetite Statement
B. Risk Register
C. Business Continuity Plan
D. Incident Response Plan

Correct Answer: B. Risk Register

Explanation: A Risk Register records all identified risks, including their severity, potential impact, and mitigation strategies. The Risk Appetite Statement defines acceptable risk levels, while the Business Continuity Plan and Incident Response Plan address operational disruptions and incidents.

Question 29

Which legal principle requires that personal data must be processed fairly, lawfully, and transparently under GDPR?

A. Integrity and Confidentiality
B. Lawfulness, Fairness, and Transparency
C. Data Minimization
D. Purpose Limitation

Correct Answer: B. Lawfulness, Fairness, and Transparency

Explanation: The principle of Lawfulness, Fairness, and Transparency under GDPR requires that personal data be processed in a fair, lawful, and transparent manner. Integrity and Confidentiality protect data, Data Minimization limits data collection, and Purpose Limitation ensures data is used only for its intended purpose.

Question 30

 Which cloud security measure involves creating an isolated environment for testing and development to prevent potential security issues from affecting production systems?

A. Sandbox
B. Encryption
C. Multi-Factor Authentication (MFA)
D. Virtual Private Network (VPN)

Correct Answer: A. Sandbox

Explanation: A Sandbox is an isolated environment used for testing and development to prevent potential security issues from affecting production systems. Encryption protects data, MFA strengthens access control, and VPN secures network communications, but none of these provide isolation like a Sandbox.

Question 31

Which cloud operational activity involves the continuous monitoring of security events and incident detection?

A. Security Information and Event Management (SIEM)
B. Incident Management
C. Disaster Recovery
D. Configuration Management

Correct Answer: A. Security Information and Event Management (SIEM)

Explanation: SIEM involves continuous monitoring and analysis of security events to detect and respond to incidents. Incident Management addresses immediate incidents, Disaster Recovery focuses on restoring services after a disruption, and Configuration Management ensures systems are configured correctly.

Question 32

Which of the following describes a scenario-based analysis that evaluates how specific risks could impact business operations?

A. Scenario Analysis
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Risk Transference

Correct Answer: A. Scenario Analysis

Explanation: Scenario Analysis evaluates how specific risks could impact business operations by considering different scenarios. BIA assesses the overall impact on business functions, Risk Mitigation reduces risks, and Risk Transference shifts risks to another party.

Question 33

Which regulation requires organizations to implement security controls to protect electronic health records (EHRs)?

A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. General Data Protection Regulation (GDPR)

Correct Answer: C. Health Insurance Portability and Accountability Act (HIPAA)

Explanation: HIPAA requires organizations to implement security controls to protect electronic health records (EHRs). GLBA and SOX address financial information, and GDPR focuses on personal data protection in the EU.

Question 34

Which security technology is most effective for ensuring that only authorized devices can connect to a cloud network?

A. Network Access Control (NAC)
B. Virtual Private Network (VPN)
C. Web Application Firewall (WAF)
D. Intrusion Detection System (IDS)

Correct Answer: A. Network Access Control (NAC)

Explanation: NAC ensures that only authorized devices can connect to a network by enforcing security policies at the point of entry. VPN secures remote access, WAF protects web applications, and IDS detects unauthorized access, but NAC specifically controls device access.

Question 35

Which process involves the regular review and adjustment of cloud resources to ensure optimal performance and cost-efficiency?

A. Capacity Management
B. Change Management
C. Incident Management
D. Service Level Management

Correct Answer: A. Capacity Management

Explanation: Capacity Management involves regularly reviewing and adjusting cloud resources to ensure they are used efficiently and meet demand. Change Management controls modifications, Incident Management addresses issues, and Service Level Management ensures service agreements are met.

Question 36

Which risk management strategy is used when an organization takes no action to mitigate or transfer a risk and chooses to accept the potential consequences?

A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference

Correct Answer: B. Risk Acceptance

Explanation: Risk Acceptance occurs when an organization chooses to take no action to mitigate or transfer a risk, instead accepting the potential consequences. Risk Avoidance eliminates the risk, Risk Mitigation reduces it, and Risk Transference shifts it to another party.

Question 37

Which regulation or standard is specifically designed to protect the privacy and security of health information in the United States?

A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Payment Card Industry Data Security Standard (PCI DSS)

Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)

Explanation: HIPAA is designed to protect the privacy and security of health information in the United States. SOX focuses on financial transparency, GDPR on personal data in the EU, and PCI DSS on payment card security.

Question 38

Which of the following is a common security measure used to protect cloud APIs from unauthorized access and attacks?

A. API Gateway
B. Encryption
C. Data Masking
D. Biometric Authentication

Correct Answer: A. API Gateway

Explanation: An API Gateway protects cloud APIs from unauthorized access and attacks by enforcing security policies and managing API traffic. Encryption protects data, Data Masking obscures sensitive information, and Biometric Authentication secures user access.

Question 39

Which cloud operational activity involves the documentation and tracking of changes to cloud infrastructure and applications?

A. Change Management
B. Incident Management
C. Problem Management
D. Capacity Management

Correct Answer: A. Change Management

Explanation: Change Management involves documenting and tracking changes to cloud infrastructure and applications to ensure that they are implemented in a controlled manner. Incident Management addresses immediate issues, Problem Management identifies root causes, and Capacity Management optimizes resource use.

Question 40

Which risk response strategy is most appropriate when an organization decides to insure against potential losses from a cyberattack?

A. Risk Mitigation
B. Risk Transference
C. Risk Acceptance
D. Risk Avoidance

Correct Answer: B. Risk Transference

Explanation: Risk Transference is appropriate when an organization insures against potential losses, effectively shifting the financial risk to the insurance provider. Risk Mitigation reduces the risk, Risk Acceptance involves bearing the risk, and Risk Avoidance eliminates it.

Complete the Captcha to view next question set.

Prev Post
WGU D075 Practice Exam Questions – Set 5 – Part 3
Next Post
WGU D320 Practice Exam Questions – Set 1 – Part 3