Pass the WGU Courses and Certificates Managing-Cloud-Security Questions and answers with ExamsMirror

The Stored Communications Act (SCA) restricts the government’s ability to force a cloud service provider to disclose customer data. Managing Cloud guidance explains that the SCA establishes legal protections for stored electronic communications and customer records held by service providers.

The act defines conditions under which government entities may request access to stored data, requiring appropriate legal processes such as warrants or court orders. This provides a level of privacy protection for cloud customers and limits unauthorized or excessive disclosure.

GLBA focuses on financial data, SOX addresses corporate governance, and ECPA is broader legislation that includes the SCA but does not directly define cloud disclosure limitations on its own. Therefore, SCA is the correct answer.

A Database Activity Monitor (DAM) is specifically designed to identify and stop attack-based commands from executing on a SQL server. Managing Cloud documentation explains that DAM solutions monitor database traffic in real time, inspecting queries and commands for malicious patterns such as SQL injection, privilege escalation, and unauthorized data access attempts.

Unlike traditional firewalls, which primarily filter network traffic, a DAM understands database-specific protocols and SQL command structures. This allows it to detect abnormal or unauthorized queries that may bypass perimeter defenses. When a suspicious command is identified, the DAM can alert administrators, block the execution, or log the activity for forensic analysis.

The other options do not provide this level of database-specific protection. A host-based firewall controls traffic to and from a server but does not analyze SQL commands. A hardware security module focuses on key management and cryptographic operations. A cloud access and security broker enforces security policies between cloud consumers and providers but does not inspect SQL commands directly. Therefore, the database activity monitor is the correct device for stopping attack-based SQL commands.

Key escrow is the management process that involves multiple key holders, where each party has access to a portion of the cryptographic information. Managing Cloud principles explain that key escrow is designed to ensure availability and recoverability of encrypted data while maintaining security controls.

In this model, encryption keys are stored securely with trusted third parties or divided among multiple custodians. No single individual has full access to the complete key, reducing the risk of misuse or compromise. Key escrow is often used to support compliance, lawful access requirements, and business continuity needs, ensuring that encrypted data can be recovered if the primary key holder is unavailable.

The other options do not fit this definition. Recovery refers to restoring keys or data, revocation disables compromised keys, and distribution focuses on delivering keys to authorized systems. Therefore, escrow is the correct answer.

Data seizure is the risk associated with legal authorities removing or accessing a person’s information stored in a public cloud. Managing Cloud guidance explains that cloud data is subject to the laws and legal processes of the jurisdiction in which it resides.

In some cases, government agencies may compel cloud service providers to disclose or seize data as part of legal investigations. This can occur without the data owner’s direct involvement and may affect confidentiality, privacy, and business operations. Public cloud environments increase this risk because infrastructure is shared and often spans multiple jurisdictions.

Remote wiping is a data destruction technique, vendor lock-in relates to dependency on providers, and data masking protects sensitive data. Therefore, data seizure is the correct risk.

The unplanned event described is a disruption of service. In IT service management frameworks like ITIL, disruptions occur when an incident prevents normal service delivery. The goal of incident management is to restore service quickly and minimize impact on customers.

A bug refers to a software defect, which may cause disruptions but is not synonymous with the event itself. An error represents a fault, while change refers to deliberate modifications. Only disruption captures the unplanned nature of service unavailability.

Recognizing incidents as disruptions helps organizations apply structured processes such as escalation, root-cause analysis, and communication. It ensures resilience in cloud-based environments where uptime is a key performance indicator and customer trust is closely tied to availability.

Once a vendor has been selected, the onboarding phase requires contractual verification and technical arrangements for data transfer. This step ensures that service levels, compliance requirements, encryption standards, and responsibilities are clearly defined before operations begin.

Options such as identifying the business need or responding to the RFP are pre-selection activities. Ensuring secure destruction of data is relevant to offboarding, not onboarding. Therefore, the most critical onboarding task is verifying the contract details and ensuring secure data transfer agreements.

Discussing these issues protects the organization from legal disputes, ensures smooth technical integration, and supports compliance with frameworks such as GDPR and PCI DSS. It also defines the scope of vendor accountability in case of security incidents.

The software agent management plane must support auto-scaling and elasticity because traditional security tools are not designed for the speed and scale of cloud environments. Managing Cloud guidance explains that cloud workloads can be created, scaled, and terminated rapidly, often within minutes or seconds.

If security management systems cannot scale at the same pace, workloads may operate without protection or monitoring. Elastic security management ensures that agents are deployed, configured, and decommissioned automatically as workloads scale up or down.

The other options do not directly explain the need for elasticity. Network isolation, reduced services, and firewall port usage are not the primary drivers. Therefore, the need to match cloud velocity makes option C correct.

Provisioning is the first phase of identity management used to assert a user’s identity. Managing Cloud documentation explains that identity management begins with establishing and registering a user within an identity system. Provisioning involves creating a digital identity, assigning unique identifiers, and associating credentials that allow the user to be recognized by systems and applications.

This phase forms the foundation for all subsequent identity and access management processes. Without proper provisioning, authentication and authorization cannot occur because the system has no trusted identity to evaluate. Provisioning also includes defining initial roles and access levels based on organizational policies.

Centralization and decentralization describe architectural approaches to managing identities rather than lifecycle phases. Deprovisioning occurs at the end of the lifecycle when access is revoked. Therefore, provisioning is correctly identified as the first phase where the user’s identity is established and asserted.

Archiving and retrieval procedures are the data retention method used for business continuity and disaster recovery (BC/DR) backups. Managing Cloud principles describe BC/DR as a critical operational function that ensures data can be restored following system failures, cyber incidents, or natural disasters.

Archiving involves securely storing backup data in a manner that preserves integrity and availability over time. Retrieval procedures define how quickly and effectively data can be accessed and restored when needed. Together, these procedures ensure that organizations can resume operations with minimal disruption.

The other options do not support BC/DR directly. Data classification categorizes data by sensitivity, local agent checks focus on endpoint health, and monitoring and enforcement apply to security oversight rather than retention. Therefore, archiving and retrieval procedures are essential for BC/DR backups.

Reporting the work on the news is considered legal fair use of a copyrighted item. Managing Cloud guidance explains that fair use allows limited use of copyrighted material without permission when the purpose is commentary, criticism, education, or news reporting.

In news reporting, copyrighted material may be referenced or partially reproduced to inform the public, provided it does not replace the original work or cause financial harm to the copyright owner. This principle supports transparency and public awareness while balancing intellectual property rights.

The other activities typically require authorization from the copyright holder. Performing a work publicly, exporting it, or broadcasting it generally involves distribution or commercial use, which falls outside fair use protections. Therefore, reporting the work in the news is the correct example of legal fair use.