Page 1 of 17
Managing Cloud Security – D320 (WGU) 2026 | Verified CCSP
Exam Prep Questions & Complete Study Guide
International Standards Organization (ISO) - ANSWER-is an international standards
body composed of representatives from various standards organizations.
ISO/IEC 27001 - ANSWER-Standard on managing Information Security. It includes
requirements for establishing ,
implementing, maintaining, and continually improving information management.
ISO/IEC 27002 - ANSWER-provides best practices on information security controls
for those attempting to be ISO/IEC 27001.
ISO/IEC 27017 - ANSWER-created to supplement ISO/IEC 27002 to provide
additional security controls for the cloud.
ISO/IEC 27018:2014
ISO/IEC 27018:2019 - ANSWER-IT Security techniques. Code of practice for
protection of PII in public clouds.
ISO/IEC 27034-1 - ANSWER-mandates a framework for application security within
an organization.
ISO/IEC 28000:2007 - ANSWER-standard for ensuring security assurance in the
supply chain.
ISO/IEC 31000:2009 - ANSWER-standard providing industry independent
principles and guidelines on risk management.
, Page 2 of 17
NIST - ANSWER-National Institute of Standards and Technology is an agency of the
Department of Commerce whose mission is to promote innovation and industrial
competitiveness. It also creates numerous standard and requirements for the DoD,
Federal Government, and government contractors relating to Cyber security.
NIST SP 800-37 - ANSWER-Risk Management Framework using a life cycle approach
for security and privacy.
NIST SP 800-53 - ANSWER-provides security and privacy controls for information
systems and organizations.
NIST SP 800-92 - ANSWER-Guide to Computer Security Log Management
ISO 27034 - ANSWER-There is only one ONF for an organization but potentially as
many ANF's as applications.
- Application Normative Framework (ANF)
- Organizational Normative Framework (ONF)
ASHRAE - American Society of Heating, Refrigerating and Air-Conditioning Engineers
- ANSWER-is an American professional association seeking to advance heating,
ventilation, air conditioning and refrigeration systems design and construction.
Biba - ANSWER-an access control model designed to preserve data integrity. It has 3
goals. Maintain internal and external consistency; prevent unauthorized data
modification even by authorized parties; prevent data modification by unauthorized
individuals.
, Page 3 of 17
Capability Maturity Model (CMM) - ANSWER-is a development model where the
maturity relates to the formality and optimization of processes. When applied to
cloud security it would focus on those aspects as they relate to cloud security.
Child Online Protection Act (COPA) - ANSWER-An attempt to restrict access by
minors to material defined as harmful to minors. A permanent injunction against the
law in 2009.
Cloud Access Security Brokers (CASBs) - ANSWER-monitors network activity
between users and cloud applications and enforces security policy and blocking
malware.
COBIT or Control Objectives for Information and Related Technologies - ANSWER-is
a framework for IT governance and management. Initially used to achieve
compliance with Sarbanes-Oxley and focused on IT controls. Since 2019 the
emphasis has shifted to information governance. It is focused on these 5 principles:
1: Meeting Stakeholder Needs; 2: Covering the Enterprise End-to-End; 3: Applying a
Single Integrated Framework; 4: Enabling a Holistic Approach; and 5: Separating
Governance from Management.
Common Criteria and the Evaluation Assurance Level (EAL) rating - ANSWER-An
EAL rating is assigned to an IT product after it has been evaluated by an independent
lab. The level indicates the degree and type of testing with 1 the least and 7 the most.
Common criteria contain 60 functional requirements in 11 classes and is an accepted
standard among the military organizations of the US and many allies.
Consensus Assessments Initiative Questionnaire (CAIQ) - ANSWER-is an initiative of
the Cloud Security Alliance to provide an industry-accepted documentation of
security controls and as of 2020 is combined with the Cloud Controls Matrix. They
can be used as evidence for entry to the CSA STAR registry.
Managing Cloud Security – D320 (WGU) 2026 | Verified CCSP
Exam Prep Questions & Complete Study Guide
International Standards Organization (ISO) - ANSWER-is an international standards
body composed of representatives from various standards organizations.
ISO/IEC 27001 - ANSWER-Standard on managing Information Security. It includes
requirements for establishing ,
implementing, maintaining, and continually improving information management.
ISO/IEC 27002 - ANSWER-provides best practices on information security controls
for those attempting to be ISO/IEC 27001.
ISO/IEC 27017 - ANSWER-created to supplement ISO/IEC 27002 to provide
additional security controls for the cloud.
ISO/IEC 27018:2014
ISO/IEC 27018:2019 - ANSWER-IT Security techniques. Code of practice for
protection of PII in public clouds.
ISO/IEC 27034-1 - ANSWER-mandates a framework for application security within
an organization.
ISO/IEC 28000:2007 - ANSWER-standard for ensuring security assurance in the
supply chain.
ISO/IEC 31000:2009 - ANSWER-standard providing industry independent
principles and guidelines on risk management.
, Page 2 of 17
NIST - ANSWER-National Institute of Standards and Technology is an agency of the
Department of Commerce whose mission is to promote innovation and industrial
competitiveness. It also creates numerous standard and requirements for the DoD,
Federal Government, and government contractors relating to Cyber security.
NIST SP 800-37 - ANSWER-Risk Management Framework using a life cycle approach
for security and privacy.
NIST SP 800-53 - ANSWER-provides security and privacy controls for information
systems and organizations.
NIST SP 800-92 - ANSWER-Guide to Computer Security Log Management
ISO 27034 - ANSWER-There is only one ONF for an organization but potentially as
many ANF's as applications.
- Application Normative Framework (ANF)
- Organizational Normative Framework (ONF)
ASHRAE - American Society of Heating, Refrigerating and Air-Conditioning Engineers
- ANSWER-is an American professional association seeking to advance heating,
ventilation, air conditioning and refrigeration systems design and construction.
Biba - ANSWER-an access control model designed to preserve data integrity. It has 3
goals. Maintain internal and external consistency; prevent unauthorized data
modification even by authorized parties; prevent data modification by unauthorized
individuals.
, Page 3 of 17
Capability Maturity Model (CMM) - ANSWER-is a development model where the
maturity relates to the formality and optimization of processes. When applied to
cloud security it would focus on those aspects as they relate to cloud security.
Child Online Protection Act (COPA) - ANSWER-An attempt to restrict access by
minors to material defined as harmful to minors. A permanent injunction against the
law in 2009.
Cloud Access Security Brokers (CASBs) - ANSWER-monitors network activity
between users and cloud applications and enforces security policy and blocking
malware.
COBIT or Control Objectives for Information and Related Technologies - ANSWER-is
a framework for IT governance and management. Initially used to achieve
compliance with Sarbanes-Oxley and focused on IT controls. Since 2019 the
emphasis has shifted to information governance. It is focused on these 5 principles:
1: Meeting Stakeholder Needs; 2: Covering the Enterprise End-to-End; 3: Applying a
Single Integrated Framework; 4: Enabling a Holistic Approach; and 5: Separating
Governance from Management.
Common Criteria and the Evaluation Assurance Level (EAL) rating - ANSWER-An
EAL rating is assigned to an IT product after it has been evaluated by an independent
lab. The level indicates the degree and type of testing with 1 the least and 7 the most.
Common criteria contain 60 functional requirements in 11 classes and is an accepted
standard among the military organizations of the US and many allies.
Consensus Assessments Initiative Questionnaire (CAIQ) - ANSWER-is an initiative of
the Cloud Security Alliance to provide an industry-accepted documentation of
security controls and as of 2020 is combined with the Cloud Controls Matrix. They
can be used as evidence for entry to the CSA STAR registry.
