Download WGU COURSE C838 - MANAGING CLOUD SECURITY EXAM QUESTION AND ANSWER and more Exams Information Technology in PDF only on Docsity!
WGU COURSE C838 - MANAGING CLOUD
SECURITY 2026/20 27 EXAM ALL COMPLETE
QUESTIONS AND ANSWERS/ALREADY TOP-
RATED A+.
WGU COURSE C
Maximize your success on the WGU C838 Managing Cloud
Security exam with focused preparation that strengthens your
understanding of cloud security architecture, risk management
frameworks, compliance standards, and security controls for
cloud service models (IaaS, PaaS, SaaS). It is specifically
designed for IT and cybersecurity students to demonstrate
competency in protecting data and infrastructure in the cloud.
Which phase of the cloud data life cycle allows both read and process functions to be performed? A Create B Archive C Store D Share - CORRECT ANSWERS-A Which phase of the cloud data security life cycle typically occurs simultaneously with creation? A Share B Store C Use D Destroy - CORRECT ANSWERS-B Which phase of the cloud data life cycle uses content delivery networks? A Destroy B Archive C Share D Create - CORRECT ANSWERS-C Which phase of the cloud data life cycle is associated with crypto-shredding? A Share B Use
B Format-preserving encryption C Proxy-based encryption D Tokenization - CORRECT ANSWERS-B Which encryption technique connects the instance to the encryption instance that handles all crypto operations? A Database B Proxy C Externally managed D Server-side - CORRECT ANSWERS-B Which type of control should be used to implement custom controls that safeguard data? A Public and internal sharing B Options for access C Management plane D Application level - CORRECT ANSWERS-D Which element is protected by an encryption system? A Ciphertext B Management engine C Data D Public key - CORRECT ANSWERS-C A cloud administrator recommends using tokenization as an alternative to protecting data without encryption. The administrator needs to make an authorized application request to access the data. Which step should occur immediately before this action is taken? A The tokenization server returns the token to the application. B The tokenization server generates the token. C The application collects a token. D The application stores the token. - CORRECT ANSWERS-D A company has recently defined classification levels for its data. During which phase of the cloud data life cycle should this definition occur? A Use B Create
C Share D Archive - CORRECT ANSWERS-B Which jurisdictional data protection includes dealing with the international transfer of data? A Financial modernization B Secure choice authorization (SCA) C Sarbanes-Oxley act (SOX) D Privacy regulation - CORRECT ANSWERS-D Which jurisdictional data protection controls the ways that financial institutions deal with the private information of individuals? A Stored communications act (SCA) B Health insurance portability and accountability act (HIPAA) C Gramm-Leach-Bliley act (GLBA) D Sarbanes-Oxley act (SOX) - CORRECT ANSWERS-C Which jurisdictional data protection safeguards protected health information (PHI)? A Directive 95/46/EC B Safe harbor regime C Personal Data Protection Act of 2000 D Health Insurance Portability and Accountability Act (HIPAA) - CORRECT ANSWERS-D How is the compliance of the cloud service provider's legal and regulatory requirements verified when securing personally identifiable information (PII) data in the cloud? A Contractual agreements B Third-party audits and attestations C e-Discovery process D Researching data retention laws - CORRECT ANSWERS-B Which security strategy is associated with data rights management solutions? A Unrestricted replication B Limited documents type support C Static policy control D Continuous auditing - CORRECT ANSWERS-D Who retains final ownership for granting data access and permissions in a shared responsibility model?
Which technology is used to manage identity access management by building trust relationships between organizations? A Single sign-on B Multifactor authentication C Federation D Biometric authentication - CORRECT ANSWERS-C Which term describes the action of confirming identity access to an information system? A Coordination B Concept C Access D Authentication - CORRECT ANSWERS-D Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring? A Data loss prevention (DLP) B Content delivery network (CDN) C Cloud access security broker (CASB) D Web application firewall (WAF) - CORRECT ANSWERS-C Which cloud computing technology unlocks business value through digital and physical access to maps? A Multitenancy B Cloud application C Application programming interface D On-demand self-service - CORRECT ANSWERS-C Which cloud computing tool may help detect data migrations to cloud services? A Uniform resource locator (URL) filtering B Cloud security gateways C Cloud data transfer D Data loss prevention - CORRECT ANSWERS-D What is a key component of the infrastructure as a service (IaaS) cloud service model? A Allows choice and reduces lock-in B Supports multiple languages and frameworks
C Ease of use and limited administration D High reliability and resilience - CORRECT ANSWERS-D What is a key capability of infrastructure as a service (IaaS)? A Hosted application management B Converged network and IT capacity pool C Leased application and software licensing D Multiple hosting environments - CORRECT ANSWERS-B Which option should an organization choose if there is a need to avoid software ownership? A Software as a service (SaaS) B Platform as a service (PaaS) C Containers as a service (CaaS) D Infrastructure as a service (IaaS) - CORRECT ANSWERS-A Which cloud model offers access to a pool of fundamental IT resources such as computing, networking, or storage? A Infrastructure B Platform C Application D Data - CORRECT ANSWERS-A In which situation could cloud clients find it impossible to recover or access their own data if their cloud provider goes bankrupt? A Vendor lock-in B Multitenant C Multicloud D Vendor lock-out - CORRECT ANSWERS-D Which cloud deployment model is operated for a single organization? A Consortium B Hybrid C Public D Private - CORRECT ANSWERS-D Which cloud model provides data location assurance? A Hybrid
Which design principle of secure cloud computing ensures that the business can resume essential operations in the event of an availability-affecting incident? A Disaster recovery B Resource pooling C Access control D Session management - CORRECT ANSWERS-A Which design principle of secure cloud computing ensures that users can utilize data and applications from around the globe? A Portability B Scalability C On-demand self-service D Broad network access - CORRECT ANSWERS-D Which design principle of secure cloud computing involves deploying cloud service provider resources to maximize availability in the event of a failure? A Elasticity B Resiliency C Scalability D Clustering - CORRECT ANSWERS-B Which item should be part of the legal framework analysis if a company wishes to store prescription drug records in a SaaS solution? A Sarbanes-Oxley Act B Health Insurance Portability and Accountability Act C Federal Information Security Modernization Act D U.S. Patriot Act - CORRECT ANSWERS-B Which standard addresses practices related to acquisition of forensic artifacts and can be directly applied to a cloud environment? A NIST SP 500 - 291 B ISO/IEC 27001 C NIST SP 800 - 145 D ISO/IEC 27050 - 1 - CORRECT ANSWERS-D Which regulation in the United States defines the requirements for a CSP to implement and report on internal accounting controls?
A HIPAA
B SOX
C FERPA
D GDPR - CORRECT ANSWERS-B
Which legislation must a trusted cloud service adhere to when utilizing the data of EU citizens? A GDPR B EMTALA C APPI D SOX - CORRECT ANSWERS-A Which logical design decision can be attributed to required regulation? A Database writes/second B Retention periods C Retention formats D Database reads/second - CORRECT ANSWERS-B Which service model influences the logical design by using additional measures in the application to enhance security? A Hybrid cloud B Public cloud C Software as a service (SaaS) D Platform as a service (PaaS) - CORRECT ANSWERS-C Which environmental consideration should be addressed when planning the design of a data center? A Heating and ventilation B Utility power availability C Expansion possibilities and growth D Telecommunications connections - CORRECT ANSWERS-A Which result is achieved by removing all nonessential services and software of devices for secure configuration of hardware? A Hardening B Maintenance C Patching D Lockdown - CORRECT ANSWERS-A
The security administrator for a global cloud services provider (CSP) is required to globally Which type of agreement aims to negotiate policies with various parties in accordance with the agreed-upon targets? A Privacy-level (PLA) B Service-level (SLA) C User license (ULA) D Operation-level (OLA) - CORRECT ANSWERS-B Which regulation requires a CSP to comply with copyright law for hosted content? A SCA B DMCA C SOX D GLBA - CORRECT ANSWERS-B Which element is a cloud virtualization risk? A Guest isolation B Electronic discovery C Licensing D Jurisdiction - CORRECT ANSWERS-A Which risk is related to interception of data in transit? A Virtualization B Man-in-the-middle C Software vulnerabilities D Traffic blocking - CORRECT ANSWERS-B Which method is being used when a company evaluates the acceptable loss exposure associated with a cloud solution for a given set of objectives and resources? A Business impact analysis B Business continuity planning C Risk appetite D Risk management - CORRECT ANSWERS-C standardize the approaches for using forensics methodologies in the organization. Which standard should be applied? A International organization for standardization (ISO) 27050 - 1
B Sarbanes-Oxley Act (SOX) C Cloud controls matrix (CCM) D International electrotechnical commission (IEC) 27037 - CORRECT ANSWERS-A Which detection and analysis technique is performed to capture a point-in-time picture of the entire stack at the time of an incident? A Collect metadata during alert B Examine configuration data C Create a snapshot using API calls D Review data access logs - CORRECT ANSWERS-C A CSP operating in Australia experiences a security breach that results in disclosure of personal information that is likely to result in serious harm. Who is the CSP legally required to notify? A Information commissioner B Australian privacy foundation C Asian-Pacific privacy control board D Cloud Security Alliance - CORRECT ANSWERS-A A CSP provides services in European Union (EU) countries that are subject to the network information security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the essential services being provided. Who is the CSP required to notify under the NIS directive? A Data protection regulator B Competent authorities C Personal Information Protection Commission D Provider's services suppliers - CORRECT ANSWERS-B A cloud customer is setting up communication paths with the cloud service provider that will be used in the event of an incident. Which action facilitates this type of communication? A Incorporating checks on API calls B Using existing open standards C Identifying key risk indicators (KRIs) D Performing a vulnerability assessment - CORRECT ANSWERS-B
D Source code review - CORRECT ANSWERS-C Which primary security control should be used by all cloud accounts, including individual users, in order to defend against the widest range of attacks? A Multi-factor authentication B Logging and monitoring C Perimeter security D Redundant infrastructure - CORRECT ANSWERS-A Which cloud infrastructure is shared by several organizations and supports a specific population that has shared concerns (e.g., mission, security requirements, policy, compliance considerations)? A Public B Community C Hybrid D Private - CORRECT ANSWERS-B Which problem is known as a common supply chain risk? A Domain spoofing B Runtime application self-protection C Data breaches D Source code design - CORRECT ANSWERS-C Which phase of the software development life cycle includes determining the business and security requirements for the application to occur? A Designing B Developing C Defining D Testing - CORRECT ANSWERS-C Which phase of the software development life cycle includes writing application code? A Defining B Designing C Implementing D Developing - CORRECT ANSWERS-D Which method should the cloud consumer use to secure the management plane of the cloud service provider?
A Network access control list B Disablement of management plane C Agent-based security tooling D Credential management - CORRECT ANSWERS-D Which security threat occurs when a developer leaves an unauthorized access interface within an application after release? A Deprecated API B Easter egg C Persistent backdoor D Development operations - CORRECT ANSWERS-C Which process prevents the environment from being over-controlled by security measures to the point where application performance is impacted? A Trusted cloud initiative (TCI) B Community cloud C Quality of service (QoS) D Private cloud - CORRECT ANSWERS-C Which open web application security project (OWASP) Top 9 Coding Flaws leads to security issues? A Direct object reference B Cross-site scripting C Denial-of-service D Client-side injection - CORRECT ANSWERS-A Which identity management process targets access to enterprise resources by ensuring that the identity of an entity is verified? A Provisioning B Federation C Authentication D Policy management - CORRECT ANSWERS-C Which technology improves the ability of the transport layer security (TLS) to ensure privacy when communicating between applications? A Whole-disk encryption B Advanced application-specific integrated circuits (ASICs)
D Compromised API credentials - CORRECT ANSWERS-D Which risk is associated with malicious and accidental dangers to a cloud infrastructure? A Regulatory noncompliance B Natural disasters C Personnel threats D External attacks - CORRECT ANSWERS-C Which cloud-specific risk must be considered when moving infrastructure operations to the cloud? A Natural disasters B Lack of physical access C Denial of service D Regulatory violations - CORRECT ANSWERS-B Which risk is controlled by implementing a private cloud? A Eavesdropping B Unauthorized access C Denial-of-service (DoS) D Physical security - CORRECT ANSWERS-D Which countermeasure enhances redundancy for physical facilities hosting cloud equipment during the threat of a power outage? A Tier 2 network access providers B Radio frequency interference (RFI) blocking devices C Multiple and independent power circuits to all racks D Automated license plate readers (ALPR) at entry points - CORRECT ANSWERS-C Which countermeasure helps mitigate the risk of stolen credentials for cloud-based platforms? A Key management B Multifactor authentication C Data sanitization D Host lockdown - CORRECT ANSWERS-B Which control helps mitigate the risk of sensitive information leaving the cloud environment? A Web application firewall (WAF)
B Disaster recovery plan (DRP) C Identity and access management (IAM) D Data loss prevention (DLP) - CORRECT ANSWERS-D Which countermeasure mitigates the risk of a rogue cloud administrator? A Multifactor authentication B Data encryption C Platform orchestration D Logging and monitoring - CORRECT ANSWERS-D Which consideration should be taken into account when reviewing a cloud service provider's risk of potential outage time? A The type of database B The amount of cloud service offerings C The unique history of the provider D The provider's support services - CORRECT ANSWERS-C Which cloud security control eliminates the risk of a virtualization guest escape from another tenant? A Dedicated hosting B Hardware hypervisor C File integrity monitor D Immutable virtual machines - CORRECT ANSWERS-A Which cloud security control is a countermeasure for man-in-the-middle attacks? A Backing up data offsite B Reviewing log data C Using block data storage D Encrypting data in transit - CORRECT ANSWERS-D Which data retention policy controls how long health insurance portability and accountability act (HIPAA) data can be archived? A Applicable regulation B Data classification C Enforcement D Maintenance - CORRECT ANSWERS-A Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster?
