1|Page
WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OBJECTIVE ASSESSMENT / WGU C838 OA
PREPARATION/WGU C838 OA PRACTICE WITH
COMPLETE 100 QUESTIONS AND ANSWERS LATEST
|AGRADE
Question 1 of 80
Which phase of the cloud data life cycle involves activities such as data
categorization and classification, including data labeling, marking, tagging, and
assigning metadata?
A) Store
B) Use
C) Destroy
D) Create
Answer: D) Create
Rationale: The Create phase is where data is generated or captured. It must be
categorized and classified here — activities like labeling, marking, tagging, and
assigning metadata establish the foundation for enforcing controls throughout
the rest of the life cycle.
Question 2 of 80
Which phase of the cloud data life cycle involves the process of crypto-
shredding?
A) Destroy
B) Create
C) Archive
pg. 1
,2|Page
D) Store
Answer: A) Destroy
Rationale: The Destroy phase is where information is permanently removed.
Crypto-shredding involves deleting or revoking encryption keys. Once those keys
are destroyed, the encrypted data becomes mathematically unrecoverable, even
if the storage media remains intact.
Question 3 of 80
In most RAID configurations, data is stored across different disks. Which method
of storing data is described?
A) Striping
B) Archiving
C) Mapping
D) Crypto-shredding
Answer: A) Striping
Rationale: Striping splits data into smaller segments written across multiple
disks simultaneously, enhancing I/O performance. When combined with
mirroring or parity, it provides both speed and fault tolerance.
Which threat prohibits the use of data by preventing access to it?
A) Brute force
B) Encryption
C) Rainbow tables
D) Denial of service
Answer: D) Denial of service
pg. 2
, 3|Page
Rationale: A DoS attack aims to make a system or data unavailable to legitimate
users by overwhelming resources, disrupting availability — the 'A' in the CIA
triad.
Question 5 of 80
Which location is a secure option for storing encryption keys for decrypting
archival data?
A) A repository that is made private
B) An escrow that is kept separate from the data it is tied to
C) An escrow that is kept local to the data it is tied to
D) A repository that is made public
Answer: B) An escrow that is kept separate from the data it is tied to
Rationale: Industry best practice requires encryption keys to be stored
separately from the data they protect. An escrow provides controlled storage,
ensuring keys are only accessible by authorized processes and not co-located
with the protected data.
Question 6 of 80
An organization wants all entities to trust certificates generated internally. What
should be used to generate these certificates?
A) Individual users' private keys
B) The organization's certificate repository server
C) The organization's certificate authority server
D) Individual systems' private keys
Answer: C) The organization's certificate authority server
Rationale: A Certificate Authority (CA) is a trusted entity that validates identities
and signs certificates. Using an organizational CA server links all certificates to a
pg. 3
WGU C838 MANAGING CLOUD SECURITY FINAL EXAM
OBJECTIVE ASSESSMENT / WGU C838 OA
PREPARATION/WGU C838 OA PRACTICE WITH
COMPLETE 100 QUESTIONS AND ANSWERS LATEST
|AGRADE
Question 1 of 80
Which phase of the cloud data life cycle involves activities such as data
categorization and classification, including data labeling, marking, tagging, and
assigning metadata?
A) Store
B) Use
C) Destroy
D) Create
Answer: D) Create
Rationale: The Create phase is where data is generated or captured. It must be
categorized and classified here — activities like labeling, marking, tagging, and
assigning metadata establish the foundation for enforcing controls throughout
the rest of the life cycle.
Question 2 of 80
Which phase of the cloud data life cycle involves the process of crypto-
shredding?
A) Destroy
B) Create
C) Archive
pg. 1
,2|Page
D) Store
Answer: A) Destroy
Rationale: The Destroy phase is where information is permanently removed.
Crypto-shredding involves deleting or revoking encryption keys. Once those keys
are destroyed, the encrypted data becomes mathematically unrecoverable, even
if the storage media remains intact.
Question 3 of 80
In most RAID configurations, data is stored across different disks. Which method
of storing data is described?
A) Striping
B) Archiving
C) Mapping
D) Crypto-shredding
Answer: A) Striping
Rationale: Striping splits data into smaller segments written across multiple
disks simultaneously, enhancing I/O performance. When combined with
mirroring or parity, it provides both speed and fault tolerance.
Which threat prohibits the use of data by preventing access to it?
A) Brute force
B) Encryption
C) Rainbow tables
D) Denial of service
Answer: D) Denial of service
pg. 2
, 3|Page
Rationale: A DoS attack aims to make a system or data unavailable to legitimate
users by overwhelming resources, disrupting availability — the 'A' in the CIA
triad.
Question 5 of 80
Which location is a secure option for storing encryption keys for decrypting
archival data?
A) A repository that is made private
B) An escrow that is kept separate from the data it is tied to
C) An escrow that is kept local to the data it is tied to
D) A repository that is made public
Answer: B) An escrow that is kept separate from the data it is tied to
Rationale: Industry best practice requires encryption keys to be stored
separately from the data they protect. An escrow provides controlled storage,
ensuring keys are only accessible by authorized processes and not co-located
with the protected data.
Question 6 of 80
An organization wants all entities to trust certificates generated internally. What
should be used to generate these certificates?
A) Individual users' private keys
B) The organization's certificate repository server
C) The organization's certificate authority server
D) Individual systems' private keys
Answer: C) The organization's certificate authority server
Rationale: A Certificate Authority (CA) is a trusted entity that validates identities
and signs certificates. Using an organizational CA server links all certificates to a
pg. 3
