WGU C425 OA 2025/2026 QUESTIONS WITH SOLUTIONS
GRADED A+
✔✔A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident. Which action facilitates this type of
communication? - ✔✔Using existing open standards
✔✔Which issue can be detected with static application security testing (SAST)? -
✔✔Threading
✔✔Which problem is known as a common supply chain risk? - ✔✔Data breaches
✔✔Which method should the cloud consumer use to secure the management plane of
the cloud service provider? - ✔✔Credential management
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications? - ✔✔Advanced application-specific
integrated circuits (ASICs)
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture? - ✔✔Private
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - ✔✔Technological controls
✔✔Which countermeasure mitigates the risk of a rogue cloud administrator? -
✔✔Logging and monitoring
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant? - ✔✔Dedicated hosting
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - ✔✔Application regulation
✔✔Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - ✔✔Level of resiliency
✔✔Where should the location be for the final data backup repository in the event that
the disaster recovery plan is enacted for the CSP of a disaster recovery (DR) service? -
✔✔Cloud platform
, ✔✔An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of
the plan will provide this guarantee? - ✔✔Handling provider outages
✔✔Which standard addresses the privacy aspects of cloud computing for consumers? -
✔✔ISO 27018:2014
✔✔Which international standard guide provides procedures for incident investigation
principles and processes? - ✔✔ISO/IEC 27043:2015
✔✔Which group is legally bound by the general data protection regulation (GDPR)? -
✔✔Only corporations that processes the data of EU citizens
✔✔Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - ✔✔Reporting to
the supervisory authority
✔✔Why is eDiscovery difficult in the cloud? - ✔✔The client lacks the credentials to
access the required data
✔✔Which artifact may be required as a data source for a compliance audit in a cloud
environment? - ✔✔Change management details
✔✔A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
✔✔Review traffic logs for the leased cloud resources
✔✔Which risk during the eDiscovery process would limit the usefulness of the
requested data from the cloud by third parties? - ✔✔Native production
✔✔Which type of control is important in order to achieve compliance for risk
management? - ✔✔Security
✔✔The Chef configuration management tool is for what? - ✔✔Managing infrastructure
✔✔Database activity monitoring (DAM) is what layer? - ✔✔Layer 7
✔✔Adding or replacing characters to protect information is what? - ✔✔Masking
✔✔A top-down approach for addressing and managing risk in an organization is what? -
✔✔Information security management system (ISMS)
✔✔ISO 31000:2009 - ✔✔Design implementation and management
GRADED A+
✔✔A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident. Which action facilitates this type of
communication? - ✔✔Using existing open standards
✔✔Which issue can be detected with static application security testing (SAST)? -
✔✔Threading
✔✔Which problem is known as a common supply chain risk? - ✔✔Data breaches
✔✔Which method should the cloud consumer use to secure the management plane of
the cloud service provider? - ✔✔Credential management
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications? - ✔✔Advanced application-specific
integrated circuits (ASICs)
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture? - ✔✔Private
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - ✔✔Technological controls
✔✔Which countermeasure mitigates the risk of a rogue cloud administrator? -
✔✔Logging and monitoring
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant? - ✔✔Dedicated hosting
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - ✔✔Application regulation
✔✔Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - ✔✔Level of resiliency
✔✔Where should the location be for the final data backup repository in the event that
the disaster recovery plan is enacted for the CSP of a disaster recovery (DR) service? -
✔✔Cloud platform
, ✔✔An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of
the plan will provide this guarantee? - ✔✔Handling provider outages
✔✔Which standard addresses the privacy aspects of cloud computing for consumers? -
✔✔ISO 27018:2014
✔✔Which international standard guide provides procedures for incident investigation
principles and processes? - ✔✔ISO/IEC 27043:2015
✔✔Which group is legally bound by the general data protection regulation (GDPR)? -
✔✔Only corporations that processes the data of EU citizens
✔✔Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - ✔✔Reporting to
the supervisory authority
✔✔Why is eDiscovery difficult in the cloud? - ✔✔The client lacks the credentials to
access the required data
✔✔Which artifact may be required as a data source for a compliance audit in a cloud
environment? - ✔✔Change management details
✔✔A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
✔✔Review traffic logs for the leased cloud resources
✔✔Which risk during the eDiscovery process would limit the usefulness of the
requested data from the cloud by third parties? - ✔✔Native production
✔✔Which type of control is important in order to achieve compliance for risk
management? - ✔✔Security
✔✔The Chef configuration management tool is for what? - ✔✔Managing infrastructure
✔✔Database activity monitoring (DAM) is what layer? - ✔✔Layer 7
✔✔Adding or replacing characters to protect information is what? - ✔✔Masking
✔✔A top-down approach for addressing and managing risk in an organization is what? -
✔✔Information security management system (ISMS)
✔✔ISO 31000:2009 - ✔✔Design implementation and management
