WGU D320 / CCSP Managing Cloud Security 2026–2027 |
Latest Exam Questions with 100% Verified Correct Answers
With Rationales | Complete Cloud Security Certified
Professional (CCSP) & WGU OA Study Guide |
Comprehensive Cybersecurity Exam Prep Bundle
THIS EXAM CONTAINS:
• Latest WGU D320 / CCSP Managing Cloud Security exam questions
• 100% verified correct answers with detailed explanations
• Comprehensive cloud security practice tests
• Objective Assessment (OA) preparation materials
• CCSP domain-based review content
• Cloud concepts, architecture, and design principles
• Cloud data security and lifecycle management
• Identity and Access Management (IAM) review
• Security operations in cloud environments
, WGU D320 CCSP / Cloud Security Test Bank with
Rationales
Question 1
The management plane is used to administer a cloud environment and perform
administrative tasks across a variety of systems, but most specifically it's used with the
hypervisors. What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
Correct Answer: A
Rationale: The management plane uses APIs (Application Programming Interfaces) to
execute remote calls across the cloud environment to various management systems,
especially hypervisors. APIs provide a standardized, programmatic way to orchestrate
tasks. Scripts may call APIs but are not the direct orchestration method. TLS encrypts
communications, and XML is a data format, not a command execution mechanism.
Question 2
When dealing with PII, which category pertains to those requirements that can carry
legal sanctions or penalties for failure to adequately safeguard the data and address
compliance requirements?
A. Contractual
B. Jurisdictional
C. Regulated
D. Legal
,Correct Answer: C
Rationale: Regulated PII is defined by laws and regulations; violations can result in legal
sanctions or penalties. Contractual PII involves service contract terms (financial penalties,
not legal sanctions). "Legal" and "jurisdictional" are not the official terms used in this
context.
Question 3
Although the United States does not have a single, comprehensive privacy and
regulatory framework, a number of specific regulations pertain to types of data or
populations. Which of the following is NOT a regulatory system from the US federal
government?
(Options missing in original – standard teaching follows)
Correct Answer (based on common knowledge): GDPR (General Data Protection
Regulation) is not a US federal regulation; it is an EU regulation.
Rationale: US federal privacy/security regulations include HIPAA (health), FERPA
(education), GLBA (financial), and FISMA (federal systems). GDPR is European.
Question 4
The president of your company has tasked you with implementing cloud services as the
most efficient way of obtaining a robust disaster recovery configuration for your
production services. Which cloud deployment model would you MOST likely be
exploring?
A. Hybrid
B. Private
, C. Community
D. Public
Correct Answer: A
Rationale: A hybrid cloud spans multiple hosting configurations, allowing an
organization to keep production on-premises or in one cloud while adding a second
cloud for DR. Public, private, or community alone would not provide the same cross-
environment DR capability.
Question 5
If you are running an application that has strict legal requirements that the data cannot
reside on systems that contain other applications or systems, which aspect of cloud
computing would be prohibitive in this case?
A. Multitenancy
B. Broad network access
C. Portability
D. Elasticity
Correct Answer: A
Rationale: Multitenancy means multiple customers share the same physical hardware
and hypervisor. Although logical isolation exists, the requirement for no shared systems
prohibits multitenant cloud models.
Question 6
The REST API is a widely used standard for communications of web-based services
between clients and the servers hosting them. Which protocol does the REST API
depend on?
Latest Exam Questions with 100% Verified Correct Answers
With Rationales | Complete Cloud Security Certified
Professional (CCSP) & WGU OA Study Guide |
Comprehensive Cybersecurity Exam Prep Bundle
THIS EXAM CONTAINS:
• Latest WGU D320 / CCSP Managing Cloud Security exam questions
• 100% verified correct answers with detailed explanations
• Comprehensive cloud security practice tests
• Objective Assessment (OA) preparation materials
• CCSP domain-based review content
• Cloud concepts, architecture, and design principles
• Cloud data security and lifecycle management
• Identity and Access Management (IAM) review
• Security operations in cloud environments
, WGU D320 CCSP / Cloud Security Test Bank with
Rationales
Question 1
The management plane is used to administer a cloud environment and perform
administrative tasks across a variety of systems, but most specifically it's used with the
hypervisors. What does the management plane typically leverage for this orchestration?
A. APIs
B. Scripts
C. TLS
D. XML
Correct Answer: A
Rationale: The management plane uses APIs (Application Programming Interfaces) to
execute remote calls across the cloud environment to various management systems,
especially hypervisors. APIs provide a standardized, programmatic way to orchestrate
tasks. Scripts may call APIs but are not the direct orchestration method. TLS encrypts
communications, and XML is a data format, not a command execution mechanism.
Question 2
When dealing with PII, which category pertains to those requirements that can carry
legal sanctions or penalties for failure to adequately safeguard the data and address
compliance requirements?
A. Contractual
B. Jurisdictional
C. Regulated
D. Legal
,Correct Answer: C
Rationale: Regulated PII is defined by laws and regulations; violations can result in legal
sanctions or penalties. Contractual PII involves service contract terms (financial penalties,
not legal sanctions). "Legal" and "jurisdictional" are not the official terms used in this
context.
Question 3
Although the United States does not have a single, comprehensive privacy and
regulatory framework, a number of specific regulations pertain to types of data or
populations. Which of the following is NOT a regulatory system from the US federal
government?
(Options missing in original – standard teaching follows)
Correct Answer (based on common knowledge): GDPR (General Data Protection
Regulation) is not a US federal regulation; it is an EU regulation.
Rationale: US federal privacy/security regulations include HIPAA (health), FERPA
(education), GLBA (financial), and FISMA (federal systems). GDPR is European.
Question 4
The president of your company has tasked you with implementing cloud services as the
most efficient way of obtaining a robust disaster recovery configuration for your
production services. Which cloud deployment model would you MOST likely be
exploring?
A. Hybrid
B. Private
, C. Community
D. Public
Correct Answer: A
Rationale: A hybrid cloud spans multiple hosting configurations, allowing an
organization to keep production on-premises or in one cloud while adding a second
cloud for DR. Public, private, or community alone would not provide the same cross-
environment DR capability.
Question 5
If you are running an application that has strict legal requirements that the data cannot
reside on systems that contain other applications or systems, which aspect of cloud
computing would be prohibitive in this case?
A. Multitenancy
B. Broad network access
C. Portability
D. Elasticity
Correct Answer: A
Rationale: Multitenancy means multiple customers share the same physical hardware
and hypervisor. Although logical isolation exists, the requirement for no shared systems
prohibits multitenant cloud models.
Question 6
The REST API is a widely used standard for communications of web-based services
between clients and the servers hosting them. Which protocol does the REST API
depend on?
