WGU PA D320 EXAM FULLY SOLVED AND
UPDATED 2025 2026 LATEST VERSION
VERIFIED FOR ACCURACY CERTIFICATION
TEST SCRIPT 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
⩥ NIST SP 800-53. Answer: provides security and privacy controls for
information systems and organizations.
⩥ NIST SP 800-92. Answer: Guide to Computer Security Log
Management "seeks to assist organizations in understanding the need for
sound computer security log management. It provides practical, real-
world guidance on developing, implementing, and maintaining effective
log management practices throughout an enterprise. The guidance in this
publication covers several topics, including establishing log
management infrastructures, and developing and performing robust log
management processes throughout an organization. The publication
presents logging technologies from a high-level viewpoint."
⩥ Open Web Application Security Project (OWASP). Answer: is a
nonprofit organization working to improve the security of software.
They are known for their top 10 most critical security concerns for web
application security. See https://owasp.org/www-project-top-ten/
,⩥ Organization for Economic Cooperation and Development (OECD).
Answer: produced 7 principals to govern the protection of data. They
are-
1. Notice—data subjects should be given notice when their data is being
collected;
2. Purpose—data should only be used for the purpose stated and not for
any other purposes;
3. Consent—data should not be disclosed without the data subject's
consent;
4. Security—collected data should be kept secure from any potential
abuses;
5. Disclosure—data subjects should be informed as to who is collecting
their data;
6. Access—data subjects should be allowed to access their data and
make corrections to any inaccurate data
7. Accountability—data subjects should have a method available to them
to hold data collectors accountable for not following the above
principles.
⩥ Organizational Normative Framework (ONF), Application Normative
Framework (ANF). Answer: The Organizational Normative Framework
(ONF) is a framework which contains multiple application security best
practices know as Application Normative Frameworks (ANFs). One
ONF per organization with as many ANFs as needed.
,⩥ Payment Card Industry Data Security Standard (PCI DSS). Answer: is
an industry requirement that imposes on anyone who processes or
accepts credit cards. The PCI can impose fines on violators if they fail to
meet PCI DSS requirements. Depending on the size of the vendor,
external, independent audits can be required in addition to higher
requirements.
⩥ Personal Information Protection and Electronic Documents Act
(PIPEDA). Answer: is a Canadian data privacy law that protects the PII
of individuals. It provides for individuals to inspect the data held by and
organization and challenge its accuracy. It also requires an organization
to obtain the consent of an individual when collecting, using, and
disclosing that PII.
⩥ Privacy Level Agreement (PLA). Answer: is and agreement set to
contract how a third-party provider will ensure the confidentiality of
information an organization might permit them to access.
⩥ Recovery time objective (RTO). Answer: is the duration of time and
specified service level to which a business process must be restored to.
⩥ Risk Management Framework (RMF). Answer: is a set of standards
and guidelines to develop a risk-based approach to Information Security.
It helps and organization prepare for risk management, categorize
systems and information based on impact studies, select appropriate
controls based on risk assessments, implement and document the
, controls, assess how well the controls work, authorize the system to
operate, and monitor controls and changes to the risks to the system.
⩥ RPO Recovery Point Objective. Answer: refers to how much data can
be lost before that loss causes significant harm to the business. This
often drives backup and real-time duplication requirements.
⩥ RTO. Answer: is the maximum time after an outage of a computer or
other resource to resume normal business operations.
⩥ SABSA. Answer: stands for Sherwood Applied Business Security
Architecture, which is a framework for enterprise security architecture
and service management.
⩥ SEC. Answer: is the US Securities and Exchange Commission whose
primary purpose is to combat market manipulation. It also enforces the
Sarbanes-Oxley Act.
⩥ SOC 1 Report. Answer: This report focuses on controls associated
with financial services.
⩥ SOC 2 Type 2 Report. Answer: the SOC 2 reports are composed of
five principles: confidentiality, processing integrity, availability, privacy,
and security.
UPDATED 2025 2026 LATEST VERSION
VERIFIED FOR ACCURACY CERTIFICATION
TEST SCRIPT 2026 FULL QUESTIONS AND
SOLUTIONS GRADED A+
⩥ NIST SP 800-53. Answer: provides security and privacy controls for
information systems and organizations.
⩥ NIST SP 800-92. Answer: Guide to Computer Security Log
Management "seeks to assist organizations in understanding the need for
sound computer security log management. It provides practical, real-
world guidance on developing, implementing, and maintaining effective
log management practices throughout an enterprise. The guidance in this
publication covers several topics, including establishing log
management infrastructures, and developing and performing robust log
management processes throughout an organization. The publication
presents logging technologies from a high-level viewpoint."
⩥ Open Web Application Security Project (OWASP). Answer: is a
nonprofit organization working to improve the security of software.
They are known for their top 10 most critical security concerns for web
application security. See https://owasp.org/www-project-top-ten/
,⩥ Organization for Economic Cooperation and Development (OECD).
Answer: produced 7 principals to govern the protection of data. They
are-
1. Notice—data subjects should be given notice when their data is being
collected;
2. Purpose—data should only be used for the purpose stated and not for
any other purposes;
3. Consent—data should not be disclosed without the data subject's
consent;
4. Security—collected data should be kept secure from any potential
abuses;
5. Disclosure—data subjects should be informed as to who is collecting
their data;
6. Access—data subjects should be allowed to access their data and
make corrections to any inaccurate data
7. Accountability—data subjects should have a method available to them
to hold data collectors accountable for not following the above
principles.
⩥ Organizational Normative Framework (ONF), Application Normative
Framework (ANF). Answer: The Organizational Normative Framework
(ONF) is a framework which contains multiple application security best
practices know as Application Normative Frameworks (ANFs). One
ONF per organization with as many ANFs as needed.
,⩥ Payment Card Industry Data Security Standard (PCI DSS). Answer: is
an industry requirement that imposes on anyone who processes or
accepts credit cards. The PCI can impose fines on violators if they fail to
meet PCI DSS requirements. Depending on the size of the vendor,
external, independent audits can be required in addition to higher
requirements.
⩥ Personal Information Protection and Electronic Documents Act
(PIPEDA). Answer: is a Canadian data privacy law that protects the PII
of individuals. It provides for individuals to inspect the data held by and
organization and challenge its accuracy. It also requires an organization
to obtain the consent of an individual when collecting, using, and
disclosing that PII.
⩥ Privacy Level Agreement (PLA). Answer: is and agreement set to
contract how a third-party provider will ensure the confidentiality of
information an organization might permit them to access.
⩥ Recovery time objective (RTO). Answer: is the duration of time and
specified service level to which a business process must be restored to.
⩥ Risk Management Framework (RMF). Answer: is a set of standards
and guidelines to develop a risk-based approach to Information Security.
It helps and organization prepare for risk management, categorize
systems and information based on impact studies, select appropriate
controls based on risk assessments, implement and document the
, controls, assess how well the controls work, authorize the system to
operate, and monitor controls and changes to the risks to the system.
⩥ RPO Recovery Point Objective. Answer: refers to how much data can
be lost before that loss causes significant harm to the business. This
often drives backup and real-time duplication requirements.
⩥ RTO. Answer: is the maximum time after an outage of a computer or
other resource to resume normal business operations.
⩥ SABSA. Answer: stands for Sherwood Applied Business Security
Architecture, which is a framework for enterprise security architecture
and service management.
⩥ SEC. Answer: is the US Securities and Exchange Commission whose
primary purpose is to combat market manipulation. It also enforces the
Sarbanes-Oxley Act.
⩥ SOC 1 Report. Answer: This report focuses on controls associated
with financial services.
⩥ SOC 2 Type 2 Report. Answer: the SOC 2 reports are composed of
five principles: confidentiality, processing integrity, availability, privacy,
and security.
