Pass the WGU Courses and Certificates Managing-Cloud-Security Questions and answers with Dumpstech

Without a clear understanding of infrastructure and software, the leadership team must first conduct an inventory of assets. An asset inventory provides a comprehensive list of hardware, software, and services that support business operations.

Creating checklists, defining criteria, and assigning roles are important, but they rely on knowing what assets exist. Without an inventory, the disaster recovery plan would miss critical dependencies, making recovery incomplete or impossible.

Performing an inventory supports business impact analysis, risk assessments, and recovery prioritization. It ensures that all critical systems are accounted for and appropriate recovery strategies can be designed. Asset inventories are a foundational best practice for disaster recovery and continuity planning.

Lightweight Directory Access Protocol (LDAP) provides common directory services. Managing Cloud principles explain that LDAP is used to store and retrieve information about users, groups, roles, and permissions in a centralized directory.

LDAP supports authentication, authorization, and identity management by enabling systems to query user attributes and access rights. It is widely used in enterprise and cloud environments to integrate applications with centralized identity services.

RADIUS and TACACS+ are authentication protocols, and DNS resolves domain names to IP addresses. Therefore, LDAP is the correct entity for directory services.

The capability to rapidly create and destroy virtual systems as demand fluctuates is known as ephemeral computing. These short-lived resources are provisioned automatically when needed and decommissioned when demand subsides.

Resource scheduling helps allocate resources but does not imply temporary lifespans. High availability ensures continuous service, and maintenance mode is used for administrative tasks.

Ephemeral computing is central to elasticity in cloud environments, reducing costs and improving scalability. For example, containers or serverless functions may run only while needed and then disappear. This model optimizes utilization, lowers expenses, and supports modern application architectures that demand agility.

Object-based storage architecture allows digital rights management (DRM) solutions to associate metadata directly with stored materials. Managing Cloud documentation highlights that object storage is designed to store data as discrete objects, each containing the data itself, a unique identifier, and customizable metadata.

This metadata capability is essential for DRM solutions, as it enables the attachment of usage rights, access restrictions, expiration rules, and ownership information to digital content. Because metadata is stored alongside the object, policies can be enforced consistently regardless of where or how the data is accessed within the cloud environment.

Other storage architectures lack this flexibility. Volume and file storage focus on block-level or hierarchical file systems with limited metadata support, while relational databases require structured schemas not optimized for DRM metadata association. Object-based storage’s native metadata functionality makes it the preferred architecture for enforcing content protection and rights management in the cloud.

Offsite backups are an effective countermeasure against vendor lock-in and lock-out risks. Managing Cloud principles explain that maintaining copies of data outside a single cloud provider reduces dependency and ensures continued access if services become unavailable.

Offsite backups enable organizations to migrate data, recover from provider outages, or exit a provider relationship without losing critical information. This control supports business continuity, portability, and resilience.

Video surveillance addresses physical security, disk redundancy improves availability within the same provider, and training programs improve awareness but do not reduce dependency. Therefore, offsite backups are the correct security control.

Infrastructure as a Service (IaaS) allows an organization to maximize control over its information. Managing Cloud principles explain that in the IaaS model, customers manage operating systems, applications, data, access controls, and security configurations.

This high level of control enables organizations to implement customized security policies, encryption mechanisms, and compliance controls tailored to their specific requirements. Customers retain direct responsibility for data protection, system hardening, and monitoring.

In contrast, PaaS and SaaS abstract more control to the provider, limiting customization. DaaS focuses on user desktops rather than data governance. Therefore, IaaS provides the greatest control over information assets.

Platform as a Service (PaaS) allows customers to focus on writing and deploying code without managing the underlying infrastructure. The provider manages the operating system, runtime, and middleware, enabling faster development cycles and reduced administrative overhead.

IaaS would require the customer to configure servers and operating systems, SaaS provides ready-to-use applications, and DSaaS is a specialized category for analytics.

By abstracting the infrastructure, PaaS accelerates innovation and reduces operational burden but also limits flexibility in some cases. Security responsibilities under PaaS focus on application-level controls, while the provider handles infrastructure-level protections.

The most effective way to protect network traffic from interception is Transport Layer Security (TLS). TLS provides confidentiality, integrity, and authentication by encrypting data as it travels between client and server. Unlike older protocols like SSL, which is now deprecated due to vulnerabilities, TLS is the industry-standard protocol endorsed by modern security frameworks.

Compression and password protection through GZ is not a reliable method, as it does not offer strong encryption or resistance against sophisticated interception attacks. GRE is a tunneling protocol and does not inherently provide encryption.

By implementing TLS, organizations ensure protection against on-path attacks, replay attacks, and packet sniffing. TLS also supports features such as forward secrecy and certificate-based authentication, ensuring both secure data transmission and mutual trust between endpoints. In compliance-driven industries like healthcare and finance, TLS is explicitly mandated for protecting sensitive information in transit.

A bastion host is a hardened system placed at the boundary between different security zones. It acts as a gateway, controlling access from a less secure network (such as the internet or a lower-trust zone) into a higher-security zone (such as an internal cloud environment).

Secure Shell (SSH) provides secure communication but does not create a boundary. Virtual clients and host isolation are endpoint measures, not boundary defenses.

By placing a bastion host at the perimeter, organizations centralize monitoring, apply strict access controls, and reduce attack surfaces. These hosts are typically stripped down to essential services, patched frequently, and monitored closely. In cloud environments, bastion hosts are essential for controlling administrative access while enforcing strong authentication and logging.

The Store phase of the cloud data lifecycle is responsible for maintaining data in cloud storage systems and is where file, block, and object storage architectures are implemented. Managing Cloud documentation explains that once data is created and prepared, it must be stored using appropriate storage technologies that support availability, durability, scalability, and performance requirements.

File storage is commonly used for shared access and hierarchical file systems, block storage supports high-performance workloads such as databases and virtual machines, and object storage is optimized for scalability and unstructured data. All these storage models fall under the Store phase because they represent how data is retained and managed at rest within the cloud environment.

The Archive phase focuses on long-term retention and cost optimization, often using cold or infrequent access storage. The Create phase is concerned with generating data, and the Share phase involves distributing data to other users or systems. None of these phases define the architectural storage models used to hold data. Therefore, the Store phase is the correct answer, as it directly implements the underlying cloud storage architectures required to securely and efficiently manage data.