WGU - D320 | WGU D320 ACTUAL FINAL | 105 COMPLETE
COMPREHENSIVE QUESTIONS AND CORRECT SOLUTIONS
OBJECTIVE ASSESSMENT NEWEST 2025 LATEST UPDATED
[ALREADY GRADED A+]
1: Implements Secure Solutions
Which technology should be implemented to ensure secure communication between on-site
enterprise systems and a cloud platform - (ANSWER)A. Domain Name System Security
Extensions (DNSSEC)
B. Internet Protocol Security (IPSec) VPN
C. Web Application Firewall (WAF)
D. Data Loss Prevention (DLP)
Correct Answer: B. Internet Protocol Security (IPSec) VPN
Explanation:
• IPSec VPN is designed to secure communication over an IP network. It encrypts the entire IP
packet for secure transmission between on-site systems and cloud platforms, ensuring data
integrity and confidentiality.
• DNSSEC ensures the integrity of DNS responses but doesn't provide secure communication
between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but is not used for
secure communication between systems.
,• DLP prevents data breaches by monitoring and controlling data flows, but it doesn't establish
secure communication channels.
2: Implements Operations
Which phase of the cloud data lifecycle is most likely to overlap with the 'Create' phase in terms
of implementing security controls - (ANSWER)A. Share
B. Store
C. Use
D. Destroy
Correct Answer: B. Store
Explanation:
• Store often overlaps with the Create phase because as soon as data is created, it usually needs to
be securely stored. Security controls, such as encryption, should be implemented at this stage.
• Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no longer needed.
3: Conducts Risk Management
Which risk management approach involves completely eliminating a risk because it exceeds the
organization's risk appetite - (ANSWER)A. Mitigation
,B. Avoidance
C. Transfer
D. Acceptance
Correct Answer: B. Avoidance
Explanation:
• Avoidance involves eliminating the risk entirely, typically when the potential impact is too
great or when controls cannot adequately reduce the risk to an acceptable level.
• Mitigation involves reducing the risk to an acceptable level.
• Transfer involves shifting the risk to a third party, such as through insurance.
• Acceptance involves acknowledging the risk and choosing to bear it without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which United States law focuses specifically on the privacy of financial information -
(ANSWER)A. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act (SOX)
C. Gramm-Leach-Bliley Act (GLBA)
D. Safe Harbor
Correct Answer: C. Gramm-Leach-Bliley Act (GLBA)
Explanation:
, • GLBA is designed to protect consumer financial privacy by setting regulations for how
financial institutions handle private data.
• HIPAA focuses on healthcare information.
• SOX is concerned with corporate financial practices and reporting.
• Safe Harbor was an agreement between the US and EU for data transfers, not specifically
financial privacy.
1: Implements Secure Solutions
Which technology is most effective in preventing unauthorized access to sensitive data by
ensuring it is unreadable without proper decryption keys - (ANSWER)A. Data Masking
B. Tokenization
C. Encryption
D. Obfuscation
Correct Answer: C. Encryption
Explanation: Encryption transforms readable data into an unreadable format using cryptographic
algorithms, making it inaccessible to unauthorized users. Tokenization and data masking are also
methods of protecting data, but they do not provide the same level of security as encryption.
Obfuscation is the process of making data more difficult to understand but is not intended to
prevent access.
COMPREHENSIVE QUESTIONS AND CORRECT SOLUTIONS
OBJECTIVE ASSESSMENT NEWEST 2025 LATEST UPDATED
[ALREADY GRADED A+]
1: Implements Secure Solutions
Which technology should be implemented to ensure secure communication between on-site
enterprise systems and a cloud platform - (ANSWER)A. Domain Name System Security
Extensions (DNSSEC)
B. Internet Protocol Security (IPSec) VPN
C. Web Application Firewall (WAF)
D. Data Loss Prevention (DLP)
Correct Answer: B. Internet Protocol Security (IPSec) VPN
Explanation:
• IPSec VPN is designed to secure communication over an IP network. It encrypts the entire IP
packet for secure transmission between on-site systems and cloud platforms, ensuring data
integrity and confidentiality.
• DNSSEC ensures the integrity of DNS responses but doesn't provide secure communication
between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but is not used for
secure communication between systems.
,• DLP prevents data breaches by monitoring and controlling data flows, but it doesn't establish
secure communication channels.
2: Implements Operations
Which phase of the cloud data lifecycle is most likely to overlap with the 'Create' phase in terms
of implementing security controls - (ANSWER)A. Share
B. Store
C. Use
D. Destroy
Correct Answer: B. Store
Explanation:
• Store often overlaps with the Create phase because as soon as data is created, it usually needs to
be securely stored. Security controls, such as encryption, should be implemented at this stage.
• Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no longer needed.
3: Conducts Risk Management
Which risk management approach involves completely eliminating a risk because it exceeds the
organization's risk appetite - (ANSWER)A. Mitigation
,B. Avoidance
C. Transfer
D. Acceptance
Correct Answer: B. Avoidance
Explanation:
• Avoidance involves eliminating the risk entirely, typically when the potential impact is too
great or when controls cannot adequately reduce the risk to an acceptable level.
• Mitigation involves reducing the risk to an acceptable level.
• Transfer involves shifting the risk to a third party, such as through insurance.
• Acceptance involves acknowledging the risk and choosing to bear it without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which United States law focuses specifically on the privacy of financial information -
(ANSWER)A. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act (SOX)
C. Gramm-Leach-Bliley Act (GLBA)
D. Safe Harbor
Correct Answer: C. Gramm-Leach-Bliley Act (GLBA)
Explanation:
, • GLBA is designed to protect consumer financial privacy by setting regulations for how
financial institutions handle private data.
• HIPAA focuses on healthcare information.
• SOX is concerned with corporate financial practices and reporting.
• Safe Harbor was an agreement between the US and EU for data transfers, not specifically
financial privacy.
1: Implements Secure Solutions
Which technology is most effective in preventing unauthorized access to sensitive data by
ensuring it is unreadable without proper decryption keys - (ANSWER)A. Data Masking
B. Tokenization
C. Encryption
D. Obfuscation
Correct Answer: C. Encryption
Explanation: Encryption transforms readable data into an unreadable format using cryptographic
algorithms, making it inaccessible to unauthorized users. Tokenization and data masking are also
methods of protecting data, but they do not provide the same level of security as encryption.
Obfuscation is the process of making data more difficult to understand but is not intended to
prevent access.
