WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OBJECTIVE ASSESSMENT / WGU C838 OA
PREPARATION/WGU C838 OA PRACTICE WITH COMPLETE
100 QUESTIONS AND ANSWERS LATEST |A+ GRADE
ASSURED
Question 1
Which of the following cloud service models gives the customer the most
control over the underlying infrastructure?
A) Software as a Service (SaaS)
B) Platform as a Service (PaaS)
C) Infrastructure as a Service (IaaS)
D) Function as a Service (FaaS)
E) Security as a Service (SecaaS)
Correct Answer: C) Infrastructure as a Service (IaaS)
Rationale: In IaaS, the cloud provider manages the virtualization,
servers, storage, and networking, but the customer retains
significant control over operating systems, applications, data, and
some network components.
Question 2
According to the Cloud Security Alliance (CSA), which security domain
addresses the legal and contractual agreements between the cloud provider
and the customer?
A) Information Governance
B) Legal and Contracts
C) Risk Management
D) Data Sovereignty
E) Compliance
Correct Answer: B) Legal and Contracts
Rationale: The CSA Star program and its domains, such as the CSA
CCM, specifically identify "Legal and Contracts" as a domain focused
on the legal aspects and agreements governing cloud services.
Question 3
What is the primary characteristic of a "Shared Responsibility Model" in cloud
security?
A) The cloud provider is solely responsible for all security.
B) The customer is solely responsible for all security.
C) Security responsibilities are divided between the cloud provider
and the cloud customer.
D) Security responsibilities are handled by a third-party auditor.
E) Security is not a concern in the cloud.
,Correct Answer: C) Security responsibilities are divided between the
cloud provider and the cloud customer.
Rationale: The shared responsibility model defines which security
tasks the cloud provider is responsible for and which the customer
is responsible for, depending on the service model (IaaS, PaaS,
SaaS).
Question 4
Which of the following is a common security concern unique to a public cloud
environment compared to an on-premises data center?
A) Physical security of servers.
B) Network firewalls.
C) Data sovereignty and compliance across multiple geographic
regions.
D) Endpoint protection.
E) Access control for internal users.
Correct Answer: C) Data sovereignty and compliance across multiple
geographic regions.
Rationale: In a public cloud, data can be stored in various
geographic locations, raising complex issues regarding which
country's laws apply to the data (data sovereignty) and how to
maintain compliance with diverse regulations.
Question 5
What is "Cloud Access Security Broker" (CASB) primarily used for?
A) To encrypt data stored in the cloud.
B) To provide a secure VPN connection to the cloud.
C) To enforce security policies between cloud consumers and cloud
providers.
D) To manage identity and access within the cloud.
E) To monitor network traffic within a single cloud provider.
Correct Answer: C) To enforce security policies between cloud
consumers and cloud providers.
Rationale: CASBs act as intermediaries between cloud users and
cloud applications, extending on-premises security policies to the
cloud, providing visibility, data security, threat protection, and
compliance assurance.
Question 6
Which aspect of cloud security focuses on ensuring that data is accurate,
complete, and protected from unauthorized modification?
,A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
E) Resiliency
Correct Answer: B) Integrity
Rationale: Data integrity ensures that data has not been altered or
destroyed in an unauthorized manner, maintaining its accuracy and
trustworthiness.
Question 7
A cloud customer is migrating a legacy application to an IaaS environment.
Who is primarily responsible for patching the operating system of the virtual
machines?
A) The cloud provider.
B) A third-party security vendor.
C) The cloud customer.
D) An automated patching service managed by the provider.
E) It is not required in IaaS.
Correct Answer: C) The cloud customer.
Rationale: In the IaaS model, the cloud customer is responsible for
the guest operating system, including patching, configuration, and
security of applications running on top of it.
Question 8
Which threat involves an attacker sending deceptive emails or messages
that appear to be from a legitimate source to trick cloud users into revealing
sensitive information?
A) Malware
B) Phishing
C) Denial of Service (DoS)
D) Insider threat
E) Cloud jacking
Correct Answer: B) Phishing
Rationale: Phishing attacks are a common social engineering
technique used to compromise cloud credentials by tricking users
into providing sensitive information through fraudulent
communications.
Question 9
What is the primary benefit of using Identity and Access Management (IAM)
, solutions in the cloud?
A) To encrypt all data in transit.
B) To manage network firewalls.
C) To securely manage and control who can access specific cloud
resources and what actions they can perform.
D) To detect and prevent DDoS attacks.
E) To provide physical security for cloud data centers.
Correct Answer: C) To securely manage and control who can access
specific cloud resources and what actions they can perform.
Rationale: IAM is fundamental to cloud security, providing the
framework to define and enforce access policies, authenticate
users, and authorize their actions on cloud resources.
Question 10
Which type of cloud deployment model is characterized by resources being
exclusively operated by a single organization?
A) Public cloud
B) Private cloud
C) Hybrid cloud
D) Community cloud
E) Multi-cloud
Correct Answer: B) Private cloud
Rationale: A private cloud is cloud infrastructure operated solely for
a single organization, whether managed internally or by a third
party, and can be on-premises or off-premises.
Question 11
What does "Data Sovereignty" refer to in cloud computing?
A) The ability to move data between different cloud providers.
B) The customer's ownership of their data.
C) The legal jurisdiction (laws) that applies to data based on its
physical location.
D) The encryption of data at rest.
E) The right to access your own data.
Correct Answer: C) The legal jurisdiction (laws) that applies to data
based on its physical location.
Rationale: Data sovereignty is a critical concern in cloud computing,
as the physical location of data determines which country's laws and
regulations (e.g., privacy, data retention) apply to it.
OBJECTIVE ASSESSMENT / WGU C838 OA
PREPARATION/WGU C838 OA PRACTICE WITH COMPLETE
100 QUESTIONS AND ANSWERS LATEST |A+ GRADE
ASSURED
Question 1
Which of the following cloud service models gives the customer the most
control over the underlying infrastructure?
A) Software as a Service (SaaS)
B) Platform as a Service (PaaS)
C) Infrastructure as a Service (IaaS)
D) Function as a Service (FaaS)
E) Security as a Service (SecaaS)
Correct Answer: C) Infrastructure as a Service (IaaS)
Rationale: In IaaS, the cloud provider manages the virtualization,
servers, storage, and networking, but the customer retains
significant control over operating systems, applications, data, and
some network components.
Question 2
According to the Cloud Security Alliance (CSA), which security domain
addresses the legal and contractual agreements between the cloud provider
and the customer?
A) Information Governance
B) Legal and Contracts
C) Risk Management
D) Data Sovereignty
E) Compliance
Correct Answer: B) Legal and Contracts
Rationale: The CSA Star program and its domains, such as the CSA
CCM, specifically identify "Legal and Contracts" as a domain focused
on the legal aspects and agreements governing cloud services.
Question 3
What is the primary characteristic of a "Shared Responsibility Model" in cloud
security?
A) The cloud provider is solely responsible for all security.
B) The customer is solely responsible for all security.
C) Security responsibilities are divided between the cloud provider
and the cloud customer.
D) Security responsibilities are handled by a third-party auditor.
E) Security is not a concern in the cloud.
,Correct Answer: C) Security responsibilities are divided between the
cloud provider and the cloud customer.
Rationale: The shared responsibility model defines which security
tasks the cloud provider is responsible for and which the customer
is responsible for, depending on the service model (IaaS, PaaS,
SaaS).
Question 4
Which of the following is a common security concern unique to a public cloud
environment compared to an on-premises data center?
A) Physical security of servers.
B) Network firewalls.
C) Data sovereignty and compliance across multiple geographic
regions.
D) Endpoint protection.
E) Access control for internal users.
Correct Answer: C) Data sovereignty and compliance across multiple
geographic regions.
Rationale: In a public cloud, data can be stored in various
geographic locations, raising complex issues regarding which
country's laws apply to the data (data sovereignty) and how to
maintain compliance with diverse regulations.
Question 5
What is "Cloud Access Security Broker" (CASB) primarily used for?
A) To encrypt data stored in the cloud.
B) To provide a secure VPN connection to the cloud.
C) To enforce security policies between cloud consumers and cloud
providers.
D) To manage identity and access within the cloud.
E) To monitor network traffic within a single cloud provider.
Correct Answer: C) To enforce security policies between cloud
consumers and cloud providers.
Rationale: CASBs act as intermediaries between cloud users and
cloud applications, extending on-premises security policies to the
cloud, providing visibility, data security, threat protection, and
compliance assurance.
Question 6
Which aspect of cloud security focuses on ensuring that data is accurate,
complete, and protected from unauthorized modification?
,A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
E) Resiliency
Correct Answer: B) Integrity
Rationale: Data integrity ensures that data has not been altered or
destroyed in an unauthorized manner, maintaining its accuracy and
trustworthiness.
Question 7
A cloud customer is migrating a legacy application to an IaaS environment.
Who is primarily responsible for patching the operating system of the virtual
machines?
A) The cloud provider.
B) A third-party security vendor.
C) The cloud customer.
D) An automated patching service managed by the provider.
E) It is not required in IaaS.
Correct Answer: C) The cloud customer.
Rationale: In the IaaS model, the cloud customer is responsible for
the guest operating system, including patching, configuration, and
security of applications running on top of it.
Question 8
Which threat involves an attacker sending deceptive emails or messages
that appear to be from a legitimate source to trick cloud users into revealing
sensitive information?
A) Malware
B) Phishing
C) Denial of Service (DoS)
D) Insider threat
E) Cloud jacking
Correct Answer: B) Phishing
Rationale: Phishing attacks are a common social engineering
technique used to compromise cloud credentials by tricking users
into providing sensitive information through fraudulent
communications.
Question 9
What is the primary benefit of using Identity and Access Management (IAM)
, solutions in the cloud?
A) To encrypt all data in transit.
B) To manage network firewalls.
C) To securely manage and control who can access specific cloud
resources and what actions they can perform.
D) To detect and prevent DDoS attacks.
E) To provide physical security for cloud data centers.
Correct Answer: C) To securely manage and control who can access
specific cloud resources and what actions they can perform.
Rationale: IAM is fundamental to cloud security, providing the
framework to define and enforce access policies, authenticate
users, and authorize their actions on cloud resources.
Question 10
Which type of cloud deployment model is characterized by resources being
exclusively operated by a single organization?
A) Public cloud
B) Private cloud
C) Hybrid cloud
D) Community cloud
E) Multi-cloud
Correct Answer: B) Private cloud
Rationale: A private cloud is cloud infrastructure operated solely for
a single organization, whether managed internally or by a third
party, and can be on-premises or off-premises.
Question 11
What does "Data Sovereignty" refer to in cloud computing?
A) The ability to move data between different cloud providers.
B) The customer's ownership of their data.
C) The legal jurisdiction (laws) that applies to data based on its
physical location.
D) The encryption of data at rest.
E) The right to access your own data.
Correct Answer: C) The legal jurisdiction (laws) that applies to data
based on its physical location.
Rationale: Data sovereignty is a critical concern in cloud computing,
as the physical location of data determines which country's laws and
regulations (e.g., privacy, data retention) apply to it.
