WGU C838 OA FINAL PAPER 2025/2026 QUESTIONS WITH
SOLUTIONS GRADED A+
✔✔"Which phase of the software development life cycle includes writing application
code?
(A) Defining
(B) Designing
(C) Developing
(D) Implementing" - ✔✔Developing
✔✔"Which method should the cloud consumer use to secure the management plane of
the cloud service provider?
(A) Credential management
(B) Network access control list
(C) Agent-based security tooling
(D) Disablement of management plane" - ✔✔Credential management
✔✔"Which security threat occurs when a developer leaves an unauthorized access
interface within an application after release?
(A) Easter egg
(B) Deprecated API
(C) Persistent backdoor
(D) Development operations" - ✔✔Persistent backdoor
✔✔"Which process prevents the environment from being over-controlled by security
measures to the point where application performance is impacted?
(A) Private cloud
(B) Community cloud
(C) Quality of service (QoS)
(D) Trusted cloud initiative (TCI)" - ✔✔Quality of service (QoS)
✔✔"Which open web application security project (OWASP) Top 9 Coding Flaws leads
to security issues?
(A) Denial-of-service
(B) Client-side injection
(C) Cross-site scripting
(D) Direct object reference" - ✔✔Direct object reference
✔✔"Which identity management process targets access to enterprise resources by
ensuring that the identity of an entity is verified?
(A) Federation
(B) Provisioning
(C) Authentication
(D) Policy management" - ✔✔Authentication
,✔✔"Which technology improves the ability of the transport layer security (TLS) to
ensure privacy when communicating between applications?
(A) Volume encryption
(B) Whole-disk encryption
(C) Virtual private networks (VPNs)
(D) Advanced application-specific integrated circuits (ASICs)" - ✔✔Advanced
application-specific integrated circuits (ASICs)
✔✔"Which multi-factor authentication (MFA) option uses a physical universal serial bus
(USB) device to generate one-time passwords?
(A) Biometrics
(B) Hard tokens
(C) Out-of-band passwords
(D) Transaction authentication numbers" - ✔✔Hard tokens
✔✔"Which cloud infrastructure is shared by several organizations with common
concerns, such as mission, policy, or compliance considerations?
(A) Hybrid cloud
(B) Public cloud
(C) Private cloud
(D) Community cloud" - ✔✔Community cloud
✔✔"Which type of cloud deployment model is considered equivalent to a traditional IT
architecture?
(A) Public
(B) Hybrid
(C) Private
(D) Community" - ✔✔Private
✔✔"Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)?
(A) Training programs
(B) Technological controls
(C) Strong access controls
(D) Contractual enforcement of policies" - ✔✔Technological controls
✔✔"Which attack vector is associated with cloud infrastructure?
(A) Compromised API credentials
(B) Data storage locations in multiple jurisdictions
(C) Seizure and examination of a physical disk
(D) Licensing fees tied to the deployment of software based on a per-CPU licensing
model" - ✔✔Compromised API credentials
, ✔✔"Which risk is associated with malicious and accidental dangers to a cloud
infrastructure?
(A) External attacks
(B) Personnel threats
(C) Natural disasters
(D) Regulatory noncompliance" - ✔✔Personnel threats
✔✔"Which cloud-specific risk must be considered when moving infrastructure
operations to the cloud?
(A) Denial of service
(B) Natural disasters
(C) Regulatory violations
(D) Lack of physical access" - ✔✔Lack of physical access
✔✔"Which risk is controlled by implementing a private cloud?
(A) Eavesdropping
(B) Physical security
(C) Unauthorized access
(D) Denial-of-service (DoS)" - ✔✔Physical security
✔✔"Which countermeasure enhances redundancy for physical facilities hosting cloud
equipment during the threat of a power outage?
(A) Tier 2 network access providers
(B) Multiple and independent power circuits to all racks
(C) Radio frequency interference (RFI) blocking devices
(D) Automated license plate readers (ALPR) at entry points" - ✔✔Multiple and
independent power circuits to all racks
✔✔"Which countermeasure helps mitigate the risk of stolen credentials for cloud-based
platforms?
(A) Host lockdown
(B) Data sanitization
(C) Key management
(D) Multifactor authentication" - ✔✔Multifactor authentication
✔✔"Which control helps mitigate the risk of sensitive information leaving the cloud
environment?
(A) Data loss prevention (DLP)
(B) Disaster recovery plan (DRP)
(C) Web application ?rewall (WAF)
(D) Identity and access management (IAM)" - ✔✔Data loss prevention (DLP)
✔✔"Which countermeasure mitigates the risk of a rogue cloud administrator?
(A) Data encryption
SOLUTIONS GRADED A+
✔✔"Which phase of the software development life cycle includes writing application
code?
(A) Defining
(B) Designing
(C) Developing
(D) Implementing" - ✔✔Developing
✔✔"Which method should the cloud consumer use to secure the management plane of
the cloud service provider?
(A) Credential management
(B) Network access control list
(C) Agent-based security tooling
(D) Disablement of management plane" - ✔✔Credential management
✔✔"Which security threat occurs when a developer leaves an unauthorized access
interface within an application after release?
(A) Easter egg
(B) Deprecated API
(C) Persistent backdoor
(D) Development operations" - ✔✔Persistent backdoor
✔✔"Which process prevents the environment from being over-controlled by security
measures to the point where application performance is impacted?
(A) Private cloud
(B) Community cloud
(C) Quality of service (QoS)
(D) Trusted cloud initiative (TCI)" - ✔✔Quality of service (QoS)
✔✔"Which open web application security project (OWASP) Top 9 Coding Flaws leads
to security issues?
(A) Denial-of-service
(B) Client-side injection
(C) Cross-site scripting
(D) Direct object reference" - ✔✔Direct object reference
✔✔"Which identity management process targets access to enterprise resources by
ensuring that the identity of an entity is verified?
(A) Federation
(B) Provisioning
(C) Authentication
(D) Policy management" - ✔✔Authentication
,✔✔"Which technology improves the ability of the transport layer security (TLS) to
ensure privacy when communicating between applications?
(A) Volume encryption
(B) Whole-disk encryption
(C) Virtual private networks (VPNs)
(D) Advanced application-specific integrated circuits (ASICs)" - ✔✔Advanced
application-specific integrated circuits (ASICs)
✔✔"Which multi-factor authentication (MFA) option uses a physical universal serial bus
(USB) device to generate one-time passwords?
(A) Biometrics
(B) Hard tokens
(C) Out-of-band passwords
(D) Transaction authentication numbers" - ✔✔Hard tokens
✔✔"Which cloud infrastructure is shared by several organizations with common
concerns, such as mission, policy, or compliance considerations?
(A) Hybrid cloud
(B) Public cloud
(C) Private cloud
(D) Community cloud" - ✔✔Community cloud
✔✔"Which type of cloud deployment model is considered equivalent to a traditional IT
architecture?
(A) Public
(B) Hybrid
(C) Private
(D) Community" - ✔✔Private
✔✔"Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)?
(A) Training programs
(B) Technological controls
(C) Strong access controls
(D) Contractual enforcement of policies" - ✔✔Technological controls
✔✔"Which attack vector is associated with cloud infrastructure?
(A) Compromised API credentials
(B) Data storage locations in multiple jurisdictions
(C) Seizure and examination of a physical disk
(D) Licensing fees tied to the deployment of software based on a per-CPU licensing
model" - ✔✔Compromised API credentials
, ✔✔"Which risk is associated with malicious and accidental dangers to a cloud
infrastructure?
(A) External attacks
(B) Personnel threats
(C) Natural disasters
(D) Regulatory noncompliance" - ✔✔Personnel threats
✔✔"Which cloud-specific risk must be considered when moving infrastructure
operations to the cloud?
(A) Denial of service
(B) Natural disasters
(C) Regulatory violations
(D) Lack of physical access" - ✔✔Lack of physical access
✔✔"Which risk is controlled by implementing a private cloud?
(A) Eavesdropping
(B) Physical security
(C) Unauthorized access
(D) Denial-of-service (DoS)" - ✔✔Physical security
✔✔"Which countermeasure enhances redundancy for physical facilities hosting cloud
equipment during the threat of a power outage?
(A) Tier 2 network access providers
(B) Multiple and independent power circuits to all racks
(C) Radio frequency interference (RFI) blocking devices
(D) Automated license plate readers (ALPR) at entry points" - ✔✔Multiple and
independent power circuits to all racks
✔✔"Which countermeasure helps mitigate the risk of stolen credentials for cloud-based
platforms?
(A) Host lockdown
(B) Data sanitization
(C) Key management
(D) Multifactor authentication" - ✔✔Multifactor authentication
✔✔"Which control helps mitigate the risk of sensitive information leaving the cloud
environment?
(A) Data loss prevention (DLP)
(B) Disaster recovery plan (DRP)
(C) Web application ?rewall (WAF)
(D) Identity and access management (IAM)" - ✔✔Data loss prevention (DLP)
✔✔"Which countermeasure mitigates the risk of a rogue cloud administrator?
(A) Data encryption
