JYO2 Managing Cloud Security Version 1
Practice exam for Western Governors University WGU Exams under Western Governors University Exams (College Exams). 5 sample questions.
Sample Questions
You're viewing a limited preview. Log in and subscribe to access all questions.
Log InExam Questions
Question 1
In most redundant array of independent disks (RAID) configurations, data is stored across different disks. Which method of storing data is described?
Correct Answer: A
Rationale: Striping is the technique used in RAID systems where data is divided into segments and distributed across multiple disks to enhance performance and provide redundancy in certain RAID levels like RAID 0, RAID 5, or RAID 6. This allows for parallel read/write operations. Crypto-shredding refers to securely deleting data by destroying encryption keys, archiving involves long-term storage of inactive data, and mapping typically refers to associating logical addresses to physical locations, which is not specific to data distribution across disks in RAID.
Rationale: Striping is the technique used in RAID systems where data is divided into segments and distributed across multiple disks to enhance performance and provide redundancy in certain RAID levels like RAID 0, RAID 5, or RAID 6. This allows for parallel read/write operations. Crypto-shredding refers to securely deleting data by destroying encryption keys, archiving involves long-term storage of inactive data, and mapping typically refers to associating logical addresses to physical locations, which is not specific to data distribution across disks in RAID.
Question 2
Which phase of the cloud data life cycle involves activities such as data categorization and classification, including data labeling, marking, tagging, and assigning metadata?
Correct Answer: B
Rationale: In the standard cloud data lifecycle model (often defined by frameworks like those from the Cloud Security Alliance), the Create phase is where data is generated or ingested, and it is the appropriate stage to perform initial categorization, classification, labeling, tagging, and metadata assignment. This ensures that data is properly identified and handled from the outset, enabling appropriate security controls in subsequent phases. The Store phase focuses on persistent storage, Use on processing or accessing, and Destroy on secure deletion.
Rationale: In the standard cloud data lifecycle model (often defined by frameworks like those from the Cloud Security Alliance), the Create phase is where data is generated or ingested, and it is the appropriate stage to perform initial categorization, classification, labeling, tagging, and metadata assignment. This ensures that data is properly identified and handled from the outset, enabling appropriate security controls in subsequent phases. The Store phase focuses on persistent storage, Use on processing or accessing, and Destroy on secure deletion.
Question 3
Which phase of the cloud data life cycle involves the process of crypto-shredding?
Correct Answer: C
Rationale: Crypto-shredding is a secure data destruction technique where encryption keys are deliberately deleted, making the encrypted data irrecoverable without decrypting it first. This aligns with the Destroy phase of the cloud data lifecycle, which encompasses all activities related to the permanent and secure removal of data to prevent unauthorized recovery or access.
Rationale: Crypto-shredding is a secure data destruction technique where encryption keys are deliberately deleted, making the encrypted data irrecoverable without decrypting it first. This aligns with the Destroy phase of the cloud data lifecycle, which encompasses all activities related to the permanent and secure removal of data to prevent unauthorized recovery or access.
Question 4
An engineer has been given the task of assuring all of the keys used to encrypt archival data are securely stored according to industry standards. Which location is a secure option for the engineer to store encryption keys for decrypting data?
Correct Answer: A
Rationale: Storing encryption keys in a key escrow service that is separate from the encrypted data follows industry best practices (e.g., NIST guidelines) for key management. Separation reduces the risk of simultaneous compromise; if an attacker accesses the data, they still cannot decrypt it without the keys from the escrow. A public repository exposes keys to risks, a local escrow risks co-location vulnerabilities, and a private repository lacks the specialized secure handling of an escrow.
Rationale: Storing encryption keys in a key escrow service that is separate from the encrypted data follows industry best practices (e.g., NIST guidelines) for key management. Separation reduces the risk of simultaneous compromise; if an attacker accesses the data, they still cannot decrypt it without the keys from the escrow. A public repository exposes keys to risks, a local escrow risks co-location vulnerabilities, and a private repository lacks the specialized secure handling of an escrow.
Question 5
Which threat prohibits the use of data by preventing access to it?
Correct Answer: D
Rationale: A denial of service (DoS) attack overwhelms systems or networks, making data or services unavailable to legitimate users, thus prohibiting access. Rainbow tables are precomputed hashes for cracking passwords, brute force involves exhaustive trial-and-error attacks on credentials or encryption, and encryption is a protective measure, not a threat.
Rationale: A denial of service (DoS) attack overwhelms systems or networks, making data or services unavailable to legitimate users, thus prohibiting access. Rainbow tables are precomputed hashes for cracking passwords, brute force involves exhaustive trial-and-error attacks on credentials or encryption, and encryption is a protective measure, not a threat.