WGU D320 (2025) Actual Exam
Questions and Answers A+
Graded
Which .compliance .framework .is .most .relevant .for .organizations .managing
.credit .card .data?
A. .ISO/IEC .27001
B. .PCI .DSS
C. .HIPAA
D. .NIST .SP .800-53
View .Answer
Correct .Answer: .B. .PCI .DSS
Explanation: .PCI .DSS .is .specifically .designed .to .secure .credit .card .data .and
.transactions. .ISO/IEC .27001 .is .a .general .information .security .standard, .HIPAA
.focuses .on .healthcare .data, .and .NIST .SP .800-53 .provides .security .controls .for
.federal .information .systems.
Question .02
Which .security .control .is .designed .to .protect .data .in .use, .particularly .when .it .is
.being .processed .by .applications?
A. .Data .Masking
B. .Homomorphic .Encryption
, C. .Tokenization
D. .Disk .Encryption
View .Answer
Correct .Answer: .B. .Homomorphic .Encryption
Explanation: .Homomorphic .Encryption .allows .data .to .be .processed .while .still
.encrypted, .protecting .it .while .in .use. .Data .Masking .and .Tokenization .protect .data
.at .rest .or .in .transit, .and .Disk .Encryption .secures .data .at .rest.
Question .03
Which .operational .process .involves .the .proactive .identification .and .resolution
.of .issues .that .could .lead .to .incidents .in .the .cloud .environment?
A. .Problem .Management
B. .Incident .Management
C. .Capacity .Management
D. .Change .Management
View .Answer
Correct .Answer: .A. .Problem .Management
Explanation: .Problem .Management .identifies .and .resolves .issues .before .they .lead
.to .incidents. .Incident .Management .deals .with .incidents .as .they .occur, .Capacity
.Management .ensures .resources .meet .demands, .and .Change .Management .handles
.modifications .to .the .environment.
Question .04
Which .risk .management .strategy .involves .sharing .the .risk .with .another .party,
.such .as .through .outsourcing .or .insurance?
A. .Risk .Mitigation
B. .Risk .Acceptance
, C. .Risk .Transference
D. .Risk .Avoidance
View .Answer
Correct .Answer: .C. .Risk .Transference
Explanation: .Risk .Transference .involves .sharing .the .risk .with .another .party, .such
.as .an .insurer .or .outsourced .service .provider. .Risk .Mitigation .reduces .risks, .Risk
.Acceptance .involves .accepting .them, .and .Risk .Avoidance .eliminates .them.
Question .05
Which .U.S. .law .focuses .on .protecting .the .privacy .of .student .educational
.records?
A. .HIPAA
B. .FERPA
C. .SOX
D. .GLBA
View .Answer
Question .06
Which .of .the .following .best .describes .the .purpose .of .a .security .information .and
.event .management .(SIEM) .system .in .cloud .security?
A. .Managing .user .identities .and .access .controls
B. .Centralizing .and .analyzing .security .logs
C. .Encrypting .data .at .rest .and .in .transit
D. .Configuring .firewall .rules .and .policies
View .Answer
Question .07
Questions and Answers A+
Graded
Which .compliance .framework .is .most .relevant .for .organizations .managing
.credit .card .data?
A. .ISO/IEC .27001
B. .PCI .DSS
C. .HIPAA
D. .NIST .SP .800-53
View .Answer
Correct .Answer: .B. .PCI .DSS
Explanation: .PCI .DSS .is .specifically .designed .to .secure .credit .card .data .and
.transactions. .ISO/IEC .27001 .is .a .general .information .security .standard, .HIPAA
.focuses .on .healthcare .data, .and .NIST .SP .800-53 .provides .security .controls .for
.federal .information .systems.
Question .02
Which .security .control .is .designed .to .protect .data .in .use, .particularly .when .it .is
.being .processed .by .applications?
A. .Data .Masking
B. .Homomorphic .Encryption
, C. .Tokenization
D. .Disk .Encryption
View .Answer
Correct .Answer: .B. .Homomorphic .Encryption
Explanation: .Homomorphic .Encryption .allows .data .to .be .processed .while .still
.encrypted, .protecting .it .while .in .use. .Data .Masking .and .Tokenization .protect .data
.at .rest .or .in .transit, .and .Disk .Encryption .secures .data .at .rest.
Question .03
Which .operational .process .involves .the .proactive .identification .and .resolution
.of .issues .that .could .lead .to .incidents .in .the .cloud .environment?
A. .Problem .Management
B. .Incident .Management
C. .Capacity .Management
D. .Change .Management
View .Answer
Correct .Answer: .A. .Problem .Management
Explanation: .Problem .Management .identifies .and .resolves .issues .before .they .lead
.to .incidents. .Incident .Management .deals .with .incidents .as .they .occur, .Capacity
.Management .ensures .resources .meet .demands, .and .Change .Management .handles
.modifications .to .the .environment.
Question .04
Which .risk .management .strategy .involves .sharing .the .risk .with .another .party,
.such .as .through .outsourcing .or .insurance?
A. .Risk .Mitigation
B. .Risk .Acceptance
, C. .Risk .Transference
D. .Risk .Avoidance
View .Answer
Correct .Answer: .C. .Risk .Transference
Explanation: .Risk .Transference .involves .sharing .the .risk .with .another .party, .such
.as .an .insurer .or .outsourced .service .provider. .Risk .Mitigation .reduces .risks, .Risk
.Acceptance .involves .accepting .them, .and .Risk .Avoidance .eliminates .them.
Question .05
Which .U.S. .law .focuses .on .protecting .the .privacy .of .student .educational
.records?
A. .HIPAA
B. .FERPA
C. .SOX
D. .GLBA
View .Answer
Question .06
Which .of .the .following .best .describes .the .purpose .of .a .security .information .and
.event .management .(SIEM) .system .in .cloud .security?
A. .Managing .user .identities .and .access .controls
B. .Centralizing .and .analyzing .security .logs
C. .Encrypting .data .at .rest .and .in .transit
D. .Configuring .firewall .rules .and .policies
View .Answer
Question .07
