Free Preparation Discussions
MENU
WGU (JY02) Managing Cloud Security Exam Questions
- Topic 1: Conducting Risk Analysis and Risk Management in Alignment with Disaster Recovery and Business Continuity Plans: This section of the exam measures skills of Cloud Security Analysts and focuses on understanding how to evaluate risks within a cloud environment. It explains how learners assess potential threats, align security measures with disaster recovery plans, and support continuity of operations. The emphasis is on recognizing basic risks and applying suitable responses to maintain stable and secure cloud services.
- Topic 2: Identifying Legal, Compliance, and Ethical Concerns Within a Cloud Environment: This section of the exam measures skills of Compliance Technicians and covers the key legal and ethical topics related to cloud security. It introduces how organizations follow regulatory requirements and industry guidelines when using cloud services. Learners understand the importance of meeting compliance obligations and ensuring responsible handling of data in cloud platforms.
- Topic 3: Identifying Security Policies and Procedures for Cloud Applications: This section of the exam measures skills of Cloud Security Analysts and explains how to recognize the policies and procedures needed to protect cloud based applications. It highlights how organizations create and enforce rules that guide secure usage. Learners gain a basic understanding of how these policies support consistent and safe cloud operations.
- Topic 4: Implementing Operational Capabilities, Procedures, and Training in Relation to Organizational Needs: This section of the exam measures skills of IT Operations Technicians and focuses on putting cloud security procedures into practice. It includes applying operational tasks, supporting internal processes, and helping users follow proper security steps. Learners understand how training and clear procedures support secure cloud environments.
- Topic 5: Implementing Secure Solutions in Cloud Service Models: This section of the exam measures skills of Cloud Security Analysts and introduces the steps for applying secure configurations across different cloud service models. It explains how basic protections are added to cloud resources to maintain safe access and reduce risks. Learners see how secure design choices support reliable cloud services.
- Topic 6: Safeguarding Cloud Data With Identity and Access Management: This section of the exam measures skills of IT Security Technicians and focuses on protecting cloud data through identity and access controls. It describes how user identities are managed and how access permissions help secure sensitive information. Learners understand how proper identity management prevents unauthorized access and supports a trustworthy cloud environment.
Free WGU WGU (JY02) Managing Cloud Security Exam Actual Questions
Note: Premium Questions for WGU (JY02) Managing Cloud Security were last updated On Apr. 20, 2026 (see below)
Which component allows customers to transfer data into and out of a cloud computing vendor's environment?
The network is the component that enables customers to transfer data into and out of a cloud environment. It provides the connectivity through which data is uploaded, downloaded, and exchanged between customer systems and cloud infrastructure.
Firewalls protect the network by filtering traffic, load balancers distribute requests across resources, and virtual displays present interfaces, but none directly facilitate the transfer of data.
In cloud models, secure networking is critical. Protocols like TLS encrypt traffic, while VPNs and private links provide additional isolation. Reliable networking ensures availability, while strong controls safeguard confidentiality and integrity. Customers must ensure that the cloud provider offers secure, high-performance network services to support business needs.
An accountant in an organization is allowed access to a company's human resources database only to adjust the number of hours that the organization's employees have worked in a fiscal year. However, the accountant modifies an employee's personal information. Which part of the STRIDE model describes this situation?
The STRIDE threat model identifies six categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. In this scenario, the accountant modified data they were not authorized to change. This is an act of Tampering, which refers to unauthorized alteration of data or systems.
Spoofing would involve impersonating another identity, denial of service would block availability, and elevation of privilege would involve gaining higher access rights. The accountant already had legitimate access but misused it to alter data outside their scope of responsibility.
Tampering compromises data integrity, one of the pillars of the CIA triad. In cloud and enterprise systems, safeguards against tampering include role-based access control, least privilege, and auditing to detect unauthorized changes. Recognizing this as tampering helps in identifying insider misuse and implementing compensating controls.
An organization's leadership team gathered managers and key team members in each division to help create a disaster recovery plan. They realize they lack a complete understanding of the infrastructure and software needed to formulate the plan. Which action should they take to correct this issue?
Without a clear understanding of infrastructure and software, the leadership team must first conduct an inventory of assets. An asset inventory provides a comprehensive list of hardware, software, and services that support business operations.
Creating checklists, defining criteria, and assigning roles are important, but they rely on knowing what assets exist. Without an inventory, the disaster recovery plan would miss critical dependencies, making recovery incomplete or impossible.
Performing an inventory supports business impact analysis, risk assessments, and recovery prioritization. It ensures that all critical systems are accounted for and appropriate recovery strategies can be designed. Asset inventories are a foundational best practice for disaster recovery and continuity planning.
Which type of data sanitization should be used to destroy data on a USB thumb drive while keeping the drive intact?
The correct approach for sanitizing a USB thumb drive while preserving its usability is overwriting. Overwriting involves replacing the existing data on the device with random data or specific patterns to ensure that the original information cannot be recovered. This process leaves the physical device intact, allowing it to be reused securely.
Physical destruction, such as shredding, renders the device unusable. Degaussing only works on magnetic media like hard disks or tapes, not on solid-state or flash-based USB drives. Key revocation applies to cryptographic keys and not to physical devices.
By using overwriting, organizations comply with data sanitization standards while balancing operational efficiency. Many tools exist that perform multi-pass overwrites to meet regulatory requirements such as those from NIST or ISO. This ensures that sensitive data is removed while allowing the device to remain in circulation for continued use.
In most redundant array of independent disks (RAID) configurations, data is stored across different disks. Which method of storing data is described?
The method described is striping, which is a technique used in RAID configurations to improve performance and distribute risk. Striping involves splitting data into smaller segments and writing those segments across multiple disks simultaneously. For example, if a file is divided into four parts, each part is written to a separate disk in the RAID array.
This parallelism enhances input/output (I/O) performance because multiple drives can be accessed at once. It also provides resilience depending on the RAID level. While striping by itself (RAID 0) increases performance but not redundancy, when combined with mirroring or parity (e.g., RAID 5 or RAID 10), it offers both speed and fault tolerance.
The purpose of striping in the data management context is to optimize how data is stored, accessed, and protected. It is fundamentally different from archiving, mapping, or crypto-shredding, as those serve different objectives (long-term storage, logical placement, or secure deletion). Striping is central to high-performance storage systems and supports availability in mission-critical environments.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Currently there are no comments in this discussion, be the first to comment!
Angelica
18 days agoJolanda
25 days agoSalina
1 month agoJosphine
1 month agoOneida
2 months agoYuonne
2 months agoTatum
2 months agoMalinda
2 months agoTimothy
3 months agoCharlie
3 months agoTamesha
3 months agoAntonio
3 months agoLinn
4 months agoEffie
4 months agoJess
4 months agoOmega
4 months agoOctavio
5 months agoDawne
5 months agoShaun
5 months agoLeonora
5 months ago