Free WGU Managing-Cloud-Security Practice Exam with Questions & Answers | Set: 3

A Security Operations Center (SOC) is a centralized facility that allows administrators to monitor, detect, investigate, and respond to cybersecurity events in real time. SOC teams leverage tools such as SIEM (Security Information and Event Management), threat intelligence, and incident response playbooks.

ERTs and DRTs are teams focused on emergencies and disaster recovery, respectively, but they do not provide continuous monitoring. A NOC focuses on performance and availability of IT infrastructure but not on security threats.

By establishing a SOC, organizations ensure 24/7 visibility into security events, coordinated incident handling, and compliance with standards such as ISO 27001 and SOC 2. SOCs are essential in cloud environments where threats evolve rapidly, and centralized expertise is needed to minimize impact.

Continuous monitoring is the control that allows organizations to actively verify that a cloud provider is fulfilling contractual and compliance obligations. This involves automated collection and analysis of operational, security, and performance data. It enables organizations to ensure that service-level agreements (SLAs) are being honored and that compliance requirements are being met in real time.

While regulatory oversight is provided by external authorities and incident management is reactive in nature, continuous monitoring is a proactive approach. It allows customers to maintain visibility into provider operations. Confidential computing focuses on data protection but does not verify contract adherence.

By employing continuous monitoring, organizations establish transparency and accountability. It also supports audit processes by providing evidence that controls remain effective over time. This reduces risk associated with outsourcing critical functions to a cloud provider and ensures resilience against potential provider-side failures.

The Infrastructure logical design model includes the foundational components of a secure computing system, such as compute, networking, and storage. Managing Cloud principles explain that infrastructure represents the base layer upon which all other cloud services and security controls are built.

This layer includes physical and virtual servers, network connectivity, storage systems, and the virtualization technologies that enable resource sharing. Securing the infrastructure is critical because weaknesses at this level can compromise higher-level services and applications. Controls such as network segmentation, secure configurations, redundancy, and access restrictions are applied at the infrastructure level to protect workloads and data.

Infostructure focuses on data and information handling, applistructure relates to applications and services, and metastructure supports orchestration and management. Therefore, infrastructure correctly represents the foundational logical design model for secure cloud computing.

Evaluating the use of virtualization addresses a logical design consideration. Managing Cloud documentation explains that logical design focuses on system architecture, virtualization layers, network segmentation, and service delivery models.

Virtualization determines how workloads are abstracted from physical hardware, how resources are shared, and how isolation is enforced between workloads. Decisions related to hypervisors, virtual machines, containers, and orchestration platforms fall under logical architecture rather than physical layout or environmental controls.

Regulatory considerations involve compliance requirements, environmental considerations include power and cooling, and physical considerations address space and hardware placement. Therefore, virtualization is a logical design consideration.

Industry best practice requires that encryption keys are stored separately from the data they protect. This ensures that if the data storage system is compromised, attackers cannot immediately decrypt sensitive information. The use of a secure escrow system is a recognized approach.

An escrow provides controlled storage for encryption keys, ensuring they are only accessible by authorized processes and not co-located with the protected data. Keeping keys “local” to the data creates a single point of failure. A public or private repository without specialized protection mechanisms would also be insufficient due to risks of insider threats or misconfiguration.

By placing keys in an independent escrow system, the organization enforces separation of duties, strengthens defense-in-depth, and aligns with cryptographic standards from NIST and ISO. This practice is vital when dealing with archival data, where long-term confidentiality must be preserved even as systems evolve.

A Database Activity Monitor (DAM) is specifically designed to identify and stop attack-based commands from executing on a SQL server. Managing Cloud documentation explains that DAM solutions monitor database traffic in real time, inspecting queries and commands for malicious patterns such as SQL injection, privilege escalation, and unauthorized data access attempts.

Unlike traditional firewalls, which primarily filter network traffic, a DAM understands database-specific protocols and SQL command structures. This allows it to detect abnormal or unauthorized queries that may bypass perimeter defenses. When a suspicious command is identified, the DAM can alert administrators, block the execution, or log the activity for forensic analysis.

The other options do not provide this level of database-specific protection. A host-based firewall controls traffic to and from a server but does not analyze SQL commands. A hardware security module focuses on key management and cryptographic operations. A cloud access and security broker enforces security policies between cloud consumers and providers but does not inspect SQL commands directly. Therefore, the database activity monitor is the correct device for stopping attack-based SQL commands.

Static application security testing (SAST) is most likely to identify embedded credentials. Managing Cloud principles explain that SAST analyzes application source code, binaries, or bytecode without executing the program.

Because SAST inspects code structure and logic, it can detect hard-coded passwords, API keys, and secrets embedded directly in application files. These vulnerabilities pose significant risk if exposed in cloud environments.

Software misconfiguration and runtime vulnerabilities require execution context, and hypervisor vulnerabilities exist outside application code. Therefore, embedded credentials are best detected through SAST.

Platform as a Service (PaaS) is the recommended option for organizations seeking to simplify application development and management. Managing Cloud guidance explains that PaaS provides a complete development environment, including operating systems, runtime environments, middleware, databases, and development tools.

By abstracting infrastructure and platform management, PaaS allows developers to focus exclusively on building, testing, and deploying applications. Tasks such as patching, scaling, load balancing, and environment configuration are handled by the cloud provider, reducing complexity and administrative effort.

DaaS focuses on delivering virtual desktops, IaaS requires customers to manage operating systems and applications, and SaaS provides fully developed applications rather than development platforms. Therefore, PaaS best meets the requirement of simplifying development and management.

The described threat is a Denial of Service (DoS) attack. In security contexts, a DoS attack aims to make a system, application, or data unavailable to legitimate users by overwhelming resources. Unlike brute force or rainbow table attacks, which target authentication mechanisms, or encryption, which is a defensive control, DoS focuses on disrupting availability—the “A” in the Confidentiality, Integrity, Availability (CIA) triad.

DoS can be executed in many ways: flooding a network with traffic, exhausting server memory, or overwhelming application processes. When scaled by multiple coordinated systems, it becomes a Distributed Denial of Service (DDoS) attack. In either case, the effect is the same—authorized users cannot access critical data or services.

For cloud environments, where service uptime is crucial, DoS protections such as rate limiting, auto-scaling, and upstream filtering are essential. Training data center engineers to recognize DoS helps them understand the importance of resilience strategies and ensures continuity planning includes availability safeguards.

Indirect identifiers are pieces of information that may not identify an individual on their own but, when combined with other data, can uniquely identify someone. Examples include birthdate, ZIP code, or gender. Together, these can re-identify a person, even when names or direct identifiers are removed.

Direct identifiers (such as Social Security numbers) uniquely identify an individual alone. Data subjects are the individuals to whom the data refers, while personal details is too broad and not a formal term.

Understanding indirect identifiers is essential in privacy regulations like GDPR and HIPAA, where pseudonymization or anonymization must account for potential re-identification risks. Safeguarding indirect identifiers reduces the chance of privacy violations and unauthorized profiling.