WGU C838 OBJECTIVE ASSESSMENT LATEST
20232024 / WGU C838 OA EXAM TEST BANK ACTUAL
EXAM 230 QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES (VERIFIED ANSWERS)
|ALREADY GRADED A+
"A cloud administrator recommends using tokenization as an alternative to protecting data without
encryption. The administrator needs to make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
(A) The application collects a token.
(B) The application stores the token.
(C) The tokenization server generates the token.
(D) The tokenization server returns the token to the application." - answer-(B) The application stores the
token
"A cloud customer is setting up communication paths with the cloud service provider that will be used in
the event of an incident.
Which action facilitates this type of communication?
(A) Using existing open standards
(B) Incorporating checks on API calls
(C) Identifying key risk indicators (KRIs)
(D) Performing a vulnerability assessment" - answer-Using existing open standards
"A company has recently defined classification levels for its data. During which phase of the cloud data
life cycle should this definition occur?
(A) Use
(B) Share
(C) Create
(D) Archive" - answer-Create
,"A CSP operating in Australia experiences a security breach that results in disclosure of personal
information that is likely to result in serious harm. Who is the CSP legally required to notify?
(A) Cloud Security Alliance
(B) Information commissioner
(C) Australian privacy foundation
(D) Asian-Paci?c privacy control board" - answer-Information commissioner
"A CSP provides services in European Union (EU) countries that are subject to the network information
security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the
essential services being provided.
Who is the CSP required to notify under the NIS directive?
(A) Competent authorities
(B) Data protection regulator
(C) Provider's services suppliers
(D) Personal Information Protection Commission" - answer-Competent authorities
"An architect needs to constrain problems to a level that can be controlled when the problem exceeds
the capabilities of disaster recovery (DR) controls.
Which aspect of the plan will provide this guarantee?
(A) Ensuring data backups
(B) Managing plane controls
(C) Handling provider outages
(D) Evaluating portability alternatives" - answer-Handling provider outages
"How do immutable workloads effect security overhead?
(A) They reduce the management of the hosts.
(B) They create patches for a running workload.
(C) They restrict the amount of instances in a cluster.
(D) They automatically perform vulnerability scanning as they launch." - answer-They reduce the
management of the hosts
, "How is the compliance of the cloud service provider's legal and regulatory requirements verified when
securing personally identifiable information (PII) data in the cloud?
(A) E-discovery process
(B) Contractual agreements
(C) Researching data retention laws
(D) Third-party audits and attestations" - answer-Third-party audits and attestations
"In which situation could cloud clients find it impossible to recover or access their own data if their cloud
provider goes bankrupt?
(A) Multicloud
(B) Multitenant
(C) Vendor lock-in
(D) Vendor lock-out" - answer-Vendor lock-out
"The security administrator for a global cloud services provider (CSP) is required to globally standardize
the approaches for using forensics methodologies in the organization.
Which standard should be applied?
(A) Sarbanes-Oxley act (SOX)
(B) Cloud controls matrix (CCM)
(C) International electrotechnical commission (IEC) 27037
(D) International organization for standardization (ISO) 27050-1" - answer-International organization for
standardization (ISO) 27050-1
"There is a threat to a banking cloud platform service. The developer needs to provide inclusion in a
relational database that is seamless and readily searchable by search engine algorithms. Which platform
as a service (PaaS) data type should be used?
(A) Structured
(B) Unstructured
(C) Long-term storage
(D) Short-term storage" - answer-Structured
20232024 / WGU C838 OA EXAM TEST BANK ACTUAL
EXAM 230 QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES (VERIFIED ANSWERS)
|ALREADY GRADED A+
"A cloud administrator recommends using tokenization as an alternative to protecting data without
encryption. The administrator needs to make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
(A) The application collects a token.
(B) The application stores the token.
(C) The tokenization server generates the token.
(D) The tokenization server returns the token to the application." - answer-(B) The application stores the
token
"A cloud customer is setting up communication paths with the cloud service provider that will be used in
the event of an incident.
Which action facilitates this type of communication?
(A) Using existing open standards
(B) Incorporating checks on API calls
(C) Identifying key risk indicators (KRIs)
(D) Performing a vulnerability assessment" - answer-Using existing open standards
"A company has recently defined classification levels for its data. During which phase of the cloud data
life cycle should this definition occur?
(A) Use
(B) Share
(C) Create
(D) Archive" - answer-Create
,"A CSP operating in Australia experiences a security breach that results in disclosure of personal
information that is likely to result in serious harm. Who is the CSP legally required to notify?
(A) Cloud Security Alliance
(B) Information commissioner
(C) Australian privacy foundation
(D) Asian-Paci?c privacy control board" - answer-Information commissioner
"A CSP provides services in European Union (EU) countries that are subject to the network information
security (NIS) directive. The CSP experiences an incident that significantly affects the continuity of the
essential services being provided.
Who is the CSP required to notify under the NIS directive?
(A) Competent authorities
(B) Data protection regulator
(C) Provider's services suppliers
(D) Personal Information Protection Commission" - answer-Competent authorities
"An architect needs to constrain problems to a level that can be controlled when the problem exceeds
the capabilities of disaster recovery (DR) controls.
Which aspect of the plan will provide this guarantee?
(A) Ensuring data backups
(B) Managing plane controls
(C) Handling provider outages
(D) Evaluating portability alternatives" - answer-Handling provider outages
"How do immutable workloads effect security overhead?
(A) They reduce the management of the hosts.
(B) They create patches for a running workload.
(C) They restrict the amount of instances in a cluster.
(D) They automatically perform vulnerability scanning as they launch." - answer-They reduce the
management of the hosts
, "How is the compliance of the cloud service provider's legal and regulatory requirements verified when
securing personally identifiable information (PII) data in the cloud?
(A) E-discovery process
(B) Contractual agreements
(C) Researching data retention laws
(D) Third-party audits and attestations" - answer-Third-party audits and attestations
"In which situation could cloud clients find it impossible to recover or access their own data if their cloud
provider goes bankrupt?
(A) Multicloud
(B) Multitenant
(C) Vendor lock-in
(D) Vendor lock-out" - answer-Vendor lock-out
"The security administrator for a global cloud services provider (CSP) is required to globally standardize
the approaches for using forensics methodologies in the organization.
Which standard should be applied?
(A) Sarbanes-Oxley act (SOX)
(B) Cloud controls matrix (CCM)
(C) International electrotechnical commission (IEC) 27037
(D) International organization for standardization (ISO) 27050-1" - answer-International organization for
standardization (ISO) 27050-1
"There is a threat to a banking cloud platform service. The developer needs to provide inclusion in a
relational database that is seamless and readily searchable by search engine algorithms. Which platform
as a service (PaaS) data type should be used?
(A) Structured
(B) Unstructured
(C) Long-term storage
(D) Short-term storage" - answer-Structured
