WGU Managing-Cloud-Security權威認證 & Managing-Cloud-Security學習指南只要你需要考試,我們就可以隨時更新WGU Managing-Cloud-Security認證考試的培訓資料來滿足你的考試需求。PDFExamDumps的培訓資料包含WGU Managing-Cloud-Security考試的練習題和答案,能100%確保你通過WGU Managing-Cloud-Security考試。有了我們為你提供的培訓資料,你可以為你參加考試做更好的準備,而且我們還會為你提供一年的免費的更新服務。 最新的 Courses and Certificates Managing-Cloud-Security 免費考試真題 (Q45-Q50):問題 #45
An organization wants to ensure that all entities trust any certificate generated internally in the organization.
What should be used to generate these certificates?
A. The organization's certificate authority server
B. Individual users' private keys
C. Individual systems' private keys
D. The organization's certificate repository server
答案:A
解題說明:
Trust in digital certificates comes from their issuance by aCertificate Authority (CA). A CA is a trusted entity that validates identities and signs certificates. In internal environments, organizations often operate a private CAto issue certificates for users, systems, and services.
If certificates were generated by individual private keys or systems without central authority, there would be no unified trust chain, and validating authenticity across the organization would be impossible. A certificate repository server only distributes certificates but cannot establish trust.
By using an organizational CA server, all certificates are linked to a root of trust. Systems configured to trust the organization's CA will trust any certificate it issues. This allows secure internal communications (TLS, VPN, email signing) and ensures scalability as new services come online. It also supports compliance with enterprise PKI policies.
問題 #46
Which term refers to taking an accurate account of a system's desired standard state so changes can be quickly detected for approval or remediation?
A. Capacity management
B. Patch management
C. Baselining
D. Deployment
答案:C
解題說明:
Baselining is the process of establishing a reference point for the standard configuration of systems, networks, or applications. This baseline represents the approved, secure state. By continuously comparing the current environment to the baseline, organizations can detect deviations, unauthorized changes, or misconfigurations.
Patch management involves updating systems, deployment refers to installing new systems, and capacity management focuses on resource planning. While important, these do not establish a standard state for comparison.
Baselining is essential for change management and security auditing. It supports configuration management databases (CMDBs), intrusion detection, and compliance requirements. When deviations are detected, they can be escalated for remediation or formally approved through change control processes.
問題 #47
An engineer needs to create segmentation using the built-in tools provided by the company's cloud provider.
The InfoSec team has given the engineer directions to limit traffic using a security group between two cloud deployments in the organization. Which mechanisms should the engineer use to create this segmentation?
A. MAC addresses and protocols
B. Definitions and protocols
C. Ports and protocols
D. Unique identifiers and protocols
答案:C
解題說明:
Cloudsecurity groupstypically filter traffic based onports and protocols. By allowing or denying specific port/protocol combinations, engineers can control communication between deployments. For example, permitting HTTPS (TCP port 443) while blocking other ports enforces segmentation.
MAC addresses are not used in cloud-level segmentation because they apply to physical networks. Unique identifiers and definitions are not practical mechanisms for traffic filtering.
Using ports and protocols aligns with the principle of least privilege by ensuring that only necessary communication pathways exist. In multi-deployment or hybrid cloud setups, this reduces the attack surface and prevents lateral movement by malicious actors. Security groups thereby provide logical network segmentation without requiring physical infrastructure changes.
問題 #48
Which U.S. standard is used by federal government agencies to manage enterprise risk?
A. The Committee of Sponsoring Organizations (COSO) framework
B. International Organization for Standardization (ISO) 37500
C. The National Institute of Standards and Technology (NIST) SP 800-37
D. The Statement on Standards for Attestation Engagements 18 (SSAE 18)
答案:C
解題說明:
Federal agencies in the U.S. rely onNIST SP 800-37, Risk Management Framework (RMF), to manage enterprise risk. RMF provides a structured process for categorizing systems, selecting controls, implementing safeguards, assessing effectiveness, authorizing operations, and continuous monitoring.
ISO 37500 deals with outsourcing governance, SSAE 18 governs service provider audits, and COSO is a corporate governance framework but not specific to federal agencies.
NIST RMF is integrated with the Federal Information Security Modernization Act (FISMA) requirements, ensuring agencies manage cybersecurity risks consistently. Its adoption is expanding beyond government into industries seeking comprehensive, repeatable risk management processes.
問題 #49
An organization is implementing a new hybrid cloud deployment. Before granting access to any of the resources, the security team wants to ensure that all employees are checked against a database to see if they are allowed to access the requested resource. Which type of security control is the organization leveraging for its employees?
A. Web application firewall (WAF)
B. Antispyware program
C. Authorization
D. Authentication
答案:C
解題說明:
The described control isauthorization, which occurs after authentication. Authorization determines what resources a user can access based on their role, attributes, or policies stored in an access control database.
Authentication confirms identity, but authorization validates permissions. WAFs protect applications from malicious traffic, and antispyware tools detect malware. Neither applies to access decisions.
By checking users against a database of permissions, the organization enforces the principle of least privilege, ensuring employees only access the resources necessary for their role. This strengthens data protection, reduces insider threats, and aligns with compliance requirements for access governance.