2026
WGU C838 Managing Cloud Security
(CCSP) 2026 Comprehensive Exam
Preparation and Practice Guide
Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster?
A. Hot
B. Cold
C. Reserve
D. Passive
Correct Answer: A. Hot
Rationale: A hot site is fully operational with real-time data replication, allowing immediate
recovery. Cold, reserve, and passive sites require setup and restoration time, delaying recovery.
Where should the location be for the final data backup repository when a cloud service
provider’s disaster recovery (DR) plan is enacted?
A. Local storage
B. Cloud platform
C. Company headquarters
D. Tape drive
Correct Answer: B. Cloud platform
Rationale: A cloud-based backup ensures geographic separation and resilience. Local storage,
headquarters, and tape drives may be impacted by the same disaster.
Which technology should be included in the disaster recovery plan to prevent data loss?
A. Offsite backups
B. Locked racks
C. Video surveillance
D. System patches
,2026
Correct Answer: A. Offsite backups
Rationale: Offsite backups protect data if the primary location is destroyed. The other options
support security but do not directly prevent data loss.
Which disaster recovery plan metric indicates how long critical functions can be unavailable
before the organization is irreparably affected?
A. Maximum allowable downtime (MAD)
B. Recovery point objective (RPO)
C. Mean time to switchover (MTS)
D. Recovery time objective (RTO)
Correct Answer: A. Maximum allowable downtime (MAD)
Rationale: MAD defines the absolute limit an organization can tolerate downtime. RTO and RPO
measure recovery goals, not the maximum tolerable limit.
Which assumption about a cloud service provider (CSP) should be avoided when assessing
disaster recovery (DR) risks?
A. Continuity planning
B. Costs will remain the same
C. Level of resiliency
D. Provider’s history
Correct Answer: C. Level of resiliency
Rationale: Assuming a CSP’s resiliency without verification is risky. Continuity planning, cost
analysis, and provider history should all be evaluated, not assumed.
An architect needs to limit the impact of problems that exceed the capabilities of disaster
recovery (DR) controls.
Which aspect of the plan provides this protection?
A. Ensuring data backups
B. Evaluating portability alternatives
C. Managing plane controls
D. Handling provider outages
Correct Answer: D. Handling provider outages
Rationale: Planning for provider outages ensures continuity when the CSP fails. Backups and
controls alone may not address a total provider failure.
,2026
Which aspect of business continuity planning considers alternatives if there is a complete loss of
the cloud provider?
A. Managing plane controls
B. Ensuring resiliency
C. Managing cloud provider outages
D. Considering portability options
Correct Answer: D. Considering portability options
Rationale: Portability options allow migration to another provider or environment if the original
CSP is lost.
What is a key method in a risk-based approach to business continuity planning?
A. Applying internal authentication
B. Leveraging software-defined networking
C. Using existing network technology
D. Considering the degree of continuity required for assets
Correct Answer: D. Considering the degree of continuity required for assets
Rationale: A risk-based approach prioritizes assets based on how critical they are, ensuring
appropriate continuity measures.
Which testing method must be performed to demonstrate the effectiveness of a business
continuity plan?
A. Failover
B. Penetration
C. DAST
D. SAST
Correct Answer: A. Failover
Rationale: Failover testing proves that systems can switch to backups during a disruption. The
other options are security testing methods.
Which process involves using electronic data as evidence in civil or criminal cases?
, 2026
A. eDiscovery investigations
B. Due diligence
C. Cloud governance
D. Auditing in the cloud
Correct Answer: A. eDiscovery investigations
Rationale: eDiscovery focuses on identifying, collecting, and preserving electronic evidence for
legal proceedings.
Which standard addresses privacy aspects of cloud computing for consumers?
A. ISO 27018:2014
B. ISO 27017:2015
C. ISO 27001:2013
D. ISO 19011:2011
Correct Answer: A. ISO 27018:2014
Rationale: ISO 27018 focuses on protecting personally identifiable information (PII) in cloud
environments.
Which international standard provides guidance on incident investigation principles and
processes?
A. ISO/IEC 27034-1:2011
B. ISO/IEC 27037:2012
C. ISO/IEC 27001:2013
D. ISO/IEC 27043:2015
Correct Answer: D. ISO/IEC 27043:2015
Rationale: ISO/IEC 27043 specifically addresses incident investigation and forensic processes.
Which group is legally bound by the General Data Protection Regulation (GDPR)?
A. Corporations in GDPR-adopted countries only
B. Corporations headquartered in the EU only
C. Corporations operating in multiple EU nations only
D. Corporations that process the data of EU citizens
WGU C838 Managing Cloud Security
(CCSP) 2026 Comprehensive Exam
Preparation and Practice Guide
Which disaster recovery (DR) site results in the quickest recovery in the event of a disaster?
A. Hot
B. Cold
C. Reserve
D. Passive
Correct Answer: A. Hot
Rationale: A hot site is fully operational with real-time data replication, allowing immediate
recovery. Cold, reserve, and passive sites require setup and restoration time, delaying recovery.
Where should the location be for the final data backup repository when a cloud service
provider’s disaster recovery (DR) plan is enacted?
A. Local storage
B. Cloud platform
C. Company headquarters
D. Tape drive
Correct Answer: B. Cloud platform
Rationale: A cloud-based backup ensures geographic separation and resilience. Local storage,
headquarters, and tape drives may be impacted by the same disaster.
Which technology should be included in the disaster recovery plan to prevent data loss?
A. Offsite backups
B. Locked racks
C. Video surveillance
D. System patches
,2026
Correct Answer: A. Offsite backups
Rationale: Offsite backups protect data if the primary location is destroyed. The other options
support security but do not directly prevent data loss.
Which disaster recovery plan metric indicates how long critical functions can be unavailable
before the organization is irreparably affected?
A. Maximum allowable downtime (MAD)
B. Recovery point objective (RPO)
C. Mean time to switchover (MTS)
D. Recovery time objective (RTO)
Correct Answer: A. Maximum allowable downtime (MAD)
Rationale: MAD defines the absolute limit an organization can tolerate downtime. RTO and RPO
measure recovery goals, not the maximum tolerable limit.
Which assumption about a cloud service provider (CSP) should be avoided when assessing
disaster recovery (DR) risks?
A. Continuity planning
B. Costs will remain the same
C. Level of resiliency
D. Provider’s history
Correct Answer: C. Level of resiliency
Rationale: Assuming a CSP’s resiliency without verification is risky. Continuity planning, cost
analysis, and provider history should all be evaluated, not assumed.
An architect needs to limit the impact of problems that exceed the capabilities of disaster
recovery (DR) controls.
Which aspect of the plan provides this protection?
A. Ensuring data backups
B. Evaluating portability alternatives
C. Managing plane controls
D. Handling provider outages
Correct Answer: D. Handling provider outages
Rationale: Planning for provider outages ensures continuity when the CSP fails. Backups and
controls alone may not address a total provider failure.
,2026
Which aspect of business continuity planning considers alternatives if there is a complete loss of
the cloud provider?
A. Managing plane controls
B. Ensuring resiliency
C. Managing cloud provider outages
D. Considering portability options
Correct Answer: D. Considering portability options
Rationale: Portability options allow migration to another provider or environment if the original
CSP is lost.
What is a key method in a risk-based approach to business continuity planning?
A. Applying internal authentication
B. Leveraging software-defined networking
C. Using existing network technology
D. Considering the degree of continuity required for assets
Correct Answer: D. Considering the degree of continuity required for assets
Rationale: A risk-based approach prioritizes assets based on how critical they are, ensuring
appropriate continuity measures.
Which testing method must be performed to demonstrate the effectiveness of a business
continuity plan?
A. Failover
B. Penetration
C. DAST
D. SAST
Correct Answer: A. Failover
Rationale: Failover testing proves that systems can switch to backups during a disruption. The
other options are security testing methods.
Which process involves using electronic data as evidence in civil or criminal cases?
, 2026
A. eDiscovery investigations
B. Due diligence
C. Cloud governance
D. Auditing in the cloud
Correct Answer: A. eDiscovery investigations
Rationale: eDiscovery focuses on identifying, collecting, and preserving electronic evidence for
legal proceedings.
Which standard addresses privacy aspects of cloud computing for consumers?
A. ISO 27018:2014
B. ISO 27017:2015
C. ISO 27001:2013
D. ISO 19011:2011
Correct Answer: A. ISO 27018:2014
Rationale: ISO 27018 focuses on protecting personally identifiable information (PII) in cloud
environments.
Which international standard provides guidance on incident investigation principles and
processes?
A. ISO/IEC 27034-1:2011
B. ISO/IEC 27037:2012
C. ISO/IEC 27001:2013
D. ISO/IEC 27043:2015
Correct Answer: D. ISO/IEC 27043:2015
Rationale: ISO/IEC 27043 specifically addresses incident investigation and forensic processes.
Which group is legally bound by the General Data Protection Regulation (GDPR)?
A. Corporations in GDPR-adopted countries only
B. Corporations headquartered in the EU only
C. Corporations operating in multiple EU nations only
D. Corporations that process the data of EU citizens
