1|Page
WGU D320 PRACTICE EXAM QUESTIONS
WITH 100% CORRECT ANSWERS || LATEST
VERSION 2025/2026 WITH EXPERT VERIFIED
SOLUTIONS || ASSURED PASS
1: Which phase of the cloud data lifecycle is most likely to overlap with the
'Create' phase in terms of implementing security controls A. Share
B. Store
C. Use
D. Destroy
- ANSWER: B. Store Explanation:
• Store often overlaps with the Create phase because as soon as data is created, it
usually needs to be securely stored. Security controls, such as encryption, should
be implemented at this stage.
• Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no
longer needed.
2: Implements Operations
What is the primary goal of implementing a Disaster Recovery Plan (DRP) in
cloud operations A. Ensure high availability of cloud services
B. Recover operations after a catastrophic event
C. Perform routine backups of data
D. Prevent unauthorized access to cloud resources
,2|Page
- ANSWER: B. Recover operations after a catastrophic event
Explanation: The main goal of a Disaster Recovery Plan is to recover business
operations as quickly as possible after a catastrophic event. High availability is a
separate concern, focusing on maintaining operations, while backups are part of
DRP but not the primary goal. Preventing unauthorized access is a security
concern, not specifically related to DRP.
1: Implements Secure Solutions
Which technology is most effective in preventing unauthorized access to sensitive
data by ensuring it is unreadable without proper decryption keys A. Data Masking
B. Tokenization
C. Encryption
D. Obfuscation
- ANSWER: C. Encryption
Explanation: Encryption transforms readable data into an unreadable format using
cryptographic algorithms, making it inaccessible to unauthorized users.
Tokenization and data masking are also methods of protecting data, but they do not
provide the same level of security as encryption. Obfuscation is the process of
making data more difficult to understand but is not intended to prevent access.
2: Implements Operations
Which of the following activities is essential during the Secure Operations phase of
the Software Development Lifecycle (SDLC) A. Static Analysis
B. Code Review
C. Dynamic Analysis
D. Acceptance Testing
,3|Page
- ANSWER: C. Dynamic Analysis
Explanation: Dynamic Analysis is crucial during the secure operations phase
because it involves testing the software in a runtime environment, identifying
security vulnerabilities that might only become apparent during execution. Static
Analysis and Code Review are performed earlier in the SDLC, and Acceptance
Testing is typically done after secure operations to verify the system meets the
requirements.
Implements Secure Solutions
Which technology should be implemented to ensure secure communication
between on-site enterprise systems and a cloud platform A. Domain Name System
Security Extensions (DNSSEC)
B. Internet Protocol Security (IPSec) VPN
C. Web Application Firewall (WAF)
D. Data Loss Prevention (DLP)
- ANSWER: B. Internet Protocol Security (IPSec) VPN
Explanation:
• IPSec VPN is designed to secure communication over an IP network. It
encrypts the entire IP packet for secure transmission between on-site systems and
cloud platforms, ensuring data integrity and confidentiality.
• DNSSEC ensures the integrity of DNS responses but doesn't provide secure
communication between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but
is not used for secure communication between systems.
• DLP prevents data breaches by monitoring and controlling data flows, but it
doesn't establish secure communication channels.
, 4|Page
3: Conducts Risk Management
Which risk management approach involves the transfer of risk to another party,
such as through insurance A. Risk Mitigation
B. Risk Avoidance
C. Risk Transference
D. Risk Acceptance
- ANSWER: C. Risk Transference
Explanation: Risk Transference involves shifting the impact of a risk to a third
party, often by using insurance or outsourcing certain activities. Risk Mitigation
involves reducing the risk, Risk Avoidance involves eliminating the risk, and Risk
Acceptance involves acknowledging and accepting the risk without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which U.S. law focuses specifically on the protection of personal health
information A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. Gramm-Leach-Bliley Act (GLBA)
D. Federal Information Security Management Act (FISMA)
- ANSWER: B. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA sets standards for the protection of personal health
information. SOX is related to corporate financial practices, GLBA focuses on
financial privacy, and FISMA applies to federal information security management.
5: Implements Secure Solutions
Which cloud service model requires the customer to manage the security of the
operating system, applications, and data A. Software as a Service (SaaS)
WGU D320 PRACTICE EXAM QUESTIONS
WITH 100% CORRECT ANSWERS || LATEST
VERSION 2025/2026 WITH EXPERT VERIFIED
SOLUTIONS || ASSURED PASS
1: Which phase of the cloud data lifecycle is most likely to overlap with the
'Create' phase in terms of implementing security controls A. Share
B. Store
C. Use
D. Destroy
- ANSWER: B. Store Explanation:
• Store often overlaps with the Create phase because as soon as data is created, it
usually needs to be securely stored. Security controls, such as encryption, should
be implemented at this stage.
• Share and Use happen after data is stored.
• Destroy is the final stage in the lifecycle and typically occurs after data is no
longer needed.
2: Implements Operations
What is the primary goal of implementing a Disaster Recovery Plan (DRP) in
cloud operations A. Ensure high availability of cloud services
B. Recover operations after a catastrophic event
C. Perform routine backups of data
D. Prevent unauthorized access to cloud resources
,2|Page
- ANSWER: B. Recover operations after a catastrophic event
Explanation: The main goal of a Disaster Recovery Plan is to recover business
operations as quickly as possible after a catastrophic event. High availability is a
separate concern, focusing on maintaining operations, while backups are part of
DRP but not the primary goal. Preventing unauthorized access is a security
concern, not specifically related to DRP.
1: Implements Secure Solutions
Which technology is most effective in preventing unauthorized access to sensitive
data by ensuring it is unreadable without proper decryption keys A. Data Masking
B. Tokenization
C. Encryption
D. Obfuscation
- ANSWER: C. Encryption
Explanation: Encryption transforms readable data into an unreadable format using
cryptographic algorithms, making it inaccessible to unauthorized users.
Tokenization and data masking are also methods of protecting data, but they do not
provide the same level of security as encryption. Obfuscation is the process of
making data more difficult to understand but is not intended to prevent access.
2: Implements Operations
Which of the following activities is essential during the Secure Operations phase of
the Software Development Lifecycle (SDLC) A. Static Analysis
B. Code Review
C. Dynamic Analysis
D. Acceptance Testing
,3|Page
- ANSWER: C. Dynamic Analysis
Explanation: Dynamic Analysis is crucial during the secure operations phase
because it involves testing the software in a runtime environment, identifying
security vulnerabilities that might only become apparent during execution. Static
Analysis and Code Review are performed earlier in the SDLC, and Acceptance
Testing is typically done after secure operations to verify the system meets the
requirements.
Implements Secure Solutions
Which technology should be implemented to ensure secure communication
between on-site enterprise systems and a cloud platform A. Domain Name System
Security Extensions (DNSSEC)
B. Internet Protocol Security (IPSec) VPN
C. Web Application Firewall (WAF)
D. Data Loss Prevention (DLP)
- ANSWER: B. Internet Protocol Security (IPSec) VPN
Explanation:
• IPSec VPN is designed to secure communication over an IP network. It
encrypts the entire IP packet for secure transmission between on-site systems and
cloud platforms, ensuring data integrity and confidentiality.
• DNSSEC ensures the integrity of DNS responses but doesn't provide secure
communication between systems.
• WAF protects web applications by filtering and monitoring HTTP traffic but
is not used for secure communication between systems.
• DLP prevents data breaches by monitoring and controlling data flows, but it
doesn't establish secure communication channels.
, 4|Page
3: Conducts Risk Management
Which risk management approach involves the transfer of risk to another party,
such as through insurance A. Risk Mitigation
B. Risk Avoidance
C. Risk Transference
D. Risk Acceptance
- ANSWER: C. Risk Transference
Explanation: Risk Transference involves shifting the impact of a risk to a third
party, often by using insurance or outsourcing certain activities. Risk Mitigation
involves reducing the risk, Risk Avoidance involves eliminating the risk, and Risk
Acceptance involves acknowledging and accepting the risk without further action.
4: Identifies Legal, Compliance, and Ethical Concerns
Which U.S. law focuses specifically on the protection of personal health
information A. Sarbanes-Oxley Act (SOX)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. Gramm-Leach-Bliley Act (GLBA)
D. Federal Information Security Management Act (FISMA)
- ANSWER: B. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA sets standards for the protection of personal health
information. SOX is related to corporate financial practices, GLBA focuses on
financial privacy, and FISMA applies to federal information security management.
5: Implements Secure Solutions
Which cloud service model requires the customer to manage the security of the
operating system, applications, and data A. Software as a Service (SaaS)
