WGU C838 OA EXAM STUDY GUIDE 2025/2026 QUESTIONS
WITH SOLUTIONS GRADED A+
✔✔Which element is a cloud virtualization risk? - ✔✔Guest isolation
✔✔The security administrator for a global cloud services provider (CSP) is required to
globally standardize the approaches for using forensics methodologies in the
organization. Which standard should be applied? - ✔✔ISO 27050-1
✔✔Which detection and analysis technique is performed to capture a point-in-time
picture of the entire stack at the time of an incident? - ✔✔Create a snapshot using API
calls
✔✔A CSP operating in Australia experiences a security breach that results in disclosure
of personal information that is likely to result in serious harm. Who is the CSP legally
required to notify? - ✔✔Information commisioner
✔✔A CSP provides services in European Union (EU) countries that are subject to the
network information security (NIS) directive. The CSP experiences an incident that
significantly affects the continuity of the essential services being provided. Who is the
CSP required to notify under the NIS directive? - ✔✔Competent authorities
✔✔A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident. Which action facilitates this type of
communication? - ✔✔Using existing open standards
✔✔Which issue can be detected with static application security testing (SAST)? -
✔✔Threading
✔✔Which problem is known as a common supply chain risk? - ✔✔Data breaches
✔✔Which method should the cloud consumer use to secure the management plane of
the cloud service provider? - ✔✔Credential management
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications? - ✔✔Advanced application-specific
integrated circuits (ASICs)
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture? - ✔✔Private
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - ✔✔Technological controls
, ✔✔Which countermeasure mitigates the risk of a rogue cloud administrator? -
✔✔Logging and monitoring
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant? - ✔✔Dedicated hosting
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - ✔✔Application regulation
✔✔Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - ✔✔Level of resiliency
✔✔Where should the location be for the final data backup repository in the event that
the disaster recovery plan is enacted for the CSP of a disaster recovery (DR) service? -
✔✔Cloud platform
✔✔An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of
the plan will provide this guarantee? - ✔✔Handling provider outages
✔✔Which standard addresses the privacy aspects of cloud computing for consumers? -
✔✔ISO 27018:2014
✔✔Which international standard guide provides procedures for incident investigation
principles and processes? - ✔✔ISO/IEC 27043:2015
✔✔Which group is legally bound by the general data protection regulation (GDPR)? -
✔✔Only corporations that processes the data of EU citizens
✔✔Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - ✔✔Reporting to
the supervisory authority
✔✔Why is eDiscovery difficult in the cloud? - ✔✔The client lacks the credentials to
access the required data
✔✔Which artifact may be required as a data source for a compliance audit in a cloud
environment? - ✔✔Change management details
✔✔A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
✔✔Review traffic logs for the leased cloud resources
WITH SOLUTIONS GRADED A+
✔✔Which element is a cloud virtualization risk? - ✔✔Guest isolation
✔✔The security administrator for a global cloud services provider (CSP) is required to
globally standardize the approaches for using forensics methodologies in the
organization. Which standard should be applied? - ✔✔ISO 27050-1
✔✔Which detection and analysis technique is performed to capture a point-in-time
picture of the entire stack at the time of an incident? - ✔✔Create a snapshot using API
calls
✔✔A CSP operating in Australia experiences a security breach that results in disclosure
of personal information that is likely to result in serious harm. Who is the CSP legally
required to notify? - ✔✔Information commisioner
✔✔A CSP provides services in European Union (EU) countries that are subject to the
network information security (NIS) directive. The CSP experiences an incident that
significantly affects the continuity of the essential services being provided. Who is the
CSP required to notify under the NIS directive? - ✔✔Competent authorities
✔✔A cloud customer is setting up communication paths with the cloud service provider
that will be used in the event of an incident. Which action facilitates this type of
communication? - ✔✔Using existing open standards
✔✔Which issue can be detected with static application security testing (SAST)? -
✔✔Threading
✔✔Which problem is known as a common supply chain risk? - ✔✔Data breaches
✔✔Which method should the cloud consumer use to secure the management plane of
the cloud service provider? - ✔✔Credential management
✔✔Which technology improves the ability of the transport layer security (TLS) to ensure
privacy when communicating between applications? - ✔✔Advanced application-specific
integrated circuits (ASICs)
✔✔Which type of cloud deployment model is considered equivalent to a traditional IT
architecture? - ✔✔Private
✔✔Which security method should be included in a defense-in-depth, when examined
from the perspective of a content security policy (CSP)? - ✔✔Technological controls
, ✔✔Which countermeasure mitigates the risk of a rogue cloud administrator? -
✔✔Logging and monitoring
✔✔Which cloud security control eliminates the risk of a virtualization guest escape from
another tenant? - ✔✔Dedicated hosting
✔✔Which data retention policy controls how long health insurance portability and
accountability act (HIPAA) data can be archived? - ✔✔Application regulation
✔✔Which assumption about a CSP should be avoided when considering risks in a
disaster recovery (DR) plan? - ✔✔Level of resiliency
✔✔Where should the location be for the final data backup repository in the event that
the disaster recovery plan is enacted for the CSP of a disaster recovery (DR) service? -
✔✔Cloud platform
✔✔An architect needs to constrain problems to a level that can be controlled when the
problem exceeds the capabilities of disaster recovery (DR) controls. Which aspect of
the plan will provide this guarantee? - ✔✔Handling provider outages
✔✔Which standard addresses the privacy aspects of cloud computing for consumers? -
✔✔ISO 27018:2014
✔✔Which international standard guide provides procedures for incident investigation
principles and processes? - ✔✔ISO/IEC 27043:2015
✔✔Which group is legally bound by the general data protection regulation (GDPR)? -
✔✔Only corporations that processes the data of EU citizens
✔✔Which action is required for breaches of data under the general data protection
regulation (GDPR) within 72 hours of becoming aware of the event? - ✔✔Reporting to
the supervisory authority
✔✔Why is eDiscovery difficult in the cloud? - ✔✔The client lacks the credentials to
access the required data
✔✔Which artifact may be required as a data source for a compliance audit in a cloud
environment? - ✔✔Change management details
✔✔A business is concerned about the usage of its third-party provided, leased cloud
resources. Which audit process should be used to investigate this concern? -
✔✔Review traffic logs for the leased cloud resources
