MANAGING CLOUD SECURITY –
WGU C838
COURSE | UPDATED OA EXAM Q&A |
VERIFIED
CORRECT ANSWERS 2026/2027
Which type of control should be used to implement custom controls
that safeguard data?
A Public and internal sharing
B Options for access
C Management plane
D Application level - ✔✔✔ANSWER-D
Which element is protected by an encryption system?
1 | Pa g e
,A Ciphertext
B Management engine
C Data
D Public key - ✔✔✔ANSWER-C
A cloud administrator recommends using tokenization as an alternative
to protecting data without encryption. The administrator needs to
make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
BThe tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ✔✔✔ANSWER-D
A company has recently defined classification levels for its data.
During which phase of the cloud data life cycle should this definition
occur?
A Use
B Create
,C Share
D Archive - ✔✔✔ANSWER-B
Which jurisdictional data protection includes dealing with the
international transfer of data?
A Financial modernization
B Secure choice authorization (SCA)
C Sarbanes-Oxley act (SOX)
D Privacy regulation - ✔✔✔ANSWER-D
jurisdictional data protection controls the ways that financial
institutions deal with the private information of individuals?
A Stored communications act (SCA)
B Health insurance portability and accountability act (HIPAA)
C Gramm-Leach-Bliley act (GLBA)
D Sarbanes-Oxley act (SOX) - ✔✔✔ANSWER-C
Which jurisdictional data protection safeguards protected health
information (PHI)?
A Directive 95/46/EC
B Safe harbor regime
, C Personal Data Protection Act of 2000
D Health Insurance Portability and Accountability Act (HIPAA) -
✔ ✔✔ANSWER-D
How is the compliance of the cloud service provider's legal and
regulatory requirements verified when securing personally
identifiable information (PII) data in the cloud?
A Contractual agreements
B Third-party audits and attestations
C e-Discovery process
D Researching data retention laws - ✔✔✔ANSWER-B
Which security strategy is associated with data rights management
solutions?
A Unrestricted replication
B Limited documents type support
C Static policy control
D Continuous auditing - ✔✔✔ANSWER-D
Who retains final ownership for granting data access and permissions in
a shared responsibility model?
WGU C838
COURSE | UPDATED OA EXAM Q&A |
VERIFIED
CORRECT ANSWERS 2026/2027
Which type of control should be used to implement custom controls
that safeguard data?
A Public and internal sharing
B Options for access
C Management plane
D Application level - ✔✔✔ANSWER-D
Which element is protected by an encryption system?
1 | Pa g e
,A Ciphertext
B Management engine
C Data
D Public key - ✔✔✔ANSWER-C
A cloud administrator recommends using tokenization as an alternative
to protecting data without encryption. The administrator needs to
make an authorized application request to access the data.
Which step should occur immediately before this action is taken?
A The tokenization server returns the token to the application.
BThe tokenization server generates the token.
C The application collects a token.
D The application stores the token. - ✔✔✔ANSWER-D
A company has recently defined classification levels for its data.
During which phase of the cloud data life cycle should this definition
occur?
A Use
B Create
,C Share
D Archive - ✔✔✔ANSWER-B
Which jurisdictional data protection includes dealing with the
international transfer of data?
A Financial modernization
B Secure choice authorization (SCA)
C Sarbanes-Oxley act (SOX)
D Privacy regulation - ✔✔✔ANSWER-D
jurisdictional data protection controls the ways that financial
institutions deal with the private information of individuals?
A Stored communications act (SCA)
B Health insurance portability and accountability act (HIPAA)
C Gramm-Leach-Bliley act (GLBA)
D Sarbanes-Oxley act (SOX) - ✔✔✔ANSWER-C
Which jurisdictional data protection safeguards protected health
information (PHI)?
A Directive 95/46/EC
B Safe harbor regime
, C Personal Data Protection Act of 2000
D Health Insurance Portability and Accountability Act (HIPAA) -
✔ ✔✔ANSWER-D
How is the compliance of the cloud service provider's legal and
regulatory requirements verified when securing personally
identifiable information (PII) data in the cloud?
A Contractual agreements
B Third-party audits and attestations
C e-Discovery process
D Researching data retention laws - ✔✔✔ANSWER-B
Which security strategy is associated with data rights management
solutions?
A Unrestricted replication
B Limited documents type support
C Static policy control
D Continuous auditing - ✔✔✔ANSWER-D
Who retains final ownership for granting data access and permissions in
a shared responsibility model?
