WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
1. 1: Implements Se- A. Domain Name System Security Extensions (DNSSEC)
cure Solutions B. Internet Protocol Security (IPSec) VPN
Which technology C. Web Application Firewall (WAF)
should be imple- D. Data Loss Prevention (DLP)
mented to ensure Correct Answer: B. Internet Protocol Security (IPSec) VPN
secure commu- Explanation:
nication between • IPSec VPN is designed to secure communication over an IP network. It encrypts
on-site enterprise the entire IP packet for secure transmission between on-site systems and cloud
systems and a platforms, ensuring data integrity and confidentiality.
cloud platform • DNSSEC ensures the integrity of DNS responses but doesn't provide secure
communication between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but is
not used for secure communication between systems.
• DLP prevents data breaches by monitoring and controlling data flows, but it
doesn't establish secure communication channels.
2. 2: Implements A. Share
Operations B. Store
Which phase of C. Use
the cloud data D. Destroy
lifecycle is most Correct Answer: B. Store
likely to overlap Explanation:
with the 'Create' • Store often overlaps with the Create phase because as soon as data is created, it
phase in terms of usually needs to be securely stored. Security controls, such as encryption, should
implementing se- be implemented at this stage.
curity controls • Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no
longer needed.
3.
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
3: Conducts Risk A. Mitigation
Management B. Avoidance
Which risk man- C. Transfer
agement ap- D. Acceptance
proach involves Correct Answer: B. Avoidance
completely elimi- Explanation:
nating a risk be- • Avoidance involves eliminating the risk entirely, typically when the potential
cause it exceeds impact is too great or when controls cannot adequately reduce the risk to an
the organization's acceptable level.
risk appetite • Mitigation involves reducing the risk to an acceptable level.
• Transfer involves shifting the risk to a third party, such as through insurance.
• Acceptance involves acknowledging the risk and choosing to bear it without
further action.
4. 4: Identifies Legal, A. Health Insurance Portability and Accountability Act (HIPAA)
Compliance, and B. Sarbanes-Oxley Act (SOX)
Ethical Concerns C. Gramm-Leach-Bliley Act (GLBA)
Which United D. Safe Harbor
States law focuses Correct Answer: C. Gramm-Leach-Bliley Act (GLBA)
specifically on the Explanation:
privacy of finan- • GLBA is designed to protect consumer financial privacy by setting regulations
cial information for how financial institutions handle private data.
• HIPAA focuses on healthcare information.
• SOX is concerned with corporate financial practices and reporting.
• Safe Harbor was an agreement between the US and EU for data transfers, not
specifically financial privacy.
5. 1: Implements Se- A. Data Masking
cure Solutions B. Tokenization
Which technolo- C. Encryption
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
gy is most effec- D. Obfuscation
tive in prevent- Correct Answer: C. Encryption
ing unauthorized Explanation: Encryption transforms readable data into an unreadable format
access to sensi- using cryptographic algorithms, making it inaccessible to unauthorized users.
tive data by en- Tokenization and data masking are also methods of protecting data, but they do
suring it is un- not provide the same level of security as encryption. Obfuscation is the process of
readable without making data more difficult to understand but is not intended to prevent access.
proper decryption
keys
6. 2: Implements A. Static Analysis
Operations B. Code Review
Which of the fol- C. Dynamic Analysis
lowing activities is D. Acceptance Testing
essential during Correct Answer: C. Dynamic Analysis
the Secure Oper- Explanation: Dynamic Analysis is crucial during the secure operations phase
ations phase of because it involves testing the software in a runtime environment, identifying
the Software De- security vulnerabilities that might only become apparent during execution. Static
velopment Lifecy- Analysis and Code Review are performed earlier in the SDLC, and Acceptance
cle (SDLC) Testing is typically done after secure operations to verify the system meets the
requirements.
7. 3: Conducts Risk A. Risk Mitigation
Management B. Risk Avoidance
Which risk man- C. Risk Transference
agement ap- D. Risk Acceptance
proach involves Correct Answer: C. Risk Transference
the transfer of risk Explanation: Risk Transference involves shifting the impact of a risk to a third
to another party, party, often by using insurance or outsourcing certain activities. Risk Mitigation
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
such as through involves reducing the risk, Risk Avoidance involves eliminating the risk, and Risk
insurance Acceptance involves acknowledging and accepting the risk without further action.
8. 4: Identifies Legal, A. Sarbanes-Oxley Act (SOX)
Compliance, and B. Health Insurance Portability and Accountability Act (HIPAA)
Ethical Concerns C. Gramm-Leach-Bliley Act (GLBA)
Which U.S. law fo- D. Federal Information Security Management Act (FISMA)
cuses specifically Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)
on the protection Explanation: HIPAA sets standards for the protection of personal health informa-
of personal health tion. SOX is related to corporate financial practices, GLBA focuses on financial
information privacy, and FISMA applies to federal information security management.
9. 5: Implements Se- A. Software as a Service (SaaS)
cure Solutions B. Platform as a Service (PaaS)
Which cloud ser- C. Infrastructure as a Service (IaaS)
vice model re- D. Containers as a Service (CaaS)
quires the cus- Correct Answer: C. Infrastructure as a Service (IaaS)
tomer to manage Explanation: In IaaS, the provider manages the underlying infrastructure, while
the security of the the customer is responsible for managing the security of the operating system,
operating system, applications, and data. In SaaS, the provider manages everything, including
applications, and security. PaaS offers more management of security, but the customer still handles
data application security.
10. 6: Implements A. Ensure high availability of cloud services
Operations B. Recover operations after a catastrophic event
What is the prima- C. Perform routine backups of data
ry goal of imple- D. Prevent unauthorized access to cloud resources
menting a Disas- Correct Answer: B. Recover operations after a catastrophic event
ter Recovery Plan Explanation: The main goal of a Disaster Recovery Plan is to recover business
operations as quickly as possible after a catastrophic event. High availability is a
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
1. 1: Implements Se- A. Domain Name System Security Extensions (DNSSEC)
cure Solutions B. Internet Protocol Security (IPSec) VPN
Which technology C. Web Application Firewall (WAF)
should be imple- D. Data Loss Prevention (DLP)
mented to ensure Correct Answer: B. Internet Protocol Security (IPSec) VPN
secure commu- Explanation:
nication between • IPSec VPN is designed to secure communication over an IP network. It encrypts
on-site enterprise the entire IP packet for secure transmission between on-site systems and cloud
systems and a platforms, ensuring data integrity and confidentiality.
cloud platform • DNSSEC ensures the integrity of DNS responses but doesn't provide secure
communication between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but is
not used for secure communication between systems.
• DLP prevents data breaches by monitoring and controlling data flows, but it
doesn't establish secure communication channels.
2. 2: Implements A. Share
Operations B. Store
Which phase of C. Use
the cloud data D. Destroy
lifecycle is most Correct Answer: B. Store
likely to overlap Explanation:
with the 'Create' • Store often overlaps with the Create phase because as soon as data is created, it
phase in terms of usually needs to be securely stored. Security controls, such as encryption, should
implementing se- be implemented at this stage.
curity controls • Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no
longer needed.
3.
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
3: Conducts Risk A. Mitigation
Management B. Avoidance
Which risk man- C. Transfer
agement ap- D. Acceptance
proach involves Correct Answer: B. Avoidance
completely elimi- Explanation:
nating a risk be- • Avoidance involves eliminating the risk entirely, typically when the potential
cause it exceeds impact is too great or when controls cannot adequately reduce the risk to an
the organization's acceptable level.
risk appetite • Mitigation involves reducing the risk to an acceptable level.
• Transfer involves shifting the risk to a third party, such as through insurance.
• Acceptance involves acknowledging the risk and choosing to bear it without
further action.
4. 4: Identifies Legal, A. Health Insurance Portability and Accountability Act (HIPAA)
Compliance, and B. Sarbanes-Oxley Act (SOX)
Ethical Concerns C. Gramm-Leach-Bliley Act (GLBA)
Which United D. Safe Harbor
States law focuses Correct Answer: C. Gramm-Leach-Bliley Act (GLBA)
specifically on the Explanation:
privacy of finan- • GLBA is designed to protect consumer financial privacy by setting regulations
cial information for how financial institutions handle private data.
• HIPAA focuses on healthcare information.
• SOX is concerned with corporate financial practices and reporting.
• Safe Harbor was an agreement between the US and EU for data transfers, not
specifically financial privacy.
5. 1: Implements Se- A. Data Masking
cure Solutions B. Tokenization
Which technolo- C. Encryption
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
gy is most effec- D. Obfuscation
tive in prevent- Correct Answer: C. Encryption
ing unauthorized Explanation: Encryption transforms readable data into an unreadable format
access to sensi- using cryptographic algorithms, making it inaccessible to unauthorized users.
tive data by en- Tokenization and data masking are also methods of protecting data, but they do
suring it is un- not provide the same level of security as encryption. Obfuscation is the process of
readable without making data more difficult to understand but is not intended to prevent access.
proper decryption
keys
6. 2: Implements A. Static Analysis
Operations B. Code Review
Which of the fol- C. Dynamic Analysis
lowing activities is D. Acceptance Testing
essential during Correct Answer: C. Dynamic Analysis
the Secure Oper- Explanation: Dynamic Analysis is crucial during the secure operations phase
ations phase of because it involves testing the software in a runtime environment, identifying
the Software De- security vulnerabilities that might only become apparent during execution. Static
velopment Lifecy- Analysis and Code Review are performed earlier in the SDLC, and Acceptance
cle (SDLC) Testing is typically done after secure operations to verify the system meets the
requirements.
7. 3: Conducts Risk A. Risk Mitigation
Management B. Risk Avoidance
Which risk man- C. Risk Transference
agement ap- D. Risk Acceptance
proach involves Correct Answer: C. Risk Transference
the transfer of risk Explanation: Risk Transference involves shifting the impact of a risk to a third
to another party, party, often by using insurance or outsourcing certain activities. Risk Mitigation
, WGU - D320\WGU D320 COMPLETE COMPREHENSIVE QUESTIONS AND C
RECT SOLUTIONS OBJECTIVE ASSESSMENT NEWEST 2024 [ALREADY GRAD
A+]
Study online at https://quizlet.com/_h8x4pa
such as through involves reducing the risk, Risk Avoidance involves eliminating the risk, and Risk
insurance Acceptance involves acknowledging and accepting the risk without further action.
8. 4: Identifies Legal, A. Sarbanes-Oxley Act (SOX)
Compliance, and B. Health Insurance Portability and Accountability Act (HIPAA)
Ethical Concerns C. Gramm-Leach-Bliley Act (GLBA)
Which U.S. law fo- D. Federal Information Security Management Act (FISMA)
cuses specifically Correct Answer: B. Health Insurance Portability and Accountability Act (HIPAA)
on the protection Explanation: HIPAA sets standards for the protection of personal health informa-
of personal health tion. SOX is related to corporate financial practices, GLBA focuses on financial
information privacy, and FISMA applies to federal information security management.
9. 5: Implements Se- A. Software as a Service (SaaS)
cure Solutions B. Platform as a Service (PaaS)
Which cloud ser- C. Infrastructure as a Service (IaaS)
vice model re- D. Containers as a Service (CaaS)
quires the cus- Correct Answer: C. Infrastructure as a Service (IaaS)
tomer to manage Explanation: In IaaS, the provider manages the underlying infrastructure, while
the security of the the customer is responsible for managing the security of the operating system,
operating system, applications, and data. In SaaS, the provider manages everything, including
applications, and security. PaaS offers more management of security, but the customer still handles
data application security.
10. 6: Implements A. Ensure high availability of cloud services
Operations B. Recover operations after a catastrophic event
What is the prima- C. Perform routine backups of data
ry goal of imple- D. Prevent unauthorized access to cloud resources
menting a Disas- Correct Answer: B. Recover operations after a catastrophic event
ter Recovery Plan Explanation: The main goal of a Disaster Recovery Plan is to recover business
operations as quickly as possible after a catastrophic event. High availability is a
