Pass the WGU Courses and Certificates Managing-Cloud-Security Questions and answers with ValidTests

The STRIDE threat model identifies six categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. In this scenario, the accountant modified data they were not authorized to change. This is an act of Tampering, which refers to unauthorized alteration of data or systems.

Spoofing would involve impersonating another identity, denial of service would block availability, and elevation of privilege would involve gaining higher access rights. The accountant already had legitimate access but misused it to alter data outside their scope of responsibility.

Tampering compromises data integrity, one of the pillars of the CIA triad. In cloud and enterprise systems, safeguards against tampering include role-based access control, least privilege, and auditing to detect unauthorized changes. Recognizing this as tampering helps in identifying insider misuse and implementing compensating controls.

Database logs provide auditability and traceability required for event investigation and documentation. Managing Cloud principles state that logs capture detailed records of system activities, including access attempts, changes, transactions, and errors.

These logs allow security and operations teams to reconstruct events, identify unauthorized actions, and support forensic analysis. Database logs are essential for compliance, incident response, and continuous monitoring in cloud environments.

The other options do not provide the same level of chronological detail. Block and object storage hold data but do not record activity history, and database rows store current data states rather than event records. Therefore, database logs are the correct source for auditability and traceability.

Outages are the primary cloud risk associated with dependency on legacy internal servers for application delivery. Managing Cloud guidance explains that legacy systems often lack redundancy, scalability, and resilience compared to cloud-native architectures.

When applications rely on aging internal infrastructure, failures in hardware, power, or connectivity can interrupt service delivery to end users. These outages can disrupt supply chains, delay transactions, and impact business continuity.

Natural disasters are external events, fast run time is not a risk, and homomorphic encryption is a cryptographic technique. Therefore, outages represent the correct risk in this context.

The Gramm-Leach-Bliley Act (GLBA) requires cloud service providers to protect customer data for banks and insurance companies. Managing Cloud principles explain that GLBA applies to financial institutions and mandates safeguards to protect consumers’ nonpublic personal information.

Cloud service providers supporting financial organizations must implement security controls that align with GLBA requirements, including data protection, risk management, and access controls. This ensures confidentiality and integrity of financial data stored or processed in the cloud.

IDEA governs education services, DMCA addresses digital copyright, and FERPA protects student education records. Therefore, GLBA is the correct compliance requirement.

The Internet of Things (IoT) is increasingly deployed in enterprise environments for digital tracking of supply chains. Managing Cloud principles explain that IoT enables physical objects—such as sensors, tags, and devices—to collect and transmit data in real time.

In supply chain scenarios, IoT devices track location, temperature, humidity, and movement of goods throughout manufacturing, transportation, and storage. This continuous data collection improves visibility, efficiency, and accountability across the supply chain. Cloud platforms commonly support IoT by aggregating, storing, and analyzing the collected data.

Cloud computing provides infrastructure, big data analyzes large datasets, and machine learning derives insights, but IoT is the enabling technology that performs real-time tracking. Therefore, Internet of Things is the correct answer.

The Use phase of the cloud secure data lifecycle refers to the stage where data is actively accessed, viewed, or processed by users or applications without altering its original structure or content. Managing Cloud principles define this phase as the point where data is consumed for business operations such as reading reports, running analytics, or executing applications that rely on existing data.

During the Use phase, the data already exists in the cloud and is not being created, modified, or distributed to external entities. Instead, it is temporarily loaded into memory or processed by authorized systems to perform required tasks. Security controls during this phase focus on access management, authentication, authorization, and monitoring to ensure that only approved users and services can interact with the data.

The other options represent different lifecycle stages. The Create phase involves generating new data, the Store phase focuses on maintaining data at rest within storage systems, and the Share phase involves distributing data to other users or systems. None of these accurately describe data being viewed or processed without modification. Therefore, the Use phase correctly represents the lifecycle stage where data is accessed and processed in its existing form.

The Management component contains both a remotely accessible application programming interface (API) and a web-based graphical user interface. Managing Cloud documentation explains that the management layer is responsible for provisioning, monitoring, configuration, and administration of cloud resources.

This component enables administrators and automation tools to interact with cloud services programmatically through APIs, while also providing human-accessible web consoles for operational management. The dual-interface design supports scalability, automation, and ease of use.

Infrastructure provides raw compute, storage, and networking. Applistructure refers to deployed applications and services, while metastructure supports orchestration and abstraction. Therefore, the management component is the correct answer.

The described threat is a Denial of Service (DoS) attack. In security contexts, a DoS attack aims to make a system, application, or data unavailable to legitimate users by overwhelming resources. Unlike brute force or rainbow table attacks, which target authentication mechanisms, or encryption, which is a defensive control, DoS focuses on disrupting availability—the “A” in the Confidentiality, Integrity, Availability (CIA) triad.

DoS can be executed in many ways: flooding a network with traffic, exhausting server memory, or overwhelming application processes. When scaled by multiple coordinated systems, it becomes a Distributed Denial of Service (DDoS) attack. In either case, the effect is the same—authorized users cannot access critical data or services.

For cloud environments, where service uptime is crucial, DoS protections such as rate limiting, auto-scaling, and upstream filtering are essential. Training data center engineers to recognize DoS helps them understand the importance of resilience strategies and ensures continuity planning includes availability safeguards.

The CLOUD Act addresses conflicts that arise when law enforcement in one jurisdiction seeks access to data stored in another country. It clarifies how U.S. authorities can compel cloud providers to produce data, even if stored overseas, and establishes a framework for resolving jurisdictional conflicts through bilateral agreements.

The Act does not regulate genetic data, breach notifications, or employer surveillance. Its central purpose is to handle the challenge of cross-border data access in the era of globalized cloud computing.

For organizations, this means carefully evaluating how and where data is stored, and ensuring contracts and compliance strategies account for potential conflicts between U.S. law and foreign privacy regulations like GDPR. Awareness of CLOUD Act obligations is crucial in multinational cloud deployments.

Dedicated memory allocation ensures isolation between virtual machines in a shared environment. Without memory isolation, remnants of one VM’s operations might remain in physical memory and be accessible to another VM, leading to cross-tenant data leakage. Assigning dedicated memory prevents attackers from exploiting memory-sharing vulnerabilities.

Encrypted network protocols protect data in transit, not memory. Encrypted file systems safeguard storage, not volatile memory. A dedicated processor helps with performance and isolation of compute tasks but does not secure temporary memory contents.

Cloud environments are multi-tenant, which makes memory isolation a critical safeguard. By dedicating memory or enforcing strict hypervisor-level isolation, providers prevent data exposure between customers. This aligns with best practices for virtualization security and the “resource pooling” characteristic of cloud computing, ensuring that shared infrastructure does not compromise confidentiality.