WGU - MANAGING CLOUD SECURITY - D320 MOST RECENT EXAM COMPLETE
(2026) EXAM QUESTIONS AND ANSWERS (VERIFIED ANSWERS) (LATEST
UPDATE 2026) UPDATE!!
Question 1
In a cloud computing arrangement, who is ultimately and legally responsible for any loss of data,
even if the loss occurred due to the provider's negligence or a malicious act by a third party?
A) The Cloud Service Provider (CSP)
B) The Regulators
C) The Cloud Customer
D) The Data Processor
E) The Cyber Insurance Underwriter
Correct Answer: C) The Cloud Customer
Rationale: Regardless of the service model (IaaS, PaaS, SaaS) or the fault of the provider,
the legal liability for data protection remains with the cloud customer. Contracts may offer
some indemnity, but the ultimate accountability to regulators and data subjects stays with
the organization that owns the data.
Question 2
Within the context of cloud security and the Information Life Cycle, which of the following is
categorized as a primary organizational asset?
A) Virtual Machines
B) Hypervisors
C) Data
D) Network Bandwidth
E) API Endpoints
Correct Answer: C) Data
Rationale: While hardware and software are important, data is considered the most critical
asset that an organization must protect in the cloud. It is the core element around which all
security controls and privacy regulations are built.
Question 3
A cloud architect is reviewing the Data Life Cycle. Which of the following represents the correct
sequence of phases from beginning to end?
A) Create, Use, Store, Share, Archive, Destroy
B) Create, Store, Use, Share, Archive, Destroy
C) Store, Create, Use, Share, Archive, Destroy
D) Create, Share, Use, Store, Archive, Destroy
E) Create, Store, Share, Use, Archive, Destroy
Correct Answer: B) Create, Store, Use, Share, Archive, Destroy
Rationale: The Data Life Cycle begins with the creation of data. It is then stored (pushed to
the cloud), used for processing, shared with authorized parties, archived for long-term
retention when no longer active, and finally destroyed when it is no longer needed.
, 2
Question 4
During the "Create" phase of the Data Life Cycle, who is primarily responsible for the
categorization and classification of the data?
A) The Cloud Service Provider
B) The Data Custodian
C) The Data Owner
D) The Security Administrator
E) The System Auditor
Correct Answer: C) The Data Owner
Rationale: The Data Owner has the primary responsibility for determining the value of the
data and assigning it a classification (e.g., Public, Confidential) and category during the
initial phase of its life cycle.
Question 5
When uploading data to the cloud during the "Store" phase, what is the preferred method to
ensure the confidentiality and integrity of the data in transit?
A) FTP (File Transfer Protocol)
B) HTTP 1.1
C) IPSec or TLS 1.2+ VPNs
D) Telnet sessions
E) Unencrypted SMTP
Correct Answer: C) IPSec and TLS 1.2 (or higher version) VPNs
Rationale: To prevent eavesdropping and tampering during the transfer process,
organizations should use secure encrypted tunnels such as IPSec or Transport Layer
Security (TLS) version 1.2 or higher.
Question 6
Which of the following describes a recommended practice (a "Don't") regarding the storage of
cryptographic keys used to encrypt data in the cloud?
A) Store keys in a hardware security module (HSM) on-premises.
B) Store keys with the cloud service provider.
C) Use a Cloud Access Security Broker (CASB) to manage keys.
D) Rotate keys every 90 days.
E) Split keys among multiple security officers.
Correct Answer: B) Do not store crypto keys with the cloud provider
Rationale: To maintain control and prevent a provider from accessing sensitive data without
authorization, customers should not store their cryptographic keys with the same provider
that hosts the encrypted data, regardless of whether a CASB is used.
Question 7
Which entity is responsible for arranging, governing, and overseeing cloud services to ensure
, 3
compliance with legal and industry-specific standards?
A) The Data Owner
B) The Regulators
C) The Cloud Carrier
D) The Cloud Broker
E) The Application Developer
Correct Answer: B) Regulators
Rationale: Regulators are the authorities who set the rules and verify that cloud services
and customers comply with legal mandates and standards. They define the framework
within which cloud services must be arranged.
Question 8
An organization decides to purchase a cyber insurance policy to cover potential financial losses
from a data breach. Which risk management strategy does this represent?
A) Risk Avoidance
B) Risk Acceptance
C) Risk Mitigation
D) Risk Transference
E) Risk Rejection
Correct Answer: D) Transference
Rationale: Risk transference involves shifting the financial consequences of a risk to a third
party, such as an insurance company. It is a fundamental method of addressing risk when
the cost of mitigation is too high.
Question 9
Under the "fair-use" exception for copyrighted material, which of the following activities is
generally permitted without the copyright holder's explicit permission?
A) Commercial resale of the work
B) Critique or commentary
C) Distribution of the entire work for profit
D) Removing the original author's name
E) Using the material as a primary corporate logo
Correct Answer: B) Critique
Rationale: Fair use is a legal doctrine that allows limited use of copyrighted material for
purposes such as criticism, comment, news reporting, teaching, and research.
Question 10
Which technique is used to obscure sensitive data stored in the cloud so that the remaining data
does not identify a specific individual?
A) Symmetric Encryption
B) Hashing with Salt
, 4
C) Anonymization
D) Data Duplication
E) Steganography
Correct Answer: C) Anonymization
Rationale: Anonymization is the process of removing personally identifiable information
(PII) from data sets so that the people whom the data describe remain anonymous.
Question 11
Which risk is specifically associated with the Infrastructure as a Service (IaaS) model?
A) Proprietary Formats
B) Persistent Backdoors in managed applications
C) Personnel Threats and external physical threats
D) Interoperability between different SaaS platforms
E) Lack of control over the virtual machine's OS
Correct Answer: C) Personnel Threats, External Threats, and Lack of Specific Skillsets
Rationale: In IaaS, the customer manages more of the stack (including the OS and
middleware). Risks include the inability of staff to manage complex infrastructure and
threats from the CSP's personnel who have physical access to the underlying hardware.
Question 12
Which of the following is a risk specifically prevalent in Platform as a Service (PaaS)?
A) Physical server maintenance
B) Interoperability issues and Resource Sharing
C) Web application security flaws in the provider's office suite
D) Improper destruction of physical hard drives by the customer
E) Lack of control over the underlying network hardware
Correct Answer: B) Interoperability Issues, Persistent Backdoors, Virtualization, and
Resource Sharing
Rationale: PaaS relies heavily on shared resources and specific development frameworks.
Issues often arise when trying to move applications between different PaaS providers
(interoperability) or when the provider's environment contains hidden backdoors.
Question 13
An organization is concerned that if they leave their current SaaS provider, they will not be able
to move their data because it is stored in a unique, non-standard way. Which SaaS risk does this
describe?
A) Virtualization Vulnerabilities
B) Web Application Security
C) Proprietary Formats
D) Personnel Threats
E) Lack of Specific Skillsets
(2026) EXAM QUESTIONS AND ANSWERS (VERIFIED ANSWERS) (LATEST
UPDATE 2026) UPDATE!!
Question 1
In a cloud computing arrangement, who is ultimately and legally responsible for any loss of data,
even if the loss occurred due to the provider's negligence or a malicious act by a third party?
A) The Cloud Service Provider (CSP)
B) The Regulators
C) The Cloud Customer
D) The Data Processor
E) The Cyber Insurance Underwriter
Correct Answer: C) The Cloud Customer
Rationale: Regardless of the service model (IaaS, PaaS, SaaS) or the fault of the provider,
the legal liability for data protection remains with the cloud customer. Contracts may offer
some indemnity, but the ultimate accountability to regulators and data subjects stays with
the organization that owns the data.
Question 2
Within the context of cloud security and the Information Life Cycle, which of the following is
categorized as a primary organizational asset?
A) Virtual Machines
B) Hypervisors
C) Data
D) Network Bandwidth
E) API Endpoints
Correct Answer: C) Data
Rationale: While hardware and software are important, data is considered the most critical
asset that an organization must protect in the cloud. It is the core element around which all
security controls and privacy regulations are built.
Question 3
A cloud architect is reviewing the Data Life Cycle. Which of the following represents the correct
sequence of phases from beginning to end?
A) Create, Use, Store, Share, Archive, Destroy
B) Create, Store, Use, Share, Archive, Destroy
C) Store, Create, Use, Share, Archive, Destroy
D) Create, Share, Use, Store, Archive, Destroy
E) Create, Store, Share, Use, Archive, Destroy
Correct Answer: B) Create, Store, Use, Share, Archive, Destroy
Rationale: The Data Life Cycle begins with the creation of data. It is then stored (pushed to
the cloud), used for processing, shared with authorized parties, archived for long-term
retention when no longer active, and finally destroyed when it is no longer needed.
, 2
Question 4
During the "Create" phase of the Data Life Cycle, who is primarily responsible for the
categorization and classification of the data?
A) The Cloud Service Provider
B) The Data Custodian
C) The Data Owner
D) The Security Administrator
E) The System Auditor
Correct Answer: C) The Data Owner
Rationale: The Data Owner has the primary responsibility for determining the value of the
data and assigning it a classification (e.g., Public, Confidential) and category during the
initial phase of its life cycle.
Question 5
When uploading data to the cloud during the "Store" phase, what is the preferred method to
ensure the confidentiality and integrity of the data in transit?
A) FTP (File Transfer Protocol)
B) HTTP 1.1
C) IPSec or TLS 1.2+ VPNs
D) Telnet sessions
E) Unencrypted SMTP
Correct Answer: C) IPSec and TLS 1.2 (or higher version) VPNs
Rationale: To prevent eavesdropping and tampering during the transfer process,
organizations should use secure encrypted tunnels such as IPSec or Transport Layer
Security (TLS) version 1.2 or higher.
Question 6
Which of the following describes a recommended practice (a "Don't") regarding the storage of
cryptographic keys used to encrypt data in the cloud?
A) Store keys in a hardware security module (HSM) on-premises.
B) Store keys with the cloud service provider.
C) Use a Cloud Access Security Broker (CASB) to manage keys.
D) Rotate keys every 90 days.
E) Split keys among multiple security officers.
Correct Answer: B) Do not store crypto keys with the cloud provider
Rationale: To maintain control and prevent a provider from accessing sensitive data without
authorization, customers should not store their cryptographic keys with the same provider
that hosts the encrypted data, regardless of whether a CASB is used.
Question 7
Which entity is responsible for arranging, governing, and overseeing cloud services to ensure
, 3
compliance with legal and industry-specific standards?
A) The Data Owner
B) The Regulators
C) The Cloud Carrier
D) The Cloud Broker
E) The Application Developer
Correct Answer: B) Regulators
Rationale: Regulators are the authorities who set the rules and verify that cloud services
and customers comply with legal mandates and standards. They define the framework
within which cloud services must be arranged.
Question 8
An organization decides to purchase a cyber insurance policy to cover potential financial losses
from a data breach. Which risk management strategy does this represent?
A) Risk Avoidance
B) Risk Acceptance
C) Risk Mitigation
D) Risk Transference
E) Risk Rejection
Correct Answer: D) Transference
Rationale: Risk transference involves shifting the financial consequences of a risk to a third
party, such as an insurance company. It is a fundamental method of addressing risk when
the cost of mitigation is too high.
Question 9
Under the "fair-use" exception for copyrighted material, which of the following activities is
generally permitted without the copyright holder's explicit permission?
A) Commercial resale of the work
B) Critique or commentary
C) Distribution of the entire work for profit
D) Removing the original author's name
E) Using the material as a primary corporate logo
Correct Answer: B) Critique
Rationale: Fair use is a legal doctrine that allows limited use of copyrighted material for
purposes such as criticism, comment, news reporting, teaching, and research.
Question 10
Which technique is used to obscure sensitive data stored in the cloud so that the remaining data
does not identify a specific individual?
A) Symmetric Encryption
B) Hashing with Salt
, 4
C) Anonymization
D) Data Duplication
E) Steganography
Correct Answer: C) Anonymization
Rationale: Anonymization is the process of removing personally identifiable information
(PII) from data sets so that the people whom the data describe remain anonymous.
Question 11
Which risk is specifically associated with the Infrastructure as a Service (IaaS) model?
A) Proprietary Formats
B) Persistent Backdoors in managed applications
C) Personnel Threats and external physical threats
D) Interoperability between different SaaS platforms
E) Lack of control over the virtual machine's OS
Correct Answer: C) Personnel Threats, External Threats, and Lack of Specific Skillsets
Rationale: In IaaS, the customer manages more of the stack (including the OS and
middleware). Risks include the inability of staff to manage complex infrastructure and
threats from the CSP's personnel who have physical access to the underlying hardware.
Question 12
Which of the following is a risk specifically prevalent in Platform as a Service (PaaS)?
A) Physical server maintenance
B) Interoperability issues and Resource Sharing
C) Web application security flaws in the provider's office suite
D) Improper destruction of physical hard drives by the customer
E) Lack of control over the underlying network hardware
Correct Answer: B) Interoperability Issues, Persistent Backdoors, Virtualization, and
Resource Sharing
Rationale: PaaS relies heavily on shared resources and specific development frameworks.
Issues often arise when trying to move applications between different PaaS providers
(interoperability) or when the provider's environment contains hidden backdoors.
Question 13
An organization is concerned that if they leave their current SaaS provider, they will not be able
to move their data because it is stored in a unique, non-standard way. Which SaaS risk does this
describe?
A) Virtualization Vulnerabilities
B) Web Application Security
C) Proprietary Formats
D) Personnel Threats
E) Lack of Specific Skillsets
