WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
Which phase of the cloud data life cycle allows both read and process functions to be
performed?
A Create
B Archive
C Store
D Share - ansA
Which phase of the cloud data security life cycle typically occurs simultaneously with
creation?
A Share
B Store
C Use
D Destroy - ansB
Which phase of the cloud data life cycle uses content delivery networks?
A Destroy
B Archive
C Share
D Create - ansC
Which phase of the cloud data life cycle is associated with crypto-shredding?
A Share
B Use
C Destroy
D Store - ansC
Which cloud data storage architecture allows sensitive data to be replaced with unique
identification symbols that retain all the essential information about the data without
compromising its security?
A Randomization
B Obfuscation
C Anonymization
D Tokenization - ansD
Which methodology could cloud data storage utilize to encrypt all data associated in an
infrastructure as a service (IaaS) deployment model?
A Sandbox encryption
B Polymorphic encryption
C Client-side encryption
,WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
D Whole-instance encryption - ansD
There is a threat to a banking cloud platform service. The developer needs to provide
inclusion in a relational database that is seamless and readily searchable by search engine
algorithms.
Which platform as a service (PaaS) data type should be used?
A Short-term storage
B Structured
C Unstructured
D Long-term storage - ansB
Which platform as a service (PaaS) storage architecture should be used if an organization
wants to store presentations, documents, and audio files?
A Relational database
B Block
C Distributed
D Object - ansD
Which technique scrambles the content of data using a mathematical algorithm while keeping
the structural arrangement of the data?
A Dynamic masking
B Format-preserving encryption
C Proxy-based encryption
D Tokenization - ansB
Which encryption technique connects the instance to the encryption instance that handles all
crypto operations?
A Database
B Proxy
C Externally managed
D Server-side - ansB
Which type of control should be used to implement custom controls that safeguard data?
A Public and internal sharing
B Options for access
C Management plane
D Application level - ansD
Which element is protected by an encryption system?
,WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
A Ciphertext
B Management engine
C Data
D Public key - ansC
A cloud administrator recommends using tokenization as an alternative to protecting data
without encryption. The administrator needs to make an authorized application request to
access the data.
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
B The tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ansD
A company has recently defined classification levels for its data.
During which phase of the cloud data life cycle should this definition occur?
A Use
B Create
C Share
D Archive - ansB
Which jurisdictional data protection includes dealing with the international transfer of data?
A Financial modernization
B Secure choice authorization (SCA)
C Sarbanes-Oxley act (SOX)
D Privacy regulation - ansD
Which jurisdictional data protection controls the ways that financial institutions deal with the
private information of individuals?
A Stored communications act (SCA)
B Health insurance portability and accountability act (HIPAA)
C Gramm-Leach-Bliley act (GLBA)
D Sarbanes-Oxley act (SOX) - ansC
Which jurisdictional data protection safeguards protected health information (PHI)?
A Directive 95/46/EC
B Safe harbor regime
C Personal Data Protection Act of 2000
, WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
D Health Insurance Portability and Accountability Act (HIPAA) - ansD
How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud?
A Contractual agreements
B Third-party audits and attestations
C e-Discovery process
D Researching data retention laws - ansB
Which security strategy is associated with data rights management solutions?
A Unrestricted replication
B Limited documents type support
C Static policy control
D Continuous auditing - ansD
Who retains final ownership for granting data access and permissions in a shared
responsibility model?
A Customer
B Developer
C Manager
D Analyst - ansA
Which data retention solution should be applied to a file in order to reduce the data footprint
by deleting fixed content and duplicate data?
A Backup
B Caching
C Archiving
D Saving - ansC
Which data retention method is stored with a minimal amount of metadata storage with the
content?
A File system
B Redundant array
C Object-based
D Block-based - ansD
What is a key capability of security information and event management?
A Intrusion prevention capabilities
B Automatic remediation of issues
C Centralized collection of log data
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
Which phase of the cloud data life cycle allows both read and process functions to be
performed?
A Create
B Archive
C Store
D Share - ansA
Which phase of the cloud data security life cycle typically occurs simultaneously with
creation?
A Share
B Store
C Use
D Destroy - ansB
Which phase of the cloud data life cycle uses content delivery networks?
A Destroy
B Archive
C Share
D Create - ansC
Which phase of the cloud data life cycle is associated with crypto-shredding?
A Share
B Use
C Destroy
D Store - ansC
Which cloud data storage architecture allows sensitive data to be replaced with unique
identification symbols that retain all the essential information about the data without
compromising its security?
A Randomization
B Obfuscation
C Anonymization
D Tokenization - ansD
Which methodology could cloud data storage utilize to encrypt all data associated in an
infrastructure as a service (IaaS) deployment model?
A Sandbox encryption
B Polymorphic encryption
C Client-side encryption
,WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
D Whole-instance encryption - ansD
There is a threat to a banking cloud platform service. The developer needs to provide
inclusion in a relational database that is seamless and readily searchable by search engine
algorithms.
Which platform as a service (PaaS) data type should be used?
A Short-term storage
B Structured
C Unstructured
D Long-term storage - ansB
Which platform as a service (PaaS) storage architecture should be used if an organization
wants to store presentations, documents, and audio files?
A Relational database
B Block
C Distributed
D Object - ansD
Which technique scrambles the content of data using a mathematical algorithm while keeping
the structural arrangement of the data?
A Dynamic masking
B Format-preserving encryption
C Proxy-based encryption
D Tokenization - ansB
Which encryption technique connects the instance to the encryption instance that handles all
crypto operations?
A Database
B Proxy
C Externally managed
D Server-side - ansB
Which type of control should be used to implement custom controls that safeguard data?
A Public and internal sharing
B Options for access
C Management plane
D Application level - ansD
Which element is protected by an encryption system?
,WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
A Ciphertext
B Management engine
C Data
D Public key - ansC
A cloud administrator recommends using tokenization as an alternative to protecting data
without encryption. The administrator needs to make an authorized application request to
access the data.
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
B The tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ansD
A company has recently defined classification levels for its data.
During which phase of the cloud data life cycle should this definition occur?
A Use
B Create
C Share
D Archive - ansB
Which jurisdictional data protection includes dealing with the international transfer of data?
A Financial modernization
B Secure choice authorization (SCA)
C Sarbanes-Oxley act (SOX)
D Privacy regulation - ansD
Which jurisdictional data protection controls the ways that financial institutions deal with the
private information of individuals?
A Stored communications act (SCA)
B Health insurance portability and accountability act (HIPAA)
C Gramm-Leach-Bliley act (GLBA)
D Sarbanes-Oxley act (SOX) - ansC
Which jurisdictional data protection safeguards protected health information (PHI)?
A Directive 95/46/EC
B Safe harbor regime
C Personal Data Protection Act of 2000
, WGU Course C838 - Managing Cloud
Security (CCSP). A Comprehensive
Exam Study Guide by Brian
MacFarlane.
Latest Updated 2025/2026
D Health Insurance Portability and Accountability Act (HIPAA) - ansD
How is the compliance of the cloud service provider's legal and regulatory requirements
verified when securing personally identifiable information (PII) data in the cloud?
A Contractual agreements
B Third-party audits and attestations
C e-Discovery process
D Researching data retention laws - ansB
Which security strategy is associated with data rights management solutions?
A Unrestricted replication
B Limited documents type support
C Static policy control
D Continuous auditing - ansD
Who retains final ownership for granting data access and permissions in a shared
responsibility model?
A Customer
B Developer
C Manager
D Analyst - ansA
Which data retention solution should be applied to a file in order to reduce the data footprint
by deleting fixed content and duplicate data?
A Backup
B Caching
C Archiving
D Saving - ansC
Which data retention method is stored with a minimal amount of metadata storage with the
content?
A File system
B Redundant array
C Object-based
D Block-based - ansD
What is a key capability of security information and event management?
A Intrusion prevention capabilities
B Automatic remediation of issues
C Centralized collection of log data
