WGU Updated Managing-Cloud-Security Exam Questions and Answers by veer

During the preparation phase of the incident response lifecycle, organizations focus on establishing readiness before any incident occurs. Managing Cloud principles explain that preparation includes identifying potential threats, evaluating vulnerabilities, and assessing risks that could impact cloud operations.

Risk assessments are a core activity in this phase because they help organizations understand which assets are most critical, what threats are likely, and where controls must be strengthened. Performing risk assessments allows security teams to define incident response procedures, allocate resources, establish escalation paths, and ensure tools and personnel are prepared.

The other options occur in later phases. Taking systems offline is part of containment, estimating the scope of the incident occurs during detection and analysis, and building a timeline of attack supports post-incident analysis. Therefore, performing risk assessments is the correct countermeasure during the preparation phase.

The Information Security Plan is a key requirement of the Gramm-Leach-Bliley Act (GLBA) designed to protect private customer data. Managing Cloud guidance explains that GLBA requires financial institutions to develop, implement, and maintain a comprehensive written information security program.

This plan must describe administrative, technical, and physical safeguards used to protect customer information. It includes risk assessment, security controls, monitoring, and incident response procedures. The objective is to ensure the confidentiality and integrity of sensitive financial data throughout its lifecycle.

The other options are not explicit GLBA requirements. Independent audits and gap analyses may support compliance efforts but are not mandated components. Limited scope definition is not a GLBA safeguard. Therefore, the information security plan is the correct requirement.

Apache OpenStack is an open-source cloud computing platform that provides a comprehensive set of features and components for building and managing cloud environments. Managing Cloud principles explain that OpenStack supports compute, storage, networking, identity, and orchestration services.

It enables organizations to deploy private and hybrid clouds with full control over infrastructure and security configurations. The modular architecture allows flexibility and scalability.

The other options are not full cloud platforms. A hypervisor provides virtualization, VMware vSphere is proprietary, and OWASP focuses on application security guidance. Therefore, Apache OpenStack is the correct answer.

Persistent protection is the security strategy most closely associated with data rights management (DRM) solutions. Managing Cloud principles explain that DRM is designed to ensure that data remains protected throughout its entire lifecycle, regardless of where it is stored, shared, or accessed.

Persistent protection means that security controls such as access restrictions, usage limitations, and expiration rules stay attached to the data itself. Even if the data is copied, transferred, or moved outside the original system, DRM policies continue to enforce protection. This approach is critical in cloud environments where data frequently moves across platforms, users, and geographic regions.

The other options do not represent DRM strategies. Multilevel aggregation and enhanced detail relate to data processing or analytics concepts, while unexpired digital content describes a content state rather than a security strategy. Therefore, persistent protection correctly represents the security approach used by data rights management solutions.