1|Page
WGU C838 OA EXAM | ACTUAL QUESTIONS
WITH VERIFIED SOLUTIONS
Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - correct-answer-
Technological controls
Which countermeasure mitigates the risk of a rogue cloud administrator? -
correct-answer-Logging and monitoring
Which cloud security control eliminates the risk of a virtualization guest escape
from another tenant? - correct-answer-Dedicated hosting
Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - correct-answer-Application
regulation
Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - correct-answer-Level of resiliency
Where should the location be for the final data backup repository in the event
that the disaster recovery plan is enacted for the CSP of a disaster recovery (DR)
service? - correct-answer-Cloud platform
, 2|Page
An architect needs to constrain problems to a level that can be controlled when
the problem exceeds the capabilities of disaster recovery (DR) controls. Which
aspect of the plan will provide this guarantee? - correct-answer-Handling provider
outages
Which standard addresses the privacy aspects of cloud computing for consumers?
- correct-answer-ISO 27018:2014
Which international standard guide provides procedures for incident investigation
principles and processes? - correct-answer-ISO/IEC 27043:2015
Which group is legally bound by the general data protection regulation (GDPR)? -
correct-answer-Only corporations that processes the data of EU citizens
Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - correct-
answer-Reporting to the supervisory authority
Why is eDiscovery difficult in the cloud? - correct-answer-The client lacks the
credentials to access the required data
Which artifact may be required as a data source for a compliance audit in a cloud
environment? - correct-answer-Change management details
A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
correct-answer-Review traffic logs for the leased cloud resources
WGU C838 OA EXAM | ACTUAL QUESTIONS
WITH VERIFIED SOLUTIONS
Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - correct-answer-
Technological controls
Which countermeasure mitigates the risk of a rogue cloud administrator? -
correct-answer-Logging and monitoring
Which cloud security control eliminates the risk of a virtualization guest escape
from another tenant? - correct-answer-Dedicated hosting
Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - correct-answer-Application
regulation
Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - correct-answer-Level of resiliency
Where should the location be for the final data backup repository in the event
that the disaster recovery plan is enacted for the CSP of a disaster recovery (DR)
service? - correct-answer-Cloud platform
, 2|Page
An architect needs to constrain problems to a level that can be controlled when
the problem exceeds the capabilities of disaster recovery (DR) controls. Which
aspect of the plan will provide this guarantee? - correct-answer-Handling provider
outages
Which standard addresses the privacy aspects of cloud computing for consumers?
- correct-answer-ISO 27018:2014
Which international standard guide provides procedures for incident investigation
principles and processes? - correct-answer-ISO/IEC 27043:2015
Which group is legally bound by the general data protection regulation (GDPR)? -
correct-answer-Only corporations that processes the data of EU citizens
Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - correct-
answer-Reporting to the supervisory authority
Why is eDiscovery difficult in the cloud? - correct-answer-The client lacks the
credentials to access the required data
Which artifact may be required as a data source for a compliance audit in a cloud
environment? - correct-answer-Change management details
A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
correct-answer-Review traffic logs for the leased cloud resources
