WGU PA D320 EXAM FULLY SOLVED AND
UPDATED 2025 2026 LATEST VERSION
VERIFIED FOR ACCURACY ACTUAL
EXAMINATION PAPER 2026 QUESTIONS
WITH ANSWERS GRADED A+
⩥ Capability Maturity Model (CMM). Answer: is a development model
where the maturity relates to the formality and optimization of
processes. When applied to cloud security it would focus on those
aspects as they relate to cloud security.
⩥ Child Online Protection Act (COPA). Answer: - An attempt to restrict
access by minors to material defined as harmful to minors. A permanent
injunction against the law in 2009.
⩥ Cloud Access Security Brokers (CASBs). Answer: monitors network
activity between users and cloud applications and enforces security
policy and blocking malware.
⩥ Cloud Security Alliance (CSA) publishes the Notorious Nine. Answer:
1) Data breaches; 2) Data Loss; 3) Account service traffic hijacking; 4)
Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious
Insiders; 7) Abuse of Cloud Services; 8) Insufficient Due Diligence; 9)
Shared technology Vulnerabilities. There are also implications and
controls associated with each.
,⩥ Cloud Security Alliance (CSA) Security, Trust, and Assurance
Registry (STAR) or CSA STAR. Answer: -- uses the Consensus
Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix
(CCM), and GDPR Self-Assessment as inputs to certify an organization
to Level 1. Level 2 integrates the CSA Cloud Controls Matrix and the
AICPA Trust Service Principles - AT 101 for STAR attestation. STAR
Certification for level to uses the CSA Cloud Controls Matrix and the
requirements of the ISO/IEC 27001:2013 management system standard
together with the CSA Cloud Controls Matrix. Certification certificates
follow normal ISO/IEC 27001 protocol for a 3rd party assessment
⩥ Cloud Security Alliance Cloud Controls Matrix (CSA CCM). Answer:
Composed of 17 domains covering key elements of cloud. It contains
170 objectives within the domains. They integrate with the STAR
program.
⩥ COBIT. Answer: or Control Objectives for Information and Related
Technologies is a framework for IT governance and management.
Initially used to achieve compliance with Sarbanes-Oxley and focused
on IT controls. Since 2019 the emphasis has shifted to information
governance. It is focused on these 5 principles- 1. Meeting Stakeholder
Needs; 2. Covering the Enterprise End-to-End; 3. Applying a Single
Integrated Framework; 4. Enabling a Holistic Approach; and 5.
Separating Governance from Management.
,⩥ Consensus Assessments Initiative Questionnaire (CAIQ). Answer: is
an initiative of the Cloud Security Alliance to provide an industry-
accepted documentation of security controls and as of 2020 is combined
with the Cloud Controls Matrix. They can be used as evidence for entry
to the CSA STAR registry.
⩥ DLP -- Data Los Prevention. Answer: is ensured by a set of tools,
procedures, and policy to ensure sensitive, proprietary, and PII is not lost
or misused. It helps to provide compliance with numerous laws and
compliance requirements by enforcing preventative and detective
measures in the organization.
⩥ ENISA - European Union Agency for Cybersecurity. Answer: is a
Cyber Security awareness association that provides support, information,
and collaboration on security issues. They also publish a top x threats
each year. The last few years they have included 15 threats each year.
⩥ Federal Information Processing Standard (FIPS) 140-2. Answer: is
mandatory for all US government, military, contractors doing business
with the government and regulated industries such as financial and
health-care institutions. IT is being succeeded by FIPS 140-3. FIPS 140-
2 has four levels with 1 being the lowest level of security through 4 as
the highest. Testing under FIPS 140-2 is done by 23 accredited
Cryptographic Module Testing laboratories.
⩥ Federal Information Systems Management Act (FISMA). Answer: is a
US law that makes mandatory requirements for federal agencies to
, develop, document, and implement management cyber security. NIST
plays a major role in implementing FISMA and has promulgated
numerous security standards and guidelines. One key guideline is the
Risk Management Framework (RMF). Office of Management and
Budget (OMB) monitors compliance with NIST programs.
⩥ Fiber Channel. Answer: is a data transfer protocol used to connect
servers to Storage Area Networks (SAN) in data centers. It typically runs
on fiber optic cables but can also run on copper. Data rates range from 1
to 128 gigabit/sec.
⩥ FIPS 140-2. Answer: Used for protecting sensitive but unclassified
information by the federal government. The standard provides four
increasing, qualitative levels of security: Level 1, Level 2, Level 3, and
Level 4. The Cryptographic Module Validation Program (CMVP)
validates cryptographic modules to Federal Information Processing
Standard (FIPS) 140-2 and other cryptography-based standards such as
CMVP. The CMVP is a joint effort between NIST and the
Communications Security Establishment (CSE) of the Government of
Canada. Products validated as conforming to FIPS 140-2 are accepted by
the Federal agencies of both countries.
⩥ GDPR - General Data Protection Regulation. Answer: gives
individuals control over their personal data. It also simplified regulation
by forcing all member states to comply with a single regulation. GDPR
specifies rights of the data subject, including access rectification,
erasure, object to use of PII. It poses requirements on data controllers
and data processors.
UPDATED 2025 2026 LATEST VERSION
VERIFIED FOR ACCURACY ACTUAL
EXAMINATION PAPER 2026 QUESTIONS
WITH ANSWERS GRADED A+
⩥ Capability Maturity Model (CMM). Answer: is a development model
where the maturity relates to the formality and optimization of
processes. When applied to cloud security it would focus on those
aspects as they relate to cloud security.
⩥ Child Online Protection Act (COPA). Answer: - An attempt to restrict
access by minors to material defined as harmful to minors. A permanent
injunction against the law in 2009.
⩥ Cloud Access Security Brokers (CASBs). Answer: monitors network
activity between users and cloud applications and enforces security
policy and blocking malware.
⩥ Cloud Security Alliance (CSA) publishes the Notorious Nine. Answer:
1) Data breaches; 2) Data Loss; 3) Account service traffic hijacking; 4)
Insecure Interfaces and APIs; 5) Denial of Service; 6) Malicious
Insiders; 7) Abuse of Cloud Services; 8) Insufficient Due Diligence; 9)
Shared technology Vulnerabilities. There are also implications and
controls associated with each.
,⩥ Cloud Security Alliance (CSA) Security, Trust, and Assurance
Registry (STAR) or CSA STAR. Answer: -- uses the Consensus
Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix
(CCM), and GDPR Self-Assessment as inputs to certify an organization
to Level 1. Level 2 integrates the CSA Cloud Controls Matrix and the
AICPA Trust Service Principles - AT 101 for STAR attestation. STAR
Certification for level to uses the CSA Cloud Controls Matrix and the
requirements of the ISO/IEC 27001:2013 management system standard
together with the CSA Cloud Controls Matrix. Certification certificates
follow normal ISO/IEC 27001 protocol for a 3rd party assessment
⩥ Cloud Security Alliance Cloud Controls Matrix (CSA CCM). Answer:
Composed of 17 domains covering key elements of cloud. It contains
170 objectives within the domains. They integrate with the STAR
program.
⩥ COBIT. Answer: or Control Objectives for Information and Related
Technologies is a framework for IT governance and management.
Initially used to achieve compliance with Sarbanes-Oxley and focused
on IT controls. Since 2019 the emphasis has shifted to information
governance. It is focused on these 5 principles- 1. Meeting Stakeholder
Needs; 2. Covering the Enterprise End-to-End; 3. Applying a Single
Integrated Framework; 4. Enabling a Holistic Approach; and 5.
Separating Governance from Management.
,⩥ Consensus Assessments Initiative Questionnaire (CAIQ). Answer: is
an initiative of the Cloud Security Alliance to provide an industry-
accepted documentation of security controls and as of 2020 is combined
with the Cloud Controls Matrix. They can be used as evidence for entry
to the CSA STAR registry.
⩥ DLP -- Data Los Prevention. Answer: is ensured by a set of tools,
procedures, and policy to ensure sensitive, proprietary, and PII is not lost
or misused. It helps to provide compliance with numerous laws and
compliance requirements by enforcing preventative and detective
measures in the organization.
⩥ ENISA - European Union Agency for Cybersecurity. Answer: is a
Cyber Security awareness association that provides support, information,
and collaboration on security issues. They also publish a top x threats
each year. The last few years they have included 15 threats each year.
⩥ Federal Information Processing Standard (FIPS) 140-2. Answer: is
mandatory for all US government, military, contractors doing business
with the government and regulated industries such as financial and
health-care institutions. IT is being succeeded by FIPS 140-3. FIPS 140-
2 has four levels with 1 being the lowest level of security through 4 as
the highest. Testing under FIPS 140-2 is done by 23 accredited
Cryptographic Module Testing laboratories.
⩥ Federal Information Systems Management Act (FISMA). Answer: is a
US law that makes mandatory requirements for federal agencies to
, develop, document, and implement management cyber security. NIST
plays a major role in implementing FISMA and has promulgated
numerous security standards and guidelines. One key guideline is the
Risk Management Framework (RMF). Office of Management and
Budget (OMB) monitors compliance with NIST programs.
⩥ Fiber Channel. Answer: is a data transfer protocol used to connect
servers to Storage Area Networks (SAN) in data centers. It typically runs
on fiber optic cables but can also run on copper. Data rates range from 1
to 128 gigabit/sec.
⩥ FIPS 140-2. Answer: Used for protecting sensitive but unclassified
information by the federal government. The standard provides four
increasing, qualitative levels of security: Level 1, Level 2, Level 3, and
Level 4. The Cryptographic Module Validation Program (CMVP)
validates cryptographic modules to Federal Information Processing
Standard (FIPS) 140-2 and other cryptography-based standards such as
CMVP. The CMVP is a joint effort between NIST and the
Communications Security Establishment (CSE) of the Government of
Canada. Products validated as conforming to FIPS 140-2 are accepted by
the Federal agencies of both countries.
⩥ GDPR - General Data Protection Regulation. Answer: gives
individuals control over their personal data. It also simplified regulation
by forcing all member states to comply with a single regulation. GDPR
specifies rights of the data subject, including access rectification,
erasure, object to use of PII. It poses requirements on data controllers
and data processors.
