1 of 33
WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OBJECTIVE ASSESSMENT / WGU C838 OA PREPARATION/ 2025/2026
WGU C838 OA PRACTICE WITH COMPLETE 430 QUESTIONS AND
ANSWERS LATEST |A+GRADE
T/F: Risk and responsibilities will be shared between the cloud provider and customer
- ......ANSWER........True
T/F: SAS 70 report is no longer being used - ......ANSWER........True
T/F: The customer is concerned with data, whereas the provider is concerned with
security and operation - ......ANSWER........True
T/F: The customer is legally liable for their data even if the provider was negligent.
- ......ANSWER........True
T/F: The customer wants to refute control, deny insight, and refrain from disclosing
any information used for malicious purpose - ......ANSWER........False
T/F: The goals of DLP include elasticity - ......ANSWER........False
T/F: The value of data is a component of contractual PII - ......ANSWER........False
The process of evaluating assets? - ......ANSWER........Business Impact Analysis (BIA)
Volume storage is associated with what infrastructure model?
- ......ANSWER........Infrastructure as a Service (IaaS)
Vulnerability assessment, firewall, honeypot, and IDS/IPS are methods used for what?
- ......ANSWER........securing a network
What 3 models are generally available for cloud BCDR? - ......ANSWER........Private
architecture, cloud backup cloud provider, back from same provider cloud provider,
backup from another cloud provider
What act conforms to the EU Data Directive and Privacy Regulation?
- ......ANSWER........PIPEDA
What allows applications to consume web services from the application, to expand its
capabilities? - ......ANSWER........approved APIs
,2 of 33
What allows users to make modifications that they choose to add or enhance the
functionality? - ......ANSWER........securing open-source software
What are 10 examples in threat modeling of common application vulnerabilities?
- ......ANSWER........Injection Broken Authentication Cross-Site Scripting (XSS) insecure
direct object access security misconfigurations sensitive data exposure missing function-
level access control cross-site request forgery (CSRF) using components with known
vulnerabilities invalidated redirects and forwards
What are 3 characteristics of cloud computing? - ......ANSWER........Elasticity, Simplicity
and Scalability
What are 3 countermeasures that can be applied to cloud operations against internal
threats? - ......ANSWER........DLP solutions financial penalties against the cloud
provider's personnel broad contractual protections
What are 3 data analytic modes? - ......ANSWER........Data Mining Agile business
intelligence real-time analytics
What are 3 dependencies that must be considered after cloud migration?
- ......ANSWER........The cloud provider's vendors, utilities, and suppliers
What are 3 examples that cloud provider would offer to enhance the customer's trust?
- ......ANSWER........Shared administration, SLAs, Audits
What are 3 federation standards? - ......ANSWER........WS-Federation OAuth OpenID
Connect
What are 3 risks associated with a community cloud? - ......ANSWER........Resiliency
through shared ownership Access and control lack of centralized standards
What are 3 risks associated with Infrastructure as a Service (Iaas)?
- ......ANSWER........Personnel threats External threats Lack of specific skillsets
What are 3 risks associated with Software as a service (SaaS)?
- ......ANSWER........Proprietary formats Virtualization Web application security
What are 3 things the provider will offer to address shared monitoring and testing
responsibilities in a cloud configuration? - ......ANSWER........SIM, SEIM, and SEM logs
DLP solution results Access to audit logs and performance data
,3 of 33
What are 4 cloud application assurance and validation methods?
- ......ANSWER........Approved APIs Secure code reviews runtime application self-
protection securing open-source software
What are 4 contracts that you should be familiar with? - ......ANSWER........service-level
agreements privacy-level agreements operational-level agreement payment card
industry data security standards contracts
What are 4 controls/mechanisms a cloud provider should play a role in in layered
defense? - ......ANSWER........Strong personnel controls, Technological controls, Physical
controls, Governance mechanisms
What are 4 examples of issues that developers and administrators must deal with?
- ......ANSWER........multitenancy third-party admins deployment models (Public,
Private, Community, Hybrid) service models (IaaS, PaaS, and SaaS)
What are 4 factors to consider avoiding vender lock-out? - ......ANSWER........Provider
longevity Core competency Jurisdictional suitability Supply chain dependencies
Legislative environment
What are 4 risks with virtualization? - ......ANSWER........Attacks on the hypervisor
Guest escape Information bleed Data seizure
What are 4 risks associated with Platform as a service (Paas)?
- ......ANSWER........Interoperability issues Persistent backdoors Virtualization Resource
Sharing
What are 4 risks in a multitenant environment? - ......ANSWER........Conflict of interest,
Privilege escalation, Information bleed, Legal activity
What are 4 things to consider avoiding vender lock-in? - ......ANSWER........Ensure
favorable contract terms for portability, Avoid proprietary formats, Ensure no physical
limitations to moving ,Check for regulatory constraints
What are 5 common cloud application deployment pitfalls? - ......ANSWER........On-
Premises Apps do not always transfer poor documentation not all apps are cloud ready
tenancy separation use of secure, validated APIs, possible data bleed
What are 5 examples of criticality for an org - ......ANSWER........Tangible assets,
Intangible assets, Processes, Data paths, Personnel
, 4 of 33
What are 5 examples of directory services? - ......ANSWER........X.500 LDAP Active
directory Novell eDirectory metadata and replication and synchronization
What are 5 items included in a BC/DR plan? - ......ANSWER........circumstances under
which an event or disaster is declared List of assets inventoried deemed critical actions,
tasks, and activities who is authorized to make the declaration essential points of
contact
What are 5 risks private cloud owners face? - ......ANSWER........Personnel threats
Natural disasters External attacks regulatory noncompliance malware
What are 5 things monitored in a data center? - ......ANSWER........OS
Logging ,Hardware, Network ,Temperature ,Humidity
What are 5 ways access management uses, to control access?
- ......ANSWER........authentication authorization policy management federation identity
repositories
What are 8 threats to a private cloud? - ......ANSWER........malware internal threats
external attackers man in the middle social engineering theft or loss of devices
regulatory violations natural disasters
What are all of access management resources stored in? - ......ANSWER........identity
repository directory
What are five examples of common supply chain risks? - ......ANSWER........financial
instability of provider single points of failure data breaches malware infestations data
loss
What are five examples of exceptions under copyright laws? - ......ANSWER........Fair use
satire library preservation personal backup versions for people with physical
disabilities
What are four examples of conflicts that are posed while employing DRM to the cloud?
- ......ANSWER........API Replication Jurisdiction Enterprise
What are four examples of Fair Use under copyright laws?
- ......ANSWER........Academic Critique News Reporting Scholarly Research
WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OBJECTIVE ASSESSMENT / WGU C838 OA PREPARATION/ 2025/2026
WGU C838 OA PRACTICE WITH COMPLETE 430 QUESTIONS AND
ANSWERS LATEST |A+GRADE
T/F: Risk and responsibilities will be shared between the cloud provider and customer
- ......ANSWER........True
T/F: SAS 70 report is no longer being used - ......ANSWER........True
T/F: The customer is concerned with data, whereas the provider is concerned with
security and operation - ......ANSWER........True
T/F: The customer is legally liable for their data even if the provider was negligent.
- ......ANSWER........True
T/F: The customer wants to refute control, deny insight, and refrain from disclosing
any information used for malicious purpose - ......ANSWER........False
T/F: The goals of DLP include elasticity - ......ANSWER........False
T/F: The value of data is a component of contractual PII - ......ANSWER........False
The process of evaluating assets? - ......ANSWER........Business Impact Analysis (BIA)
Volume storage is associated with what infrastructure model?
- ......ANSWER........Infrastructure as a Service (IaaS)
Vulnerability assessment, firewall, honeypot, and IDS/IPS are methods used for what?
- ......ANSWER........securing a network
What 3 models are generally available for cloud BCDR? - ......ANSWER........Private
architecture, cloud backup cloud provider, back from same provider cloud provider,
backup from another cloud provider
What act conforms to the EU Data Directive and Privacy Regulation?
- ......ANSWER........PIPEDA
What allows applications to consume web services from the application, to expand its
capabilities? - ......ANSWER........approved APIs
,2 of 33
What allows users to make modifications that they choose to add or enhance the
functionality? - ......ANSWER........securing open-source software
What are 10 examples in threat modeling of common application vulnerabilities?
- ......ANSWER........Injection Broken Authentication Cross-Site Scripting (XSS) insecure
direct object access security misconfigurations sensitive data exposure missing function-
level access control cross-site request forgery (CSRF) using components with known
vulnerabilities invalidated redirects and forwards
What are 3 characteristics of cloud computing? - ......ANSWER........Elasticity, Simplicity
and Scalability
What are 3 countermeasures that can be applied to cloud operations against internal
threats? - ......ANSWER........DLP solutions financial penalties against the cloud
provider's personnel broad contractual protections
What are 3 data analytic modes? - ......ANSWER........Data Mining Agile business
intelligence real-time analytics
What are 3 dependencies that must be considered after cloud migration?
- ......ANSWER........The cloud provider's vendors, utilities, and suppliers
What are 3 examples that cloud provider would offer to enhance the customer's trust?
- ......ANSWER........Shared administration, SLAs, Audits
What are 3 federation standards? - ......ANSWER........WS-Federation OAuth OpenID
Connect
What are 3 risks associated with a community cloud? - ......ANSWER........Resiliency
through shared ownership Access and control lack of centralized standards
What are 3 risks associated with Infrastructure as a Service (Iaas)?
- ......ANSWER........Personnel threats External threats Lack of specific skillsets
What are 3 risks associated with Software as a service (SaaS)?
- ......ANSWER........Proprietary formats Virtualization Web application security
What are 3 things the provider will offer to address shared monitoring and testing
responsibilities in a cloud configuration? - ......ANSWER........SIM, SEIM, and SEM logs
DLP solution results Access to audit logs and performance data
,3 of 33
What are 4 cloud application assurance and validation methods?
- ......ANSWER........Approved APIs Secure code reviews runtime application self-
protection securing open-source software
What are 4 contracts that you should be familiar with? - ......ANSWER........service-level
agreements privacy-level agreements operational-level agreement payment card
industry data security standards contracts
What are 4 controls/mechanisms a cloud provider should play a role in in layered
defense? - ......ANSWER........Strong personnel controls, Technological controls, Physical
controls, Governance mechanisms
What are 4 examples of issues that developers and administrators must deal with?
- ......ANSWER........multitenancy third-party admins deployment models (Public,
Private, Community, Hybrid) service models (IaaS, PaaS, and SaaS)
What are 4 factors to consider avoiding vender lock-out? - ......ANSWER........Provider
longevity Core competency Jurisdictional suitability Supply chain dependencies
Legislative environment
What are 4 risks with virtualization? - ......ANSWER........Attacks on the hypervisor
Guest escape Information bleed Data seizure
What are 4 risks associated with Platform as a service (Paas)?
- ......ANSWER........Interoperability issues Persistent backdoors Virtualization Resource
Sharing
What are 4 risks in a multitenant environment? - ......ANSWER........Conflict of interest,
Privilege escalation, Information bleed, Legal activity
What are 4 things to consider avoiding vender lock-in? - ......ANSWER........Ensure
favorable contract terms for portability, Avoid proprietary formats, Ensure no physical
limitations to moving ,Check for regulatory constraints
What are 5 common cloud application deployment pitfalls? - ......ANSWER........On-
Premises Apps do not always transfer poor documentation not all apps are cloud ready
tenancy separation use of secure, validated APIs, possible data bleed
What are 5 examples of criticality for an org - ......ANSWER........Tangible assets,
Intangible assets, Processes, Data paths, Personnel
, 4 of 33
What are 5 examples of directory services? - ......ANSWER........X.500 LDAP Active
directory Novell eDirectory metadata and replication and synchronization
What are 5 items included in a BC/DR plan? - ......ANSWER........circumstances under
which an event or disaster is declared List of assets inventoried deemed critical actions,
tasks, and activities who is authorized to make the declaration essential points of
contact
What are 5 risks private cloud owners face? - ......ANSWER........Personnel threats
Natural disasters External attacks regulatory noncompliance malware
What are 5 things monitored in a data center? - ......ANSWER........OS
Logging ,Hardware, Network ,Temperature ,Humidity
What are 5 ways access management uses, to control access?
- ......ANSWER........authentication authorization policy management federation identity
repositories
What are 8 threats to a private cloud? - ......ANSWER........malware internal threats
external attackers man in the middle social engineering theft or loss of devices
regulatory violations natural disasters
What are all of access management resources stored in? - ......ANSWER........identity
repository directory
What are five examples of common supply chain risks? - ......ANSWER........financial
instability of provider single points of failure data breaches malware infestations data
loss
What are five examples of exceptions under copyright laws? - ......ANSWER........Fair use
satire library preservation personal backup versions for people with physical
disabilities
What are four examples of conflicts that are posed while employing DRM to the cloud?
- ......ANSWER........API Replication Jurisdiction Enterprise
What are four examples of Fair Use under copyright laws?
- ......ANSWER........Academic Critique News Reporting Scholarly Research
