• Home
  • Articles
  • [Full-Version] 2026 New Managing-Cloud-Security Actual Exam Dumps, WGU Practice Test [Q56-Q71]

[Full-Version] 2026 New Managing-Cloud-Security Actual Exam Dumps, WGU Practice Test [Q56-Q71]

Share

[Full-Version] 2026 New Managing-Cloud-Security Actual Exam Dumps,  WGU Practice Test

Study HIGH Quality Managing-Cloud-Security Free Study Guides and Exams Tutorials

NEW QUESTION # 56
Which guide remedies the challenge of the international nature of cloud forensics and is known for becoming the premier standard for eDiscovery?

  • A. ISO/IEC 27041:2015
  • B. ISO/IEC 27050-1:2016
  • C. ISO/IEC 27037:2012
  • D. ISO/IEC 27042:2015

Answer: B

Explanation:
ISO/IEC 27050-1:2016 is the guide that addresses the international challenges of cloud forensics and is recognized as the premier standard for electronic discovery (eDiscovery). Managing Cloud documentation explains that eDiscovery involves identifying, collecting, preserving, and producing electronically stored information in legal proceedings.
This standard provides guidance for handling digital evidence across jurisdictions, which is especially important in cloud environments where data may reside in multiple countries. It establishes consistent processes and terminology to support legal defensibility and compliance.
The other ISO standards address evidence handling, investigation readiness, or incident management, but ISO
/IEC 27050 specifically focuses on eDiscovery. Therefore, ISO/IEC 27050-1:2016 is the correct answer.


NEW QUESTION # 57
An engineer needs to create segmentation using the built-in tools provided by the company's cloud provider.
The InfoSec team has given the engineer directions to limit traffic using a security group between two cloud deployments in the organization. Which mechanisms should the engineer use to create this segmentation?

  • A. MAC addresses and protocols
  • B. Definitions and protocols
  • C. Ports and protocols
  • D. Unique identifiers and protocols

Answer: C

Explanation:
Cloudsecurity groupstypically filter traffic based onports and protocols. By allowing or denying specific port/protocol combinations, engineers can control communication between deployments. For example, permitting HTTPS (TCP port 443) while blocking other ports enforces segmentation.
MAC addresses are not used in cloud-level segmentation because they apply to physical networks. Unique identifiers and definitions are not practical mechanisms for traffic filtering.
Using ports and protocols aligns with the principle of least privilege by ensuring that only necessary communication pathways exist. In multi-deployment or hybrid cloud setups, this reduces the attack surface and prevents lateral movement by malicious actors. Security groups thereby provide logical network segmentation without requiring physical infrastructure changes.


NEW QUESTION # 58
The designers of a proposed data center are evaluating the requirements to use virtualization for the services it provides. Which type of design consideration is being addressed?

  • A. Logical
  • B. Regulatory
  • C. Environmental
  • D. Physical

Answer: A

Explanation:
Evaluating the use of virtualization addresses a logical design consideration. Managing Cloud documentation explains that logical design focuses on system architecture, virtualization layers, network segmentation, and service delivery models.
Virtualization determines how workloads are abstracted from physical hardware, how resources are shared, and how isolation is enforced between workloads. Decisions related to hypervisors, virtual machines, containers, and orchestration platforms fall under logical architecture rather than physical layout or environmental controls.
Regulatory considerations involve compliance requirements, environmental considerations include power and cooling, and physical considerations address space and hardware placement. Therefore, virtualization is a logical design consideration.


NEW QUESTION # 59
Which data management activity is considered legal fair use of a copyrighted item?

  • A. Performing the work publicly
  • B. Exporting the work
  • C. Broadcasting the work
  • D. Reporting the work on the news

Answer: D

Explanation:
Reporting the work on the news is considered legal fair use of a copyrighted item. Managing Cloud guidance explains that fair use allows limited use of copyrighted material without permission when the purpose is commentary, criticism, education, or news reporting.
In news reporting, copyrighted material may be referenced or partially reproduced to inform the public, provided it does not replace the original work or cause financial harm to the copyright owner. This principle supports transparency and public awareness while balancing intellectual property rights.
The other activities typically require authorization from the copyright holder. Performing a work publicly, exporting it, or broadcasting it generally involves distribution or commercial use, which falls outside fair use protections. Therefore, reporting the work in the news is the correct example of legal fair use.


NEW QUESTION # 60
Which entity provides common directory services?

  • A. Terminal Access Controller Access-Control System
  • B. Lightweight Directory Access Protocol
  • C. Remote Authentication Dial-In User Service
  • D. Domain Name System

Answer: B

Explanation:
Lightweight Directory Access Protocol (LDAP) provides common directory services. Managing Cloud principles explain that LDAP is used to store and retrieve information about users, groups, roles, and permissions in a centralized directory.
LDAP supports authentication, authorization, and identity management by enabling systems to query user attributes and access rights. It is widely used in enterprise and cloud environments to integrate applications with centralized identity services.
RADIUS and TACACS+ are authentication protocols, and DNS resolves domain names to IP addresses.
Therefore, LDAP is the correct entity for directory services.


NEW QUESTION # 61
Which security risk is co-owned by the enterprise team and the cloud provider in the software as a service (SaaS) model?

  • A. Physical
  • B. Application
  • C. Data
  • D. Platform

Answer: C

Explanation:
In the Software as a Service (SaaS) model, data security is a shared responsibility between the cloud provider and the enterprise. Managing Cloud principles explain that while the cloud service provider is responsible for securing the infrastructure, platform, and application itself, the customer retains responsibility for how data is used, classified, accessed, and governed.
The provider ensures data is protected through encryption mechanisms, availability controls, and secure storage, while the enterprise is responsible for data ownership, access permissions, identity management, and compliance with regulatory requirements. This shared ownership requires close coordination to ensure confidentiality, integrity, and availability of data.
Application, platform, and physical security are primarily the provider's responsibility in SaaS. Therefore, data is the correct answer.


NEW QUESTION # 62
Which cloud infrastructure component employs a hierarchical and distributed database that contains mappings?

  • A. Clustered hosting
  • B. Transport Layer Security (TLS)
  • C. Domain Name System (DNS)
  • D. Resource sharing

Answer: C

Explanation:
The Domain Name System (DNS) is the cloud infrastructure component that employs a hierarchical and distributed database containing mappings. Managing Cloud documentation explains that DNS maps human- readable domain names to IP addresses and other resource records.
DNS is structured hierarchically, starting from the root level and branching into top-level domains, second- level domains, and subdomains. This distributed architecture ensures scalability, fault tolerance, and efficient resolution of requests across the internet and cloud environments.
TLS secures communications, clustered hosting refers to compute architecture, and resource sharing describes cloud efficiency. Therefore, DNS is the correct answer.


NEW QUESTION # 63
An engineer has been given the task of ensuring all of the keys used to encrypt archival data are securely stored according to industry standards. Which location is a secure option for the engineer to store encryption keys for decrypting data?

  • A. A repository that is made private
  • B. An escrow that is kept separate from the data it is tied to
  • C. A repository that is made public
  • D. An escrow that is kept local to the data it is tied to

Answer: B

Explanation:
Industry best practice requires that encryption keys arestored separately from the data they protect. This ensures that if the data storage system is compromised, attackers cannot immediately decrypt sensitive information. The use of a secure escrow system is a recognized approach.
An escrow provides controlled storage for encryption keys, ensuring they are only accessible by authorized processes and not co-located with the protected data. Keeping keys "local" to the data creates a single point of failure. A public or private repository without specialized protection mechanisms would also be insufficient due to risks of insider threats or misconfiguration.
By placing keys in an independent escrow system, the organization enforces separation of duties, strengthens defense-in-depth, and aligns with cryptographic standards from NIST and ISO. This practice is vital when dealing with archival data, where long-term confidentiality must be preserved even as systems evolve.


NEW QUESTION # 64
A cloud consumer is scheduling a vulnerability assessment of a cloud service procured through a cloud broker. Who should the cloud consumer notify before beginning the assessment?

  • A. The cloud consumer's customers
  • B. The cloud broker
  • C. The cloud service provider
  • D. The cloud consumer's legal department

Answer: C

Explanation:
Before performing a vulnerability assessment on a cloud service, the cloud service provider (CSP) must be notified. Managing Cloud principles explain that CSPs own and operate the underlying infrastructure and define acceptable use and security testing conditions through their terms of service.
Notifying the CSP ensures that testing activities are authorized and do not violate contractual agreements or trigger security alerts. Unauthorized testing could be mistaken for malicious activity and lead to service disruption or legal consequences. CSP notification also allows coordination to minimize operational impact.
Although the service was procured through a broker, the CSP ultimately controls the environment being tested. Therefore, the cloud service provider is the correct entity to notify.


NEW QUESTION # 65
An organization creates a plan for long-term cloud storage of its backup data. What should the organization address to avoid losing access to its data?

  • A. Key management
  • B. Change tracking
  • C. Regulatory compliance
  • D. Quantum computing

Answer: A

Explanation:
The most critical concern in long-term cloud storage iskey management. If encryption keys are lost, corrupted, or improperly rotated, the organization will lose the ability to decrypt its own data, rendering backups unusable. This issue is particularly serious because cloud storage almost always relies on encryption to secure sensitive or regulated information.
While regulatory compliance, quantum threats, and change tracking are important, none directly prevent permanent data loss. The reliability of key management ensures that access to long-term archival data is preserved across changes in personnel, technology, and vendors.
Best practices include using centralized key management systems (such as Hardware Security Modules or cloud Key Management Services), applying role-based controls, and performing periodic key rotation and escrow. Addressing key management in the backup plan ensures that data will remain accessible for years or decades, regardless of technological shifts.


NEW QUESTION # 66
Which steps should an organization take to avoid risk when dealing with software licensing?

  • A. It should ensure it has the correct location to store licenses.
  • B. It should ensure it only uses closed-source licenses.
  • C. It should ensure it only uses open-source licenses.
  • D. It should ensure it has the correct type of license.

Answer: D

Explanation:
The primary safeguard against licensing risk is ensuring the organization has thecorrect type of license.
Software licenses define usage rights, limitations, and legal obligations. Using software outside of license terms can lead to legal penalties, financial fines, and reputational damage.
Location of licenses is a management issue, not a risk control. Restricting usage to closed-source or open- source alone is not practical, as both models require compliance with license agreements.
Correct licensing includes verifying user counts, subscription terms, geographic restrictions, and intended use.
It also involves monitoring for unauthorized installations and conducting regular audits. Proper license management ensures legal compliance, cost control, and operational continuity.


NEW QUESTION # 67
Which phase in secure application design and development includes threat modeling?

  • A. Define
  • B. Develop
  • C. Training
  • D. Design

Answer: D

Explanation:
Threat modeling is performed during the Design phase of secure application development. Managing Cloud guidance explains that threat modeling evaluates application architecture, data flows, trust boundaries, and attack surfaces before development begins.
By identifying threats early, security controls can be built directly into the application design rather than added later. This reduces vulnerabilities and lowers remediation costs.
The define phase establishes requirements, training builds skills, and development focuses on coding.
Therefore, the design phase is the correct answer.


NEW QUESTION # 68
Which business continuity and disaster recovery consideration should be part of a cloud application architecture?

  • A. Application message queues
  • B. Health status pages
  • C. Architecting for failure
  • D. Compliance of applications

Answer: C

Explanation:
Architecting for failure is a fundamental business continuity and disaster recovery consideration in cloud application architecture. Managing Cloud principles emphasize that cloud systems must be designed with the assumption that components will fail.
Architecting for failure involves implementing redundancy, fault tolerance, automated recovery, and failover mechanisms. Applications should be resilient to infrastructure outages and capable of continuing operation despite component failures. This approach reduces downtime and ensures service availability during incidents.
Health status pages provide visibility, compliance addresses regulatory needs, and message queues support communication but do not fully address BC/DR requirements. Therefore, architecting for failure is the correct answer.


NEW QUESTION # 69
An organization wants to conduct some of the disaster recovery plan testing with the least possible impact on production. Which method should be used?

  • A. Unit testing
  • B. Full test
  • C. Dry run test
  • D. Tabletop testing

Answer: D

Explanation:
Tabletop testing is the disaster recovery testing method with the least impact on production systems.
Managing Cloud guidance explains that tabletop exercises are discussion-based scenarios where stakeholders walk through response procedures without executing actual system changes.
This approach allows teams to validate roles, responsibilities, communication paths, and decision-making processes. Tabletop testing is cost-effective, low-risk, and ideal for early validation of disaster recovery and business continuity plans.
Dry runs and full tests involve actual system actions and can impact production. Unit testing focuses on individual components. Therefore, tabletop testing is the correct answer.


NEW QUESTION # 70
Which regulation restricts the government from forcing a cloud service provider to disclose customer data?

  • A. SCA
  • B. SOX
  • C. GLBA
  • D. ECPA

Answer: A

Explanation:
The Stored Communications Act (SCA) restricts the government's ability to force a cloud service provider to disclose customer data. Managing Cloud guidance explains that the SCA establishes legal protections for stored electronic communications and customer records held by service providers.
The act defines conditions under which government entities may request access to stored data, requiring appropriate legal processes such as warrants or court orders. This provides a level of privacy protection for cloud customers and limits unauthorized or excessive disclosure.
GLBA focuses on financial data, SOX addresses corporate governance, and ECPA is broader legislation that includes the SCA but does not directly define cloud disclosure limitations on its own. Therefore, SCA is the correct answer.


NEW QUESTION # 71
......

Get 100% Real Free Courses and Certificates Managing-Cloud-Security Sample Questions: https://learningtree.actualvce.com/WGU/Managing-Cloud-Security-valid-vce-dumps.html

Related Articles

more
WGU Managing-Cloud-Security Certification Practice Exam