Managing-Cloud-Security WGU Managing Cloud Security (JY02, GZO1) Free Practice Exam Questions (2026 Updated)

Baselining is the process of establishing a reference point for the standard configuration of systems, networks, or applications. This baseline represents the approved, secure state. By continuously comparing the current environment to the baseline, organizations can detect deviations, unauthorized changes, or misconfigurations.

Patch management involves updating systems, deployment refers to installing new systems, and capacity management focuses on resource planning. While important, these do not establish a standard state for comparison.

Baselining is essential for change management and security auditing. It supports configuration management databases (CMDBs), intrusion detection, and compliance requirements. When deviations are detected, they can be escalated for remediation or formally approved through change control processes.

Static application security testing (SAST) is most likely to identify embedded credentials. Managing Cloud principles explain that SAST analyzes application source code, binaries, or bytecode without executing the program.

Because SAST inspects code structure and logic, it can detect hard-coded passwords, API keys, and secrets embedded directly in application files. These vulnerabilities pose significant risk if exposed in cloud environments.

Software misconfiguration and runtime vulnerabilities require execution context, and hypervisor vulnerabilities exist outside application code. Therefore, embedded credentials are best detected through SAST.

The United States lacks a single, comprehensive national law assuring individual personal privacy. Managing Cloud principles explain that U.S. privacy protections are governed by a sector-specific approach, with different laws covering healthcare, finance, education, and children’s data.

Unlike countries with unified privacy legislation, the U.S. relies on a combination of federal, state, and industry-specific regulations. This fragmented framework contrasts with national privacy laws in countries such as Canada, New Zealand, and Israel.

As a result, organizations operating in the U.S. must navigate multiple regulatory requirements depending on data type and jurisdiction. Therefore, the United States is the correct answer.

A Hardware Security Module (HSM) is a dedicated, tamper-resistant device designed for creating, managing, and storing encryption keys. In cloud environments, HSMs are essential for securing cryptographic operations, such as SSL/TLS key management, digital signatures, and secure data transmission.

TPMs are hardware chips used to secure local devices, such as laptops. Memory controllers and RAID controllers manage system performance and storage but are not cryptographic devices.

HSMs provide strong protection against key theft or misuse by isolating cryptographic functions from general-purpose computing resources. They are often certified under standards like FIPS 140-2, ensuring compliance with stringent security requirements. In cloud services, customers can use provider-managed HSMs or deploy dedicated virtual HSM instances for secure key management.

Cloud providers typically manage multi-tenant infrastructure, where physical hardware is shared among customers. Therefore, drives are not destroyed for each customer unless explicitly required in the contract. If the customer’s agreement specifies dedicated hardware disposal, then the provider must comply by physically destroying the drives.

Cryptographic erasure and degaussing are valid sanitization methods, but they may not meet the specific contractual requirement of physical destruction. Insurance clauses are unrelated to disposal.

This question underscores the importance of negotiating contractual terms in cloud agreements. Customers handling highly sensitive or regulated data may require physical destruction, while others may accept logical erasure. Clear agreements ensure both compliance and alignment of security responsibilities.

Database logs provide auditability and traceability required for event investigation and documentation. Managing Cloud principles state that logs capture detailed records of system activities, including access attempts, changes, transactions, and errors.

These logs allow security and operations teams to reconstruct events, identify unauthorized actions, and support forensic analysis. Database logs are essential for compliance, incident response, and continuous monitoring in cloud environments.

The other options do not provide the same level of chronological detail. Block and object storage hold data but do not record activity history, and database rows store current data states rather than event records. Therefore, database logs are the correct source for auditability and traceability.

Procedures are detailed, step-by-step instructions that guide personnel on how to perform specific tasks in alignment with higher-level policies. In an investigation, when uncertainty arises about handling a dataset, procedures provide the exact operational guidance required.

Policies establish high-level rules (e.g., “financial data must be protected”), while procedures explain how to achieve compliance with those policies (e.g., “verify encryption, label dataset, log access, and escalate to compliance officer”). Legal rulings and definitions are external references but do not provide operational steps.

By following documented procedures, investigators ensure consistency, compliance, and defensibility in legal contexts. This also ensures that evidence is handled properly, supporting admissibility in court and protecting the organization against legal or regulatory challenges.

The Infrastructure logical design model includes the foundational components of a secure computing system, such as compute, networking, and storage. Managing Cloud principles explain that infrastructure represents the base layer upon which all other cloud services and security controls are built.

This layer includes physical and virtual servers, network connectivity, storage systems, and the virtualization technologies that enable resource sharing. Securing the infrastructure is critical because weaknesses at this level can compromise higher-level services and applications. Controls such as network segmentation, secure configurations, redundancy, and access restrictions are applied at the infrastructure level to protect workloads and data.

Infostructure focuses on data and information handling, applistructure relates to applications and services, and metastructure supports orchestration and management. Therefore, infrastructure correctly represents the foundational logical design model for secure cloud computing.

The categories mentioned—relational, nonrelational, key-value, and document-oriented—refer to different types of databases. Relational databases (SQL) organize data into tables with rows and columns, nonrelational databases (NoSQL) provide flexibility for unstructured data, key-value stores map identifiers to values, and document-oriented databases manage data in formats such as JSON or BSON.

Object-based storage and volumes are alternative storage architectures but are not described by these categories. XML is a data format, not a storage type.

In the cloud, database services are offered as managed solutions, reducing the administrative burden on organizations. Properly managing database storage is critical for data governance, confidentiality, and compliance. Databases are also central to security strategies, where access control, encryption, and auditing are applied.

Thus, the correct answer is database storage, which encompasses multiple architectures that address different performance, scalability, and data management needs.

This is an example of social engineering, where attackers manipulate individuals into divulging confidential information or performing actions that compromise security. In this case, the fraudulent caller convinced the help desk to disclose sensitive employee data.

Man-in-the-middle attacks involve intercepting communication between parties, escalation of privilege involves gaining higher access rights, and internal threats come from legitimate insiders. None of these fit the situation as accurately as social engineering.

Social engineering exploits human trust rather than technical vulnerabilities. Common tactics include phishing, pretexting, and phone-based fraud (vishing). Preventing such threats requires strong identity verification processes, employee awareness training, and layered authentication mechanisms. By recognizing the human element as a weak point, organizations can better prepare staff to resist manipulative tactics.

The lack of physical access to cloud infrastructure significantly affects the audit process for cloud customers. Managing Cloud guidance explains that customers do not have direct access to cloud data centers, servers, or networking equipment, which limits their ability to perform traditional on-site audits.

As a result, customers must rely on third-party audit reports, certifications, and attestations provided by the cloud service provider. This changes how evidence is collected and verified during audits and requires auditors to assess assurance reports instead of physical inspections.

Bandwidth constraints, uptime limits, and storage options impact performance and architecture decisions but do not directly affect audit methodology. Therefore, the absence of physical access is the primary audit-related characteristic.

The Destroy phase of the cloud data life cycle is where information is permanently removed from systems. A common technique in cloud environments for this phase is crypto-shredding (or cryptographic erasure). Rather than physically destroying the media, crypto-shredding involves deleting or revoking encryption keys used to protect the data. Once those keys are destroyed, the encrypted data becomes mathematically unrecoverable, even if the underlying storage media remains intact.

This method is particularly useful in cloud environments where storage is virtualized and hardware cannot easily be physically destroyed. Crypto-shredding provides compliance-friendly assurance that sensitive data such as personally identifiable information (PII), financial data, or healthcare records cannot be accessed after retention periods expire or contractual obligations end.

By incorporating crypto-shredding into the Destroy phase, organizations align with standards for secure data sanitization. This ensures legal defensibility during audits and e-discovery and demonstrates proper lifecycle governance. The emphasis is on making data inaccessible while still maintaining operational efficiency and environmental responsibility.

During the containment, eradication, and recovery phase of the incident response lifecycle, immediate action is taken to limit damage, remove the threat, and restore normal operations. Managing Cloud guidance explains that isolating affected systems is a key containment activity.

Taking systems offline prevents attackers from continuing malicious activity, stops further data loss, and allows remediation to occur safely. Once contained, systems can be cleaned, patched, restored from backups, and securely returned to service.

Validating alerts occurs during detection and analysis, identifying training needs belongs to lessons learned, and building a timeline of attack supports forensic analysis. Therefore, taking systems offline is the correct countermeasure in this phase.

Once a vendor has been selected, the onboarding phase requires contractual verification and technical arrangements for data transfer. This step ensures that service levels, compliance requirements, encryption standards, and responsibilities are clearly defined before operations begin.

Options such as identifying the business need or responding to the RFP are pre-selection activities. Ensuring secure destruction of data is relevant to offboarding, not onboarding. Therefore, the most critical onboarding task is verifying the contract details and ensuring secure data transfer agreements.

Discussing these issues protects the organization from legal disputes, ensures smooth technical integration, and supports compliance with frameworks such as GDPR and PCI DSS. It also defines the scope of vendor accountability in case of security incidents.

The Operational Excellence pillar emphasizes practices that allow organizations to develop, deploy, and operate workloads effectively. It includes monitoring operations, responding to incidents, and continuously improving processes. By embedding feedback loops, organizations enhance agility and ensure that technology supports business value.

Performance efficiency deals with using computing resources efficiently, reliability ensures system availability, and sustainability focuses on environmental responsibility. While important, these do not encompass the process-driven improvements at the heart of operational excellence.

Operational excellence ensures that organizations can adapt quickly to changes, implement automation, and drive consistent improvements across cloud workloads. It is a key principle in cloud frameworks like AWS Well-Architected, Microsoft CAF, and Google’s Reliability Engineering practices.

Business Impact Analysis (BIA) is the process that involves identifying and valuing assets to determine their potential effect on cloud operations. Managing Cloud documentation explains that BIA assesses how disruptions to systems, applications, or data impact business functions.

The process evaluates asset criticality, financial loss, operational downtime, and reputational damage. This information helps prioritize recovery strategies, define recovery time objectives, and guide risk management decisions in cloud environments.

Risk transfer shifts risk to third parties, vulnerability assessment identifies weaknesses, and out-of-band validation verifies controls independently. Therefore, business impact analysis is the correct answer.

The Internet of Things (IoT) is increasingly deployed in enterprise environments for digital tracking of supply chains. Managing Cloud principles explain that IoT enables physical objects—such as sensors, tags, and devices—to collect and transmit data in real time.

In supply chain scenarios, IoT devices track location, temperature, humidity, and movement of goods throughout manufacturing, transportation, and storage. This continuous data collection improves visibility, efficiency, and accountability across the supply chain. Cloud platforms commonly support IoT by aggregating, storing, and analyzing the collected data.

Cloud computing provides infrastructure, big data analyzes large datasets, and machine learning derives insights, but IoT is the enabling technology that performs real-time tracking. Therefore, Internet of Things is the correct answer.

The Hybrid cloud model allows an on-premises data center to use cloud bursting. Managing Cloud principles explain that cloud bursting enables organizations to handle spikes in workload demand by temporarily using public cloud resources while maintaining normal operations on private, on-premises infrastructure.

In a hybrid model, private and public cloud environments are integrated, allowing workloads to move seamlessly between them. When on-premises capacity is exceeded, additional processing power or storage is obtained from the public cloud and released once demand returns to normal. This approach provides flexibility, scalability, and cost efficiency without requiring permanent over-provisioning of on-premises resources.

Public, private, and community clouds do not independently support cloud bursting from on-premises environments without hybrid integration. Therefore, the hybrid cloud model is the correct answer.

A key benefit of federated identity and access management (IAM) is the ability to use an organization’s existing identities to access cloud services. Managing Cloud documentation explains that federation allows authentication to occur through a trusted identity provider rather than the cloud service provider.

This enables centralized identity management, reduces credential sprawl, and improves security by enforcing consistent authentication policies such as multi-factor authentication. Federation also simplifies user experience by enabling single sign-on across cloud and on-premises systems.

The other options do not represent core benefits of federated IAM. Therefore, using an organization’s identities is the correct answer.