WGU Managing-Cloud-Security - WGU Managing Cloud Security (JY02, GZO1)

When sharing personal data with a trusted third party, organizations must ensure that the recipient understands and adheres to the organization’s privacy policy and handling practices. This ensures consistent treatment of personal information across entities and aligns with consent provided by individuals.

Audit results and contractual notices are internal matters, while federal laws define obligations but do not substitute for organizational policies. By explicitly sharing policies and practices, organizations reinforce accountability and ensure compliance with privacy regulations such as GDPR, HIPAA, or CCPA.

This communication sets expectations for data use, retention, and disclosure. It also provides a defensible framework in case of regulatory inquiries, showing that due diligence was performed when transferring data to third parties.

Procedures are detailed, step-by-step instructions that guide personnel on how to perform specific tasks in alignment with higher-level policies. In an investigation, when uncertainty arises about handling a dataset, procedures provide the exact operational guidance required.

Policies establish high-level rules (e.g., “financial data must be protected”), while procedures explain how to achieve compliance with those policies (e.g., “verify encryption, label dataset, log access, and escalate to compliance officer”). Legal rulings and definitions are external references but do not provide operational steps.

By following documented procedures, investigators ensure consistency, compliance, and defensibility in legal contexts. This also ensures that evidence is handled properly, supporting admissibility in court and protecting the organization against legal or regulatory challenges.

The Cloud Security Alliance (CSA) uses the NIST cloud computing model as its standard for defining cloud computing. Managing Cloud principles explain that CSA aligns with the National Institute of Standards and Technology (NIST) definition because it provides a clear, vendor-neutral framework widely accepted across industry and government.

The NIST model defines essential cloud characteristics such as on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. It also clearly identifies service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, and community), which are foundational to cloud security governance.

SOX, SOC 3, and SAS 70 are compliance and audit frameworks rather than cloud computing definitions. Therefore, NIST is the correct standard used by CSA.

Multitenancy of networks is a logical design consideration when planning a data center. Managing Cloud principles explain that logical considerations focus on how systems, networks, and services are structured and interact, rather than physical infrastructure components.

Multitenancy requires logical separation of tenants to ensure confidentiality, integrity, and availability of data. This includes network segmentation, virtual LANs, access controls, and isolation mechanisms that prevent one tenant from accessing another tenant’s resources. Proper logical design is critical in cloud environments where multiple customers share the same physical infrastructure.

The other options represent non-logical considerations. Heating and cooling and utility power availability are physical and environmental concerns, while ability for expansion relates to physical capacity planning. Therefore, multitenancy of networks is the correct logical consideration.

The categories mentioned—relational, nonrelational, key-value, and document-oriented—refer to different types of databases. Relational databases (SQL) organize data into tables with rows and columns, nonrelational databases (NoSQL) provide flexibility for unstructured data, key-value stores map identifiers to values, and document-oriented databases manage data in formats such as JSON or BSON.

Object-based storage and volumes are alternative storage architectures but are not described by these categories. XML is a data format, not a storage type.

In the cloud, database services are offered as managed solutions, reducing the administrative burden on organizations. Properly managing database storage is critical for data governance, confidentiality, and compliance. Databases are also central to security strategies, where access control, encryption, and auditing are applied.

Thus, the correct answer is database storage, which encompasses multiple architectures that address different performance, scalability, and data management needs.

While cloud providers typically offer built-in encryption, customers should apply additional encryption for sensitive data to maintain defense-in-depth. Encrypting files and folders before uploading them ensures that even if provider-side protections fail, data remains confidential.

WAFs protect applications from web threats, DAM tools monitor database use, and block storage versus file storage is an architecture choice. None of these directly provide an extra protective layer for stored data.

By maintaining control of their encryption keys, customers ensure compliance with data protection standards such as GDPR, HIPAA, or PCI DSS. This practice also mitigates insider threats within the provider’s environment and supports secure multi-cloud strategies. Encryption remains the strongest safeguard for protecting sensitive files in public cloud storage.

Cryptographic erasure is a secure data sanitization technique that relies on encryption. The process involves encrypting the data, encrypting the keys with a second layer, and then destroying the encryption keys. Without the keys, the encrypted data becomes unreadable and is effectively destroyed, even though the storage media remains intact.

One-way hashing is used for password storage, not full data destruction. Degaussing is for magnetic media, and overwriting involves physically writing new data over existing sectors.

Cryptographic erasure is widely used in cloud environments where physical media cannot be easily destroyed or reclaimed by customers. It ensures compliance with data retention and privacy regulations while maintaining environmental sustainability by allowing reuse of storage hardware.

Threat modeling is the approach that helps developers prepare for common application vulnerabilities in cloud environments. Managing Cloud principles explain that threat modeling is a proactive security activity performed during the design and development phases of an application.

This approach involves identifying potential threats, attack vectors, and weaknesses based on application architecture, data flows, trust boundaries, and usage patterns. By anticipating how attackers may exploit cloud-specific characteristics—such as exposed APIs, shared resources, and identity-based access—developers can design controls to mitigate risks early in the lifecycle.

Sandboxing and application virtualization are isolation techniques rather than preparation methods, and multitenancy describes a cloud architecture characteristic. Threat modeling directly supports secure design by aligning security controls with known vulnerability patterns. Therefore, threat modeling is the correct answer.

The Internet of Things (IoT) is increasingly deployed in enterprise environments for digital tracking of supply chains. Managing Cloud principles explain that IoT enables physical objects—such as sensors, tags, and devices—to collect and transmit data in real time.

In supply chain scenarios, IoT devices track location, temperature, humidity, and movement of goods throughout manufacturing, transportation, and storage. This continuous data collection improves visibility, efficiency, and accountability across the supply chain. Cloud platforms commonly support IoT by aggregating, storing, and analyzing the collected data.

Cloud computing provides infrastructure, big data analyzes large datasets, and machine learning derives insights, but IoT is the enabling technology that performs real-time tracking. Therefore, Internet of Things is the correct answer.

A cloud-based DDoS protection strategy helps mitigate attacks by rerouting traffic to specialized mitigation services. Managing Cloud guidance explains that cloud providers leverage large-scale, distributed infrastructures capable of absorbing and filtering massive volumes of malicious traffic.

When an attack is detected, traffic is redirected to scrubbing centers or mitigation platforms that analyze and filter malicious packets before forwarding legitimate traffic to the target application. This prevents backend systems from becoming overwhelmed and ensures service availability.

The other options provide limited protection. Load balancing and multiple endpoints distribute traffic but do not filter attacks, and scaling applications may still fail under volumetric attacks. Therefore, rerouting traffic to mitigation services is the most effective strategy.