WGU D485 DGN2 Task 1: SWBTL LLC Cloud Security
Implementation Plan ACTUAL EXAM QUESTIONS AND
CORRECT VERIFIED SOLUTIONS LATEST UPDATE THIS YEAR –
JUST RELEASED
WGU D485 DGN2 Task 1: SWBTL LLC Cloud Security Implementation Plan
Executive Summary & Business Requirements Analysis (Core Framework)
This is the highest-weighted section of the assessment. Students must evaluate the current
cloud migration challenges facing SWBTL LLC, identify security gaps, analyze business
requirements, and develop a cloud security implementation strategy aligned with organizational
goals. The scenario centers on SWBTL LLC's migration to Microsoft Azure after the departure of
a key cloud consultant, resulting in security, compliance, and operational concerns.
Cloud Service Models & Azure Solution Selection
Evaluation of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a
Service (SaaS) models. Students must justify the selected service model based on SWBTL LLC's
operational, security, and compliance requirements. Understanding the shared responsibility
model is essential.
Azure Role-Based Access Control (RBAC)
One of the most heavily tested components of the task. Students identify and implement RBAC
configurations using the Principle of Least Privilege. Resource access should be restricted
according to departmental responsibilities through Azure Entra ID groups, role assignments, and
resource group permissions.
Identity & Access Management (IAM)
Authentication controls, authorization methods, user provisioning, privileged account
management, administrative role separation, multi-factor authentication (MFA), and identity
governance within Microsoft Azure.
Compliance Requirements (PCI DSS & FISMA)
SWBTL LLC processes payment card data and maintains government contracts, requiring
alignment with:
Payment Card Industry Data Security Standard (PCI DSS)
Federal Information Security Modernization Act (FISMA)
Students must recommend controls that support regulatory compliance in the Azure
environment.
, Page 2 of 206
Data Protection & Encryption
Implementation of:
Encryption at rest
Encryption in transit
Azure Key Vault
Key management procedures
Secure storage configurations
Data confidentiality controls
Protection of sensitive customer and organizational data is a major assessment focus.
Azure Key Vault Security
Configuration and management of:
Secrets
Encryption keys
Certificates
Access policies
Key lifecycle management
Students are commonly required to justify the use of Key Vault for protecting sensitive assets.
Backup & Disaster Recovery Planning
Backup architecture, recovery objectives, redundancy, business continuity planning, Azure
Backup services, and disaster recovery strategies designed to maintain availability and resiliency.
Backup implementation is repeatedly identified as a major task component.
Shared Responsibility Model
Students must identify security responsibilities retained by:
Microsoft Azure
SWBTL LLC
This includes physical infrastructure, identity management, data protection, operating systems,
applications, and compliance obligations.
Threat Identification & Risk Management
Assessment of cloud threats including:
Unauthorized access
, Page 3 of 206
Data breaches
Insider threats
Misconfigured resources
Privilege escalation
Credential theft
Ransomware
Service disruptions
Students must propose mitigation strategies and security controls.
Azure Security Best Practices
Implementation of:
Least privilege
Resource segmentation
Security monitoring
Logging and auditing
Secure configuration management
Governance controls
Security baselines
Security Monitoring & Incident Response
Monitoring through Azure-native security services, audit logs, alerting, incident detection,
response procedures, and continuous security assessment.
Documentation & Screenshot Evidence
The assessment requires extensive documentation and screenshots demonstrating successful
implementation of security controls within the Azure lab environment. Students are expected to
provide clear evidence of configurations performed.
WGU D485 DGN2 Task 1: SWBTL LLC Cloud Security Implementation Plan - 150 MCQ
Questions with Rationales
, Page 4 of 206
Question 1
SWBTL LLC is migrating to Microsoft Azure following the departure of a key cloud consultant.
Which is the primary security concern the company faces as a result of this transition?
A) Increased cloud costs and budget overruns
B) Loss of institutional knowledge and potential security gaps
C) Incompatibility with existing on-premises hardware
D) Lack of available Azure subscription tiers
Answer: B) Loss of institutional knowledge and potential security gaps
Rationale: The departure of the key cloud consultant has created a knowledge gap, leaving
SWBTL LLC without the expertise needed to maintain their Azure environment securely. This
necessitates a structured cloud security implementation plan to identify and address security
vulnerabilities.
Question 2