WGU D320 Exam Study Questions
with Correct Answers
1. A company configures a backup solution that will automatically sync the
data between the services of multiple cloud service providers to prevent data
redundancy. One concern is that the different service offerings may not have
the same level of data protection and may not allow direct syncing between
the providers.
Which architectural concept addresses this concern?
Interoperability
Availability
Resiliency
Scalability - ANSWER Interoperability
2. Which design pillar represents the ability of a workload to execute its
intended function accurately and consistently when it is expected to?
Security
Operational excellence
Cost optimization
Reliability - ANSWER Reliability
3. A cloud customer wants to store application programming interface (API)
tokens for their applications so they can be accessed from anywhere.
Which cloud provider service should the customer use?
,Secrets management
Multifactor authentication
Single sign-on
Federated identity - ANSWER Secrets management
4. Which purpose does an intrusion prevention system (IPS) serve when
compared to an intrusion detection system (IDS)?
An IPS detects and stops malicious traffic, while an IDS detects and alerts
about malicious traffic.
An IPS detects and alerts about malicious traffic, while an IDS detects and
stops malicious traffic.
An IDS tells an IPS what malicious traffic it detects, and then the IPS blocks
that traffic.
An IPS tells an IDS what malicious traffic it detects, and then the IDS blocks
that traf - ANSWER An IPS detects and stops malicious traffic, while an IDS
detects and alerts about malicious traffic.
5. Mean time between failure (MTBF) - ANSWER is the predicted time
between failures of a system during normal system operation. It applies only
to unplanned maintenance and excludes scheduled maintenance, inspection,
recalibration, or prevent parts replacement.
6. Mean time to repair (MTTR) - ANSWER is the mean time it takes to repair
a system. It includes both the repair time and testing time.
7. NIST National Institute of Standards and Technology - ANSWER is an
agency of the Department of Commerce whose mission is to promote
, innovation and industrial competitiveness. It also creates numerous standard
and requirements for the DoD, Federal Government, and government
contractors relating to Cyber security.
8. NIST SP 800-37 - ANSWER establishes the Risk Management Framework
using a life cycle approach for security and privacy. "The RMF provides a
disciplined, structured, and flexible process for managing security and
privacy risk that includes information security categorization; control
selection, implementation, and assessment; system and common control
authorizations; and continuous monitoring. The RMF includes activities to
prepare organizations to execute the framework at appropriate risk
management levels. The RMF also promotes near real-time risk
management and ongoing information system and common control
authorization through the implementation of continuous monitoring
processes; provides senior leaders and executives with the necessary
information to make efficient, cost-effective, risk management decisions
about the systems supporting their missions and business functions; and
incorporates security and privacy into the system development life cycle."
9. NIST SP 800-53 - ANSWER provides security and privacy controls for
information systems and organizations.
10.NIST SP 800-92 - ANSWER Guide to Computer Security Log
Management "seeks to assist organizations in understanding the need for
sound computer security log management. It provides practical, real-world
guidance on developing, implementing, and maintaining effective log
management practices throughout an enterprise. The guidance in this
publication covers several topics, including establishing log management
infrastructures, and developing and performing robust log management
processes throughout an organization. The publication presents logging
technologies from a high-level viewpoint."
, 11.Open Web Application Security Project (OWASP) - ANSWER is a
nonprofit organization working to improve the security of software. They are
known for their top 10 most critical security concerns for web application
security. See https://owasp.org/www-project-top-ten/
12.Organization for Economic Cooperation and Development (OECD) -
ANSWER produced 7 principals to govern the protection of data. They are-
Notice—data subjects should be given notice when their data is being collected;
Purpose—data should only be used for the purpose stated and not for any other
purposes;
Consent—data should not be disclosed without the data subject's consent;
Security—collected data should be kept secure from any potential abuses;
Disclosure—data subjects should be informed as to who is collecting their data;
Access—data subjects should be allowed to access their data and make
corrections to any inaccurate data
Accountability—data subjects should have a method available to them to hold
data collectors accountable for not following the above principles.
13.Organizational Normative Framework (ONF), Application Normative
Framework (ANF) - ANSWER The Organizational Normative Framework
(ONF) is a framework which contains multiple application security best
practices know as Application Normative Frameworks (ANFs). One ONF
per organization with as many ANFs as needed.
14.Payment Card Industry Data Security Standard (PCI DSS) - ANSWER is an
industry requirement that imposes on anyone who processes or accepts
credit cards. The PCI can impose fines on violators if they fail to meet PCI
DSS requirements. Depending on the size of the vendor, external,
independent audits can be required in addition to higher requirements.
with Correct Answers
1. A company configures a backup solution that will automatically sync the
data between the services of multiple cloud service providers to prevent data
redundancy. One concern is that the different service offerings may not have
the same level of data protection and may not allow direct syncing between
the providers.
Which architectural concept addresses this concern?
Interoperability
Availability
Resiliency
Scalability - ANSWER Interoperability
2. Which design pillar represents the ability of a workload to execute its
intended function accurately and consistently when it is expected to?
Security
Operational excellence
Cost optimization
Reliability - ANSWER Reliability
3. A cloud customer wants to store application programming interface (API)
tokens for their applications so they can be accessed from anywhere.
Which cloud provider service should the customer use?
,Secrets management
Multifactor authentication
Single sign-on
Federated identity - ANSWER Secrets management
4. Which purpose does an intrusion prevention system (IPS) serve when
compared to an intrusion detection system (IDS)?
An IPS detects and stops malicious traffic, while an IDS detects and alerts
about malicious traffic.
An IPS detects and alerts about malicious traffic, while an IDS detects and
stops malicious traffic.
An IDS tells an IPS what malicious traffic it detects, and then the IPS blocks
that traffic.
An IPS tells an IDS what malicious traffic it detects, and then the IDS blocks
that traf - ANSWER An IPS detects and stops malicious traffic, while an IDS
detects and alerts about malicious traffic.
5. Mean time between failure (MTBF) - ANSWER is the predicted time
between failures of a system during normal system operation. It applies only
to unplanned maintenance and excludes scheduled maintenance, inspection,
recalibration, or prevent parts replacement.
6. Mean time to repair (MTTR) - ANSWER is the mean time it takes to repair
a system. It includes both the repair time and testing time.
7. NIST National Institute of Standards and Technology - ANSWER is an
agency of the Department of Commerce whose mission is to promote
, innovation and industrial competitiveness. It also creates numerous standard
and requirements for the DoD, Federal Government, and government
contractors relating to Cyber security.
8. NIST SP 800-37 - ANSWER establishes the Risk Management Framework
using a life cycle approach for security and privacy. "The RMF provides a
disciplined, structured, and flexible process for managing security and
privacy risk that includes information security categorization; control
selection, implementation, and assessment; system and common control
authorizations; and continuous monitoring. The RMF includes activities to
prepare organizations to execute the framework at appropriate risk
management levels. The RMF also promotes near real-time risk
management and ongoing information system and common control
authorization through the implementation of continuous monitoring
processes; provides senior leaders and executives with the necessary
information to make efficient, cost-effective, risk management decisions
about the systems supporting their missions and business functions; and
incorporates security and privacy into the system development life cycle."
9. NIST SP 800-53 - ANSWER provides security and privacy controls for
information systems and organizations.
10.NIST SP 800-92 - ANSWER Guide to Computer Security Log
Management "seeks to assist organizations in understanding the need for
sound computer security log management. It provides practical, real-world
guidance on developing, implementing, and maintaining effective log
management practices throughout an enterprise. The guidance in this
publication covers several topics, including establishing log management
infrastructures, and developing and performing robust log management
processes throughout an organization. The publication presents logging
technologies from a high-level viewpoint."
, 11.Open Web Application Security Project (OWASP) - ANSWER is a
nonprofit organization working to improve the security of software. They are
known for their top 10 most critical security concerns for web application
security. See https://owasp.org/www-project-top-ten/
12.Organization for Economic Cooperation and Development (OECD) -
ANSWER produced 7 principals to govern the protection of data. They are-
Notice—data subjects should be given notice when their data is being collected;
Purpose—data should only be used for the purpose stated and not for any other
purposes;
Consent—data should not be disclosed without the data subject's consent;
Security—collected data should be kept secure from any potential abuses;
Disclosure—data subjects should be informed as to who is collecting their data;
Access—data subjects should be allowed to access their data and make
corrections to any inaccurate data
Accountability—data subjects should have a method available to them to hold
data collectors accountable for not following the above principles.
13.Organizational Normative Framework (ONF), Application Normative
Framework (ANF) - ANSWER The Organizational Normative Framework
(ONF) is a framework which contains multiple application security best
practices know as Application Normative Frameworks (ANFs). One ONF
per organization with as many ANFs as needed.
14.Payment Card Industry Data Security Standard (PCI DSS) - ANSWER is an
industry requirement that imposes on anyone who processes or accepts
credit cards. The PCI can impose fines on violators if they fail to meet PCI
DSS requirements. Depending on the size of the vendor, external,
independent audits can be required in addition to higher requirements.
