Get WGU Managing Cloud Security (JY02) Exam Practice Questions - Real and Updated

Answer : C

The STRIDE threat model identifies six categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. In this scenario, the accountant modified data they were not authorized to change. This is an act of Tampering, which refers to unauthorized alteration of data or systems.

Spoofing would involve impersonating another identity, denial of service would block availability, and elevation of privilege would involve gaining higher access rights. The accountant already had legitimate access but misused it to alter data outside their scope of responsibility.

Tampering compromises data integrity, one of the pillars of the CIA triad. In cloud and enterprise systems, safeguards against tampering include role-based access control, least privilege, and auditing to detect unauthorized changes. Recognizing this as tampering helps in identifying insider misuse and implementing compensating controls.

Answer : D

Without a clear understanding of infrastructure and software, the leadership team must first conduct an inventory of assets. An asset inventory provides a comprehensive list of hardware, software, and services that support business operations.

Creating checklists, defining criteria, and assigning roles are important, but they rely on knowing what assets exist. Without an inventory, the disaster recovery plan would miss critical dependencies, making recovery incomplete or impossible.

Performing an inventory supports business impact analysis, risk assessments, and recovery prioritization. It ensures that all critical systems are accounted for and appropriate recovery strategies can be designed. Asset inventories are a foundational best practice for disaster recovery and continuity planning.

Answer : A

The primary safeguard against licensing risk is ensuring the organization has the correct type of license. Software licenses define usage rights, limitations, and legal obligations. Using software outside of license terms can lead to legal penalties, financial fines, and reputational damage.

Location of licenses is a management issue, not a risk control. Restricting usage to closed-source or open-source alone is not practical, as both models require compliance with license agreements.

Correct licensing includes verifying user counts, subscription terms, geographic restrictions, and intended use. It also involves monitoring for unauthorized installations and conducting regular audits. Proper license management ensures legal compliance, cost control, and operational continuity.

Answer : A

The Assurance section of a contract specifies the customer's rights to verify that the vendor is meeting contractual and compliance obligations. This often includes the right to audit, request independent certifications, or require compliance reports such as SOC 2 or ISO 27001.

Indemnification deals with liability coverage, termination outlines exit conditions, and litigation describes dispute resolution mechanisms. None of these provide the customer with ongoing oversight rights.

Audit rights are critical in cloud contracts to maintain transparency, enforce accountability, and verify that shared responsibility is being upheld. Assurance provisions give customers confidence in the provider's security and operational practices, ensuring compliance with industry regulations.

Answer : D

The described threat is a Denial of Service (DoS) attack. In security contexts, a DoS attack aims to make a system, application, or data unavailable to legitimate users by overwhelming resources. Unlike brute force or rainbow table attacks, which target authentication mechanisms, or encryption, which is a defensive control, DoS focuses on disrupting availability---the ''A'' in the Confidentiality, Integrity, Availability (CIA) triad.

DoS can be executed in many ways: flooding a network with traffic, exhausting server memory, or overwhelming application processes. When scaled by multiple coordinated systems, it becomes a Distributed Denial of Service (DDoS) attack. In either case, the effect is the same---authorized users cannot access critical data or services.

For cloud environments, where service uptime is crucial, DoS protections such as rate limiting, auto-scaling, and upstream filtering are essential. Training data center engineers to recognize DoS helps them understand the importance of resilience strategies and ensures continuity planning includes availability safeguards.