WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
The management plane is use to administer a cloud environment and perform administrative
tasks across a variety of systems, but most specifically it's used with the hypervisors.
What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
The management plane uses APIs to execute remote calls across the cloud environment to
various management systems, especially hypervisors. This allows a centralized administrative
interface, often a web portal, to orchestrate tasks throughout an enterprise. Scripts may be
utilized to execute API calls, but they are not used directly to interact with systems. XML is used
for data encoding and transmission, but not for executing remote calls. TLS is used to encrypt
communications and may be used with API calls, but it is not the actual process for executing
commands.
When dealing with PII, which category pertains to those requirements that can carry legal
sanctions or penalties for failure to adequately safeguard the data and address compliance
requirements?
A. Contractual
B. Jurisdictional
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
C. Regulated
D. Legal
Regulated PII pertains to data that is outlined in law and regulations. Violations of the
requirements for the protection of regulated PII can carry legal sanctions or penalties.
Contractual PII involves required data protection that is determined by the actual service contract
between the cloud provider and cloud customer, rather than outlined by law. Violations of the
provisions of contractual PII carry potential financial or contractual implications, but not legal
sanctions. Legal and jurisdictional are similar terms to regulated, but neither is the official term
used.
Although the united states does not have a single, comprehensive privacy and regulatory
framework, a number of specific regulations pertain to types of data or populations.
Which of the following is NOT a regulatory system from the United States federal government?
A. HIPAA
B. SOX
C. FISMA
D. PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that
handle credit card transactions and is an industry-regulatory standard, not a governmental one.
The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and
reporting, as well as transparency requirements for shareholders and other stakeholders. The
Health Insurance and Portability Act (HIPAA) was passed in 1996 and pertains to data privacy
and security for medical records. FISMA refers to the Federal Information Security Management
Act of 2002 and pertains to the protection of all US federal government IT systems, with the
exception of national security systems.
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
The president of your company has tsked you with implementing cloud services as the most
efficient way of obtaining a robust disaster recovery configuration for your production services.
Which of the cloud deployment models would you MOST likely be exploring?
A. Hybrid
B. Private
C. Community
D. Public
A hybrid cloud model spans two more different hosting configurations or cloud providers. This
would enable an organization to continue using its current hosting configuration, while adding
additional cloud services to enable disaster recovery capabilities. The other cloud deployment
models--public, private, and community--would not be applicable for seeking a disaster recovery
configuration where cloud services are to be leveraged for that purpose rather than production
service hosting.
If you are running an application that has strict legal requirements that the data cannot reside on
systems that contain other applications or systems, which aspect of cloud computing would be
prohibitive in this case?
A. Multitenancy
B. Broad network access
C. Portability
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
D. Elasticity
Multitenancy is the aspect of cloud computing that involves having multiple customers and
applications running within the same system and sharing the same resources. Although
considerable mechanisms are in place to ensure isolation and separation, the data and
applications are ultimately using shared resources. Broad network access refers to the ability to
access cloud services from any location or client. Portability refers to the ability to easily move
cloud services between different cloud providers, whereas elasticity refers to the capabilities of a
cloud environment to add or remove services, as needed, to meet current demand.
The REST API is a widely used standard for communications of web-based services between
clients and the servers hosting them.
Which protocol does the REST API depend on?
A. HTTP
B. SSH
C. SAML
D. XML
Representational State Transfer (REST) is a software architectural scheme that applies the
components, connectors, and data conduits for many web applications used on the Internet. It
uses and relies on the HTTP protocol and supports a variety of data formats. Extensible Markup
Language (XML) and Security Assertion Markup Language (SAML) are both standards for
exchanging encoded data between two parties, with XML being for more general use and SAML
focused on authentication and authorization data. Secure Shell client (SSH) is a secure method
for allowing remote login to systems over a network.
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
The management plane is use to administer a cloud environment and perform administrative
tasks across a variety of systems, but most specifically it's used with the hypervisors.
What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
The management plane uses APIs to execute remote calls across the cloud environment to
various management systems, especially hypervisors. This allows a centralized administrative
interface, often a web portal, to orchestrate tasks throughout an enterprise. Scripts may be
utilized to execute API calls, but they are not used directly to interact with systems. XML is used
for data encoding and transmission, but not for executing remote calls. TLS is used to encrypt
communications and may be used with API calls, but it is not the actual process for executing
commands.
When dealing with PII, which category pertains to those requirements that can carry legal
sanctions or penalties for failure to adequately safeguard the data and address compliance
requirements?
A. Contractual
B. Jurisdictional
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
C. Regulated
D. Legal
Regulated PII pertains to data that is outlined in law and regulations. Violations of the
requirements for the protection of regulated PII can carry legal sanctions or penalties.
Contractual PII involves required data protection that is determined by the actual service contract
between the cloud provider and cloud customer, rather than outlined by law. Violations of the
provisions of contractual PII carry potential financial or contractual implications, but not legal
sanctions. Legal and jurisdictional are similar terms to regulated, but neither is the official term
used.
Although the united states does not have a single, comprehensive privacy and regulatory
framework, a number of specific regulations pertain to types of data or populations.
Which of the following is NOT a regulatory system from the United States federal government?
A. HIPAA
B. SOX
C. FISMA
D. PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that
handle credit card transactions and is an industry-regulatory standard, not a governmental one.
The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and
reporting, as well as transparency requirements for shareholders and other stakeholders. The
Health Insurance and Portability Act (HIPAA) was passed in 1996 and pertains to data privacy
and security for medical records. FISMA refers to the Federal Information Security Management
Act of 2002 and pertains to the protection of all US federal government IT systems, with the
exception of national security systems.
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
The president of your company has tsked you with implementing cloud services as the most
efficient way of obtaining a robust disaster recovery configuration for your production services.
Which of the cloud deployment models would you MOST likely be exploring?
A. Hybrid
B. Private
C. Community
D. Public
A hybrid cloud model spans two more different hosting configurations or cloud providers. This
would enable an organization to continue using its current hosting configuration, while adding
additional cloud services to enable disaster recovery capabilities. The other cloud deployment
models--public, private, and community--would not be applicable for seeking a disaster recovery
configuration where cloud services are to be leveraged for that purpose rather than production
service hosting.
If you are running an application that has strict legal requirements that the data cannot reside on
systems that contain other applications or systems, which aspect of cloud computing would be
prohibitive in this case?
A. Multitenancy
B. Broad network access
C. Portability
, WGU D320/ CCSP Exam – Managing
Cloud Security (Latest Update 2026 /
2027) Questions & Answers | Grade A |
100% Correct
D. Elasticity
Multitenancy is the aspect of cloud computing that involves having multiple customers and
applications running within the same system and sharing the same resources. Although
considerable mechanisms are in place to ensure isolation and separation, the data and
applications are ultimately using shared resources. Broad network access refers to the ability to
access cloud services from any location or client. Portability refers to the ability to easily move
cloud services between different cloud providers, whereas elasticity refers to the capabilities of a
cloud environment to add or remove services, as needed, to meet current demand.
The REST API is a widely used standard for communications of web-based services between
clients and the servers hosting them.
Which protocol does the REST API depend on?
A. HTTP
B. SSH
C. SAML
D. XML
Representational State Transfer (REST) is a software architectural scheme that applies the
components, connectors, and data conduits for many web applications used on the Internet. It
uses and relies on the HTTP protocol and supports a variety of data formats. Extensible Markup
Language (XML) and Security Assertion Markup Language (SAML) are both standards for
exchanging encoded data between two parties, with XML being for more general use and SAML
focused on authentication and authorization data. Secure Shell client (SSH) is a secure method
for allowing remote login to systems over a network.
