MANAGING CLOUD SECURITY| QUESTIONS & ANSWERS
(LATEST UPDATE )
THIS DOCUMENT CONTAINS:
❖WGU D320/ CCSP EXAM
❖MANAGING CLOUD SECURITY
❖QUESTIONS & ANSWERS
❖EACH QUESTION INCLUDES RATIONALES
❖{LATEST UPDATE 2026 /27}
❖GRADE A
❖100% GUARANTEED PASS
,**1. The management plane is use to administer a cloud environment and perform administrative tasks
across a variety of systems, but most specifically it's used with the hypervisors.
What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
The management plane uses APIs to execute remote calls across the cloud environment to
various management systems, especially hypervisors. This allows a centralized
administrative interface, often a web portal, to orchestrate tasks throughout an
enterprise. Scripts may be
utilized to execute API calls, but they are not used directly to interact with systems. XML
is used for data encoding and transmission, but not for executing remote calls. TLS is
used to encrypt
communications and may be used with API calls, but it is not the actual process for
executing commands.
**2. When dealing with PII, which category pertains to those requirements that
can carry legal sanctions or penalties for failure to adequately safeguard the data
and address compliance requirements?
A. Contractual
B. Jurisdictional
,C. Regulated
D. Legal
Regulated PII pertains to data that is outlined in law and regulations. Violations of the
requirements for the protection of regulated PII can carry legal sanctions or penalties.
Contractual PII involves required data protection that is determined by the actual service
contract between the cloud provider and cloud customer, rather than outlined by law.
Violations of the provisions of contractual PII carry potential financial or contractual
implications, but not legal
sanctions. Legal and jurisdictional are similar terms to regulated, but neither is the
official term used.
**3. Although the united states does not have a single, comprehensive privacy and
regulatory framework, a number of specific regulations pertain to types of data or
populations.
Which of the following is NOT a regulatory system from the United States federal
government?
A. HIPAA
B. SOX
C. FISMA
D. PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations
that
handle credit card transactions and is an industry-regulatory standard, not a
governmental one.
The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and
reporting, as well as transparency requirements for shareholders and other
stakeholders. The Health Insurance and Portability Act (HIPAA) was passed in 1996
and pertains to data privacy
and security for medical records. FISMA refers to the Federal Information Security
Management Act of 2002 and pertains to the protection of all US federal government
IT systems, with the
exception of national security systems.
, WGU D320/ CCSP Exam – Managing Cloud
Security (Latest Update )
Questions & Answers | Grade A | 100%
Correct
**4. The president of your company has tsked you with implementing cloud services as the
most
efficient way of obtaining a robust disaster recovery configuration for your production
services.
Which of the cloud deployment models would you MOST likely be exploring?
A. Hybrid
B. Private
C. Community
D. Public
** RATIONALE**
A hybrid cloud model spans two more different hosting configurations or cloud providers.
This would enable an organization to continue using its current hosting configuration,
while adding additional cloud services to enable disaster recovery capabilities. The other
cloud deployment models--public, private, and community--would not be applicable for
seeking a disaster recovery configuration where cloud services are to be leveraged for that
purpose rather than production
service hosting.
**5. If you are running an application that has strict legal requirements that the data
cannot reside on systems that contain other applications or systems, which aspect of
cloud computing would be prohibitive in this case?
A. Multitenancy
B. Broad network access
C. Portability