Pass the WGU Courses and Certificates Managing-Cloud-Security Questions and answers with ValidTests

In Agile development, user stories are the standard way to capture requirements for new features or improvements. A user story describes the functionality from the perspective of the end user, ensuring that development aligns with business needs.

“Cases” might refer to test cases, which validate requirements, but they are not used to describe them. Cookies are technical elements for web sessions, and notes are informal documentation.

User stories typically follow a format such as: “As a [role], I want [goal] so that [benefit].” This provides clarity, fosters communication between developers and stakeholders, and ensures that acceptance criteria can be defined and tested. Using stories as a requirement tool aligns with iterative, customer-focused release cycles.

A host-based agent intrusion detection system (IDS) can be used to provide network monitoring security controls in an IaaS public cloud environment. Managing Cloud principles explain that customers do not control physical network infrastructure in public cloud environments, making traditional network taps or sniffed ports impractical.

Host-based IDS agents monitor traffic, processes, and system activity directly on virtual machines. This approach aligns with PCI DSS requirements by providing visibility into network activity, intrusion attempts, and policy violations without requiring physical hardware.

CSP audit logs provide limited visibility, and redundant firewalls focus on traffic control rather than monitoring. Sniffed network ports require physical access. Therefore, a host-based IDS is the correct solution.

A vulnerability assessment requires compliance with the cloud service provider’s terms of service. Managing Cloud documentation explains that vulnerability scanning and testing can affect cloud infrastructure and other tenants if not properly authorized.

CSPs define acceptable testing activities to protect shared environments. Customers must follow these guidelines to avoid violating contracts or causing service disruptions. Many CSPs require prior notification or explicit permission before conducting vulnerability assessments.

The other methods involve internal development processes and do not impact cloud infrastructure directly. Therefore, vulnerability assessment is the correct answer.

Platform as a Service (PaaS) allows customers to focus on writing and deploying code without managing the underlying infrastructure. The provider manages the operating system, runtime, and middleware, enabling faster development cycles and reduced administrative overhead.

IaaS would require the customer to configure servers and operating systems, SaaS provides ready-to-use applications, and DSaaS is a specialized category for analytics.

By abstracting the infrastructure, PaaS accelerates innovation and reduces operational burden but also limits flexibility in some cases. Security responsibilities under PaaS focus on application-level controls, while the provider handles infrastructure-level protections.

The Sarbanes-Oxley (SOX) Act of 2002 was enacted to restore investor confidence after major corporate accounting scandals. It requires publicly traded corporations to maintain accurate financial reporting and implement internal controls to safeguard the integrity of disclosed information.

GLBA focuses on protecting consumer financial data, GDPR is a European regulation governing privacy, and the CLOUD Act addresses cross-border law enforcement access to data. Only SOX directly mandates financial disclosure and corporate accountability.

SOX compliance includes maintaining audit trails, securing data integrity, and ensuring that executives certify financial statements. Failure to comply carries severe penalties, both civil and criminal. For cloud environments, SOX compliance extends to ensuring IT systems used for financial data are secure, monitored, and auditable.

Continuous auditing in the context of Information Rights Management (IRM) allows organizations to monitor access events in real time. It records who accessed a file, when, and how often. This enables organizations to enforce accountability and detect unusual access patterns, which are crucial for both security monitoring and compliance reporting.

Automatic expiration sets a time limit on file availability, while dynamic policy control adjusts permissions based on context (such as location or device). Persistent protection ensures files remain encrypted and controlled wherever they travel. While each feature is valuable, only continuous auditing provides the tracking and visibility into usage required by the scenario.

This approach aligns with governance requirements, providing an audit trail that supports incident response and compliance with data protection regulations. Continuous auditing strengthens both operational security and accountability.

The capability to rapidly create and destroy virtual systems as demand fluctuates is known as ephemeral computing. These short-lived resources are provisioned automatically when needed and decommissioned when demand subsides.

Resource scheduling helps allocate resources but does not imply temporary lifespans. High availability ensures continuous service, and maintenance mode is used for administrative tasks.

Ephemeral computing is central to elasticity in cloud environments, reducing costs and improving scalability. For example, containers or serverless functions may run only while needed and then disappear. This model optimizes utilization, lowers expenses, and supports modern application architectures that demand agility.

Retention periods define how long data must be stored to meet regulatory and compliance requirements. Managing Cloud guidance explains that laws and regulations often mandate minimum or maximum retention durations for specific types of data, such as financial records, health information, or audit logs.

A retention period policy ensures that data is kept for the required timeframe and securely disposed of once it is no longer needed. This helps organizations avoid legal penalties, reduce storage costs, and minimize risk exposure from retaining data longer than necessary.

The other options address different aspects of data management. Formats define how data is stored, classification categorizes data sensitivity, and retrieval focuses on access methods. None specify duration. Therefore, retention periods are the correct policy element.

Risk mitigation reduces the impact of risk within BCDR planning. Managing Cloud principles explain that mitigation involves implementing controls and safeguards to lessen the likelihood or severity of adverse events.

Examples include redundancy, backups, failover mechanisms, and monitoring. These measures do not eliminate risk but significantly reduce operational disruption and data loss when incidents occur.

Insurance transfers financial risk, avoidance eliminates activities, and acceptance acknowledges risk without action. Therefore, mitigation is the correct strategy for reducing impact.

Runtime Application Self-Protection (RASP) prevents environments from being over-controlled with performance-degrading security measures. Managing Cloud guidance explains that RASP operates from within the application, monitoring behavior and responding to threats in real time.

Because RASP provides contextual awareness of application logic, it reduces the need for excessive external security controls such as heavy network filtering or constant scanning. This minimizes performance impact while maintaining effective protection against attacks like injection, unauthorized access, and misuse of application functions.

QoS manages traffic prioritization, DDoS describes an attack type, and IDS detects threats but does not prevent over-control. Therefore, RASP is the correct technology.