WGU C838 OA EXAM 2025-2026 ACTUAL
EXAM QUESTIONS AND CORRECT DETAILED
ANSWERS
Which phase of the cloud data lifecycle allows both read and process functions to be
performed? - ANSWER-Create
Which technique scrambles the content of data using a mathematical algorithm while
keeping the structural arrangement of the data? - ANSWER-Format-preserving
encryption
Which encryption technique connects the instance to the encryption instance that
handles all crypto operations? - ANSWER-Proxy
Which type of control should be used to implement custom controls that safeguard
data? - ANSWER-Application level
A cloud administrator recommends using tokenization as an alternative to protecting
data without encryption. The administrator needs to make an authorized application
request to access the data. Which step should occur immediately before this action is
taken? - ANSWER-The application stores the token
A company has recently defined classification levels for its data. During which phase of
the cloud data life cycle should this definition occur? - ANSWER-Create
How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud? -
ANSWER-Third party audits and attestations
Which security strategy is associated with data rights management solutions? -
ANSWER-Continuous auditing
What is a key capability of security information and event management? - ANSWER-
Centralized collection of big data
A security analyst is investigating an incident of access to a resource from an
unauthorized location. Which data source should the security analyst use to investigate
the incident? - ANSWER-Packet capture file
, Which message type is generated from software systems to troubleshoot and identify
problems with running application codes? - ANSWER-Debug
Which cloud computing tool is used to discover internal use of cloud services using
various mechanisms such as network monitoring? - ANSWER-Cloud access security
broker (CASB)
Which cloud model provides data location assurance? - ANSWER-Private
Which technology allows an organization to control access to sensitive documents
stored in the cloud? - ANSWER-Digital rights management
How do immutable workloads effect security overhead? - ANSWER-They reduce the
management of the host
Which design principle of secure cloud computing ensures that users can utilize data
and applications from around the globe? - ANSWER-Broad network access
Which standard addresses practices related to acquisition of forensic artifacts and can
be directly applied to a cloud environment? - ANSWER-ISO/IEC 27050-1
Which technology allows an administrator to remotely manage a fleet of servers? -
ANSWER-Management plane
What part of the logical infrastructure design is used to configure cloud resources, such
as launching virtual machines or configuring virtual networks? - ANSWER-Management
plane
Which action enhances cloud security application deployment through standards such
as ISO/IEC 27034 for the development, acquisition, and configuration of software
systems? - ANSWER-Applying the steps of a cloud software development life cycle
Which element is a cloud virtualization risk? - ANSWER-Guest isolation
The security administrator for a global cloud services provider (CSP) is required to
globally standardize the approaches for using forensics methodologies in the
organization. Which standard should be applied? - ANSWER-ISO 27050-1
EXAM QUESTIONS AND CORRECT DETAILED
ANSWERS
Which phase of the cloud data lifecycle allows both read and process functions to be
performed? - ANSWER-Create
Which technique scrambles the content of data using a mathematical algorithm while
keeping the structural arrangement of the data? - ANSWER-Format-preserving
encryption
Which encryption technique connects the instance to the encryption instance that
handles all crypto operations? - ANSWER-Proxy
Which type of control should be used to implement custom controls that safeguard
data? - ANSWER-Application level
A cloud administrator recommends using tokenization as an alternative to protecting
data without encryption. The administrator needs to make an authorized application
request to access the data. Which step should occur immediately before this action is
taken? - ANSWER-The application stores the token
A company has recently defined classification levels for its data. During which phase of
the cloud data life cycle should this definition occur? - ANSWER-Create
How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud? -
ANSWER-Third party audits and attestations
Which security strategy is associated with data rights management solutions? -
ANSWER-Continuous auditing
What is a key capability of security information and event management? - ANSWER-
Centralized collection of big data
A security analyst is investigating an incident of access to a resource from an
unauthorized location. Which data source should the security analyst use to investigate
the incident? - ANSWER-Packet capture file
, Which message type is generated from software systems to troubleshoot and identify
problems with running application codes? - ANSWER-Debug
Which cloud computing tool is used to discover internal use of cloud services using
various mechanisms such as network monitoring? - ANSWER-Cloud access security
broker (CASB)
Which cloud model provides data location assurance? - ANSWER-Private
Which technology allows an organization to control access to sensitive documents
stored in the cloud? - ANSWER-Digital rights management
How do immutable workloads effect security overhead? - ANSWER-They reduce the
management of the host
Which design principle of secure cloud computing ensures that users can utilize data
and applications from around the globe? - ANSWER-Broad network access
Which standard addresses practices related to acquisition of forensic artifacts and can
be directly applied to a cloud environment? - ANSWER-ISO/IEC 27050-1
Which technology allows an administrator to remotely manage a fleet of servers? -
ANSWER-Management plane
What part of the logical infrastructure design is used to configure cloud resources, such
as launching virtual machines or configuring virtual networks? - ANSWER-Management
plane
Which action enhances cloud security application deployment through standards such
as ISO/IEC 27034 for the development, acquisition, and configuration of software
systems? - ANSWER-Applying the steps of a cloud software development life cycle
Which element is a cloud virtualization risk? - ANSWER-Guest isolation
The security administrator for a global cloud services provider (CSP) is required to
globally standardize the approaches for using forensics methodologies in the
organization. Which standard should be applied? - ANSWER-ISO 27050-1
