Managing-Cloud-Security Exam Dumps - WGU Courses and Certificates Questions and Answers

In the Software as a Service (SaaS) model, data security is a shared responsibility between the cloud provider and the enterprise. Managing Cloud principles explain that while the cloud service provider is responsible for securing the infrastructure, platform, and application itself, the customer retains responsibility for how data is used, classified, accessed, and governed.

The provider ensures data is protected through encryption mechanisms, availability controls, and secure storage, while the enterprise is responsible for data ownership, access permissions, identity management, and compliance with regulatory requirements. This shared ownership requires close coordination to ensure confidentiality, integrity, and availability of data.

Application, platform, and physical security are primarily the provider’s responsibility in SaaS. Therefore, data is the correct answer.

Multivendor pathway connectivity refers to a cloud provider’s ability to maintain connections with multiple internet service providers (ISPs). This ensures redundancy and reduces the risk of outages due to a single ISP failure.

Electric providers, fuel vendors, and HVAC contracts support facility resilience, but they are not directly tied to connectivity. The purpose of multivendor pathways is specifically to guarantee uninterrupted network access and resilience for customer workloads.

By maintaining ISP redundancy, cloud providers improve availability and meet SLA commitments. This capability is especially critical for enterprises requiring high uptime or operating in regions where connectivity disruptions are common. It also provides flexibility in bandwidth management and routing optimization.

Administrative law governs data breach violations involving federal agencies in cloud environments. Managing Cloud principles explain that administrative law regulates the activities of government agencies and defines compliance obligations, enforcement actions, and penalties.

When a federal agency experiences a data breach, violations are typically addressed through administrative processes rather than criminal or civil courts. Oversight bodies evaluate compliance with federal regulations, policies, and standards, and corrective actions may be mandated.

Criminal law addresses offenses against the state, civil law governs disputes between parties, and tort law covers personal injury claims. Therefore, administrative law is the correct body of law for federal agency data breaches.

Data seizure is the risk associated with legal authorities removing or accessing a person’s information stored in a public cloud. Managing Cloud guidance explains that cloud data is subject to the laws and legal processes of the jurisdiction in which it resides.

In some cases, government agencies may compel cloud service providers to disclose or seize data as part of legal investigations. This can occur without the data owner’s direct involvement and may affect confidentiality, privacy, and business operations. Public cloud environments increase this risk because infrastructure is shared and often spans multiple jurisdictions.

Remote wiping is a data destruction technique, vendor lock-in relates to dependency on providers, and data masking protects sensitive data. Therefore, data seizure is the correct risk.

Before an application can store a token, it must first receive the token from the tokenization server. Managing Cloud guidance outlines that tokenization workflows follow a defined sequence: the application submits sensitive data, the tokenization server generates a token, and then the token is returned to the application.

Only after the token has been successfully returned can the application replace the original sensitive data and store the token instead. This ensures that sensitive data is not retained within the application environment, reducing exposure and simplifying compliance requirements.

The other steps occur earlier in the process. An authorized application must request tokenization, and the sensitive data must be sent to the tokenization server before a token can be generated. Therefore, the immediate step before storing the token is the tokenization server returning the token to the application.

The most critical concern in long-term cloud storage is key management. If encryption keys are lost, corrupted, or improperly rotated, the organization will lose the ability to decrypt its own data, rendering backups unusable. This issue is particularly serious because cloud storage almost always relies on encryption to secure sensitive or regulated information.

While regulatory compliance, quantum threats, and change tracking are important, none directly prevent permanent data loss. The reliability of key management ensures that access to long-term archival data is preserved across changes in personnel, technology, and vendors.

Best practices include using centralized key management systems (such as Hardware Security Modules or cloud Key Management Services), applying role-based controls, and performing periodic key rotation and escrow. Addressing key management in the backup plan ensures that data will remain accessible for years or decades, regardless of technological shifts.

Continuous auditing in the context of Information Rights Management (IRM) allows organizations to monitor access events in real time. It records who accessed a file, when, and how often. This enables organizations to enforce accountability and detect unusual access patterns, which are crucial for both security monitoring and compliance reporting.

Automatic expiration sets a time limit on file availability, while dynamic policy control adjusts permissions based on context (such as location or device). Persistent protection ensures files remain encrypted and controlled wherever they travel. While each feature is valuable, only continuous auditing provides the tracking and visibility into usage required by the scenario.

This approach aligns with governance requirements, providing an audit trail that supports incident response and compliance with data protection regulations. Continuous auditing strengthens both operational security and accountability.

A cloud service customer is the role that subscribes to a software as a service (SaaS) application. Managing Cloud principles define the cloud service customer as the individual or organization that consumes cloud services provided by a cloud service provider.

In a SaaS model, the customer accesses applications through a subscription-based arrangement, typically via a web interface. The customer does not manage the underlying infrastructure or platform but is responsible for configuring user access and ensuring proper use of the service.

The cloud service provider delivers and manages the application, while “cloud computing” and “cloud application” are not roles. Therefore, the cloud service customer is the correct role.

Static application security testing (SAST) is most likely to identify embedded credentials. Managing Cloud principles explain that SAST analyzes application source code, binaries, or bytecode without executing the program.

Because SAST inspects code structure and logic, it can detect hard-coded passwords, API keys, and secrets embedded directly in application files. These vulnerabilities pose significant risk if exposed in cloud environments.

Software misconfiguration and runtime vulnerabilities require execution context, and hypervisor vulnerabilities exist outside application code. Therefore, embedded credentials are best detected through SAST.

The Payment Card Industry Data Security Standard (PCI DSS) governs credit card transactions in cloud operations. Managing Cloud principles explain that PCI DSS establishes security requirements for organizations that store, process, or transmit cardholder data.

PCI DSS applies to cloud service providers and cloud customers involved in payment processing. It mandates controls such as encryption, access restrictions, monitoring, vulnerability management, and secure system configurations to protect cardholder information.

GLBA applies to financial institutions, SOX governs financial reporting controls, and HIPAA protects healthcare data. Therefore, PCI DSS is the correct regulation for credit card transactions.