Managing-Cloud-Security Exam Dumps - WGU Managing Cloud Security (JY02, GZO1)

The Public cloud model is owned and operated by a vendor and offered to customers through sale, lease, or rental arrangements. Managing Cloud principles describe public cloud providers as entities that deliver shared infrastructure, platforms, or applications to multiple customers over the internet.

In this model, the cloud service provider manages the infrastructure, maintenance, and security of the environment, while customers consume services on a pay-as-you-go or subscription basis. Public clouds offer scalability, flexibility, and cost efficiency but provide less control over underlying systems.

Private clouds are dedicated to a single organization, hybrid clouds combine multiple models, and community clouds serve specific groups. Therefore, the public cloud model best fits the description.

This concern is addressed by considering portability and interoperability options. Managing Cloud guidance explains that organizations must plan for provider exit scenarios to avoid dependency risks.

Portability ensures data and workloads can be moved to another provider or on-premises environment, while interoperability supports compatibility across platforms. This may include standardized data formats, documented APIs, and offsite backups.

Multiple zones address outages, not provider bankruptcy. Contract revisions help legally but do not guarantee recovery. Therefore, portability and interoperability are the correct focus.

Multifactor Authentication (MFA) is a commonly mandated control for obtaining cybersecurity insurance. MFA requires users to present at least two independent factors—something they know (password), something they have (token), or something they are (biometrics). This significantly reduces the risk of unauthorized access due to stolen or weak credentials.

Network segmentation and application whitelisting are valuable, but they are not universal insurance requirements. TPM is a hardware component for securing local devices but does not protect remote access in distributed work models.

By enforcing MFA across VPNs, cloud services, email, and administrative interfaces, organizations demonstrate strong access control measures. Insurance providers recognize MFA as a foundational safeguard, reducing claims risk from credential-based breaches. This makes MFA both a compliance requirement and a best practice.

When a SaaS solution is included within the scope of an ISO 27001 audit, the organization should provide the cloud provider’s compliance attestation as evidence of controls. Managing Cloud guidance explains that in the SaaS model, the provider manages infrastructure, platform, and application-level controls.

Because customers do not manage operating systems, firewalls, or physical data centers in SaaS, they cannot supply direct technical evidence for those controls. Instead, third-party audit reports and attestations demonstrate that the provider has implemented appropriate security controls.

Firewall rules, OS patch logs, and physical diagrams are not accessible to SaaS customers. Therefore, provider compliance attestation is the correct evidence.

This is an example of social engineering, where attackers manipulate individuals into divulging confidential information or performing actions that compromise security. In this case, the fraudulent caller convinced the help desk to disclose sensitive employee data.

Man-in-the-middle attacks involve intercepting communication between parties, escalation of privilege involves gaining higher access rights, and internal threats come from legitimate insiders. None of these fit the situation as accurately as social engineering.

Social engineering exploits human trust rather than technical vulnerabilities. Common tactics include phishing, pretexting, and phone-based fraud (vishing). Preventing such threats requires strong identity verification processes, employee awareness training, and layered authentication mechanisms. By recognizing the human element as a weak point, organizations can better prepare staff to resist manipulative tactics.

The Infrastructure logical design model includes the foundational components of a secure computing system, such as compute, networking, and storage. Managing Cloud principles explain that infrastructure represents the base layer upon which all other cloud services and security controls are built.

This layer includes physical and virtual servers, network connectivity, storage systems, and the virtualization technologies that enable resource sharing. Securing the infrastructure is critical because weaknesses at this level can compromise higher-level services and applications. Controls such as network segmentation, secure configurations, redundancy, and access restrictions are applied at the infrastructure level to protect workloads and data.

Infostructure focuses on data and information handling, applistructure relates to applications and services, and metastructure supports orchestration and management. Therefore, infrastructure correctly represents the foundational logical design model for secure cloud computing.

Tier IV is the highest level in the Uptime Institute’s Data Center Site Infrastructure Tier Standards and is considered the most secure, reliable, and redundant. Managing Cloud documentation explains that Tier IV data centers provide fault tolerance with multiple independent systems.

This tier includes fully redundant components, multiple active power and cooling distribution paths, and continuous operation even during maintenance or failure events. Tier IV environments are designed for mission-critical systems requiring maximum uptime.

Tier I through Tier III offer increasing levels of redundancy but do not provide full fault tolerance. Therefore, Tier IV is the correct answer.

In a cloud environment, responsibility for hardware management shifts primarily to the cloud provider. Customers no longer manage servers, storage devices, or physical networks directly. As a result, hardware management policies are less critical for customer audits compared to data classification, procurement, or acceptable use.

Data classification remains essential to secure sensitive information. Software procurement policies are important to control licensing and compliance. Acceptable use policies govern employee behavior in cloud environments.

While organizations may still need high-level oversight of hardware through contracts and SLAs, detailed hardware policies have a reduced role. Instead, emphasis shifts to managing the shared responsibility model, ensuring cloud provider controls complement customer governance.