WGU C838 OA CORE EXAM SHEET 2025/2026 QUESTIONS
WITH SOLUTIONS GRADED A+
✔✔81. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to data breaches
b. Causes electromagnetic interference
c. Will affect quality of service
d. Can cause regulatory noncompliance - ✔✔C
✔✔82. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to DDoS
b. Allows malware infections
c. Increases the risk of adverse environmental effects
d. Is an unnecessary expense - ✔✔D
✔✔83. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to customer dissatisfaction
b. Is a risk to health and human safety
c. Brings down the organization 's stock price
d. Negates the need for insurance - ✔✔A
✔✔84. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a bring your own device (BYOD)
workforce that work equally from the company offices and their own homes or other
locations. The policies also dictate which APIs can be utilized to access and manipulate
company data and the process for getting an API added to the list of approved
programs. You conduct an approved scan of the company data set in the cloud, with the
provider 's permission. This allows you to catalog all APIs that have accessed and
manipulated company data through authorized user accounts in the last month. The
scan reveals that 300 different APIs were used by authorized personnel. Of these, 30
had been approved by the company and were on the list. Of the following, what is the
most reasonable immedia - ✔✔D
✔✔85. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data and the
,process for getting an API added to the list of approved programs. You conduct an
approved scan of the company data set in the cloud, with the provider 's permission.
This allows
you to catalog all APIs that have accessed and manipulated company data through
authorized user accounts in the last month. The scan reveals that 300 different APIs
were used by authorized personnel. Of these, 30 had been approved by the company
and were on the list. You 've brought the matter to the attention of the CEO, who
understands the i - ✔✔A
✔✔86. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data and the
process for getting an API added to the list of approved programs. You conduct an
approved scan of the company data set in the cloud, with the provider 's permission.
This allows you to catalog all APIs that have accessed and manipulated company data
through authorized user accounts in the last month. The scan reveals that 300 different
APIs were used by authorized personnel. Of these, 30 had been approved by the
company and were on the list. Upon performing an information-gathering investigation
at the behest of the C - ✔✔D
✔✔87. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data, and the
process for getting an API added to the list of approved programs. After finding that
users were routinely violating the API approval process but that the result of their
violation was a massive increase in productivity and no appreciable increase in
company expense, the CEO changed the company policies to allow users to select
APIs with which to access and manipulate company data. As a subject matter expert,
what should you also recommend to the CEO?
a. Reward the users who committed the infractions, for aiding the c - ✔✔D
✔✔88. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the following, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Encrypt all routers between mobile users and the cloud.
b. Use additional anti-malware detection capabilities on both user devices and the
environment to which they connect.
c. Implement strong multifactor authentication on all user-owned devices.
, d. Employ regular performance monitoring in the cloud environment to ensure that the
cloud provider is meeting t - ✔✔B
✔✔89. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the following, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Regular and widespread integrity checks on sampled data throughout the managed
environment
b. More extensive and granular background checks on all employees, particularly new
hires
c. Inclusion of references to all applicable regulations in the policy documents
d. Increased enforcement of separation of duties for all workflows - ✔✔A
✔✔90. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the fo llowing, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Enact secure connections between the user devices and the cloud environment using
end-to-end encryption.
b. Enact secure connections between the user devices and the cloud environment using
link encryption.
c. Employ additional user training.
d. Tunnel all connections with a VPN. - ✔✔C
✔✔91. Users in your organization have been leveraging APIs for enhancing their
productivity in the cloud environment. In order to ensure that you are securing API
access to the production environment, you should deploy _________ and
____________.
a. SSL and message-level cryptography
b. TLS and message-level cryptography
c. SSL and whole drive encryption
d. TLS and whole drive encryption - ✔✔B
✔✔92. We implement IAM in order to control access between subjects and objects.
What is the ultimate purpose of this effort?
a. Identification. Determine who the specific, individual subjects are.
b. Authentication. Verify and validate any identification assertions.
WITH SOLUTIONS GRADED A+
✔✔81. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to data breaches
b. Causes electromagnetic interference
c. Will affect quality of service
d. Can cause regulatory noncompliance - ✔✔C
✔✔82. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to DDoS
b. Allows malware infections
c. Increases the risk of adverse environmental effects
d. Is an unnecessary expense - ✔✔D
✔✔83. A cloud environment that lacks security controls is vulnerable to exploitation,
data loss, and interruptions. Conversely, excessive use of security controls
____________.
a. Can lead to customer dissatisfaction
b. Is a risk to health and human safety
c. Brings down the organization 's stock price
d. Negates the need for insurance - ✔✔A
✔✔84. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a bring your own device (BYOD)
workforce that work equally from the company offices and their own homes or other
locations. The policies also dictate which APIs can be utilized to access and manipulate
company data and the process for getting an API added to the list of approved
programs. You conduct an approved scan of the company data set in the cloud, with the
provider 's permission. This allows you to catalog all APIs that have accessed and
manipulated company data through authorized user accounts in the last month. The
scan reveals that 300 different APIs were used by authorized personnel. Of these, 30
had been approved by the company and were on the list. Of the following, what is the
most reasonable immedia - ✔✔D
✔✔85. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data and the
,process for getting an API added to the list of approved programs. You conduct an
approved scan of the company data set in the cloud, with the provider 's permission.
This allows
you to catalog all APIs that have accessed and manipulated company data through
authorized user accounts in the last month. The scan reveals that 300 different APIs
were used by authorized personnel. Of these, 30 had been approved by the company
and were on the list. You 've brought the matter to the attention of the CEO, who
understands the i - ✔✔A
✔✔86. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data and the
process for getting an API added to the list of approved programs. You conduct an
approved scan of the company data set in the cloud, with the provider 's permission.
This allows you to catalog all APIs that have accessed and manipulated company data
through authorized user accounts in the last month. The scan reveals that 300 different
APIs were used by authorized personnel. Of these, 30 had been approved by the
company and were on the list. Upon performing an information-gathering investigation
at the behest of the C - ✔✔D
✔✔87. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
dictate which APIs can be utilized to access and manipulate company data, and the
process for getting an API added to the list of approved programs. After finding that
users were routinely violating the API approval process but that the result of their
violation was a massive increase in productivity and no appreciable increase in
company expense, the CEO changed the company policies to allow users to select
APIs with which to access and manipulate company data. As a subject matter expert,
what should you also recommend to the CEO?
a. Reward the users who committed the infractions, for aiding the c - ✔✔D
✔✔88. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the following, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Encrypt all routers between mobile users and the cloud.
b. Use additional anti-malware detection capabilities on both user devices and the
environment to which they connect.
c. Implement strong multifactor authentication on all user-owned devices.
, d. Employ regular performance monitoring in the cloud environment to ensure that the
cloud provider is meeting t - ✔✔B
✔✔89. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the following, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Regular and widespread integrity checks on sampled data throughout the managed
environment
b. More extensive and granular background checks on all employees, particularly new
hires
c. Inclusion of references to all applicable regulations in the policy documents
d. Increased enforcement of separation of duties for all workflows - ✔✔A
✔✔90. You are the security manager for an online retail sales company with 100
employees and a production environment hosted in a PaaS model with a major cloud
provider. Your company policies have allowed for a BYOD workforce that work equally
from the company offices and their own homes or other locations. The policies also
allow users to select which APIs they install and use on their own devices in order to
access and manipulate company data. Of the fo llowing, what is a security control you 'd
like to implement to offset the risk(s) incurred by this practice?
a. Enact secure connections between the user devices and the cloud environment using
end-to-end encryption.
b. Enact secure connections between the user devices and the cloud environment using
link encryption.
c. Employ additional user training.
d. Tunnel all connections with a VPN. - ✔✔C
✔✔91. Users in your organization have been leveraging APIs for enhancing their
productivity in the cloud environment. In order to ensure that you are securing API
access to the production environment, you should deploy _________ and
____________.
a. SSL and message-level cryptography
b. TLS and message-level cryptography
c. SSL and whole drive encryption
d. TLS and whole drive encryption - ✔✔B
✔✔92. We implement IAM in order to control access between subjects and objects.
What is the ultimate purpose of this effort?
a. Identification. Determine who the specific, individual subjects are.
b. Authentication. Verify and validate any identification assertions.
