Pass the WGU Courses and Certificates Managing-Cloud-Security Questions and answers with ExamsMirror

The described scenario is an injection attack. Injection occurs when unvalidated input—such as SQL commands, script code, or OS instructions—is sent to an application through API forms or parameters. If the application fails to sanitize input, the attacker’s code may be executed with full system privileges.

On-path attacks intercept communication, credential attacks target authentication, and denial-of-service floods services. None involve code execution via unvalidated input.

Injection is a top risk in OWASP API Security Top 10. Developers must implement input validation, parameterized queries, and least privilege principles to mitigate this risk. API gateways and WAFs provide additional layers of protection but cannot replace secure coding practices.

Persistent protection is the security strategy most closely associated with data rights management (DRM) solutions. Managing Cloud principles explain that DRM is designed to ensure that data remains protected throughout its entire lifecycle, regardless of where it is stored, shared, or accessed.

Persistent protection means that security controls such as access restrictions, usage limitations, and expiration rules stay attached to the data itself. Even if the data is copied, transferred, or moved outside the original system, DRM policies continue to enforce protection. This approach is critical in cloud environments where data frequently moves across platforms, users, and geographic regions.

The other options do not represent DRM strategies. Multilevel aggregation and enhanced detail relate to data processing or analytics concepts, while unexpired digital content describes a content state rather than a security strategy. Therefore, persistent protection correctly represents the security approach used by data rights management solutions.

The Hybrid key management option typically requires key management infrastructure to remain on-premises while securely delivering cryptographic keys to the cloud through a dedicated and protected connection. Managing Cloud guidance explains that hybrid key management models are designed for organizations that require maximum control over encryption keys while still leveraging cloud-based storage and processing.

In this model, encryption keys are generated, stored, and managed within the organization’s own secure environment, reducing the risk of unauthorized access by external entities. Keys are provided to cloud services only when needed and often through secure channels such as private network connections. This approach supports strict compliance, regulatory, and data sovereignty requirements.

Other options do not meet this requirement. A hardware security appliance may be used on-premises but does not inherently define a hybrid cloud delivery model. Virtual appliances are typically cloud-resident, and cloud provider services manage keys entirely within the provider’s infrastructure. Therefore, the hybrid option best aligns with on-premises key control combined with secure cloud integration.

Outages are the primary cloud risk associated with dependency on legacy internal servers for application delivery. Managing Cloud guidance explains that legacy systems often lack redundancy, scalability, and resilience compared to cloud-native architectures.

When applications rely on aging internal infrastructure, failures in hardware, power, or connectivity can interrupt service delivery to end users. These outages can disrupt supply chains, delay transactions, and impact business continuity.

Natural disasters are external events, fast run time is not a risk, and homomorphic encryption is a cryptographic technique. Therefore, outages represent the correct risk in this context.

The method described is striping, which is a technique used in RAID configurations to improve performance and distribute risk. Striping involves splitting data into smaller segments and writing those segments across multiple disks simultaneously. For example, if a file is divided into four parts, each part is written to a separate disk in the RAID array.

This parallelism enhances input/output (I/O) performance because multiple drives can be accessed at once. It also provides resilience depending on the RAID level. While striping by itself (RAID 0) increases performance but not redundancy, when combined with mirroring or parity (e.g., RAID 5 or RAID 10), it offers both speed and fault tolerance.

The purpose of striping in the data management context is to optimize how data is stored, accessed, and protected. It is fundamentally different from archiving, mapping, or crypto-shredding, as those serve different objectives (long-term storage, logical placement, or secure deletion). Striping is central to high-performance storage systems and supports availability in mission-critical environments.

Bollards are physical barriers designed to prevent vehicles from ramming into or breaching secure facilities. They are often placed at entrances, around perimeters, or in front of critical infrastructure like data centers.

Locks, cameras, and fences provide important physical security, but they cannot stop a high-speed vehicle from causing damage. Cameras record activity, fences create boundaries, and locks secure access points, but only bollards physically block or mitigate vehicle attacks.

Governmental and critical infrastructure sites commonly deploy bollards to protect against both accidental collisions and deliberate vehicle-borne attacks. Combined with layered security measures—such as surveillance and fencing—they enhance resilience against physical threats to sensitive data centers.

The capability to rapidly create and destroy virtual systems as demand fluctuates is known as ephemeral computing. These short-lived resources are provisioned automatically when needed and decommissioned when demand subsides.

Resource scheduling helps allocate resources but does not imply temporary lifespans. High availability ensures continuous service, and maintenance mode is used for administrative tasks.

Ephemeral computing is central to elasticity in cloud environments, reducing costs and improving scalability. For example, containers or serverless functions may run only while needed and then disappear. This model optimizes utilization, lowers expenses, and supports modern application architectures that demand agility.

A key benefit of federated identity and access management (IAM) is the ability to use an organization’s existing identities to access cloud services. Managing Cloud documentation explains that federation allows authentication to occur through a trusted identity provider rather than the cloud service provider.

This enables centralized identity management, reduces credential sprawl, and improves security by enforcing consistent authentication policies such as multi-factor authentication. Federation also simplifies user experience by enabling single sign-on across cloud and on-premises systems.

The other options do not represent core benefits of federated IAM. Therefore, using an organization’s identities is the correct answer.

Vendor lock-in risk arises when organizations outsource significant investments in data formats, procedures, or processes that are tightly coupled to a specific cloud provider. Managing Cloud principles explain that proprietary technologies, APIs, and workflows can make it difficult or costly to migrate to another provider.

This dependency limits flexibility and bargaining power and can increase long-term costs or operational risk if the provider changes pricing, services, or availability. Lock-in risk is a key consideration during cloud strategy planning.

Compliance risk involves regulatory obligations, overutilization concerns excessive resource usage, and exit risk relates to termination processes rather than dependency. Therefore, lock-in risk is the correct answer.

The Payment Card Industry Data Security Standard (PCI DSS) governs credit card transactions in cloud operations. Managing Cloud principles explain that PCI DSS establishes security requirements for organizations that store, process, or transmit cardholder data.

PCI DSS applies to cloud service providers and cloud customers involved in payment processing. It mandates controls such as encryption, access restrictions, monitoring, vulnerability management, and secure system configurations to protect cardholder information.

GLBA applies to financial institutions, SOX governs financial reporting controls, and HIPAA protects healthcare data. Therefore, PCI DSS is the correct regulation for credit card transactions.