WGU Updated Managing-Cloud-Security Exam Questions and Answers by jorgie

The engineers are concerned about portability. Vendor-specific APIs and tools create a dependency on a single provider, leading to vendor lock-in. This limits the ability to migrate services or workloads to another provider without significant rework.

Reliability and availability refer to service uptime and continuity, while scalability addresses performance under demand. Although important, none of these directly relate to cross-platform flexibility. Portability ensures that services, data, and applications can be easily moved or integrated across environments.

By adopting portable solutions—such as open standards, containerization, and multi-cloud strategies—organizations reduce long-term risks, increase negotiation power with providers, and enhance resilience.

Infrastructure as a Service (IaaS) requires the greatest level of consumer responsibility for security. Managing Cloud documentation explains that in the shared responsibility model, IaaS providers supply virtualized infrastructure components such as compute, storage, and networking, while consumers manage everything above that layer.

Customers are responsible for securing operating systems, applications, data, access controls, patching, and configuration management. This includes vulnerability management, endpoint security, identity management, and monitoring. While this model provides flexibility and control, it also demands strong security expertise and governance.

In contrast, PaaS and SaaS shift more security responsibilities to the provider, and DBaaS abstracts database management. Therefore, IaaS places the highest security responsibility on the consumer.

This concern is addressed by considering portability and interoperability options. Managing Cloud guidance explains that organizations must plan for provider exit scenarios to avoid dependency risks.

Portability ensures data and workloads can be moved to another provider or on-premises environment, while interoperability supports compatibility across platforms. This may include standardized data formats, documented APIs, and offsite backups.

Multiple zones address outages, not provider bankruptcy. Contract revisions help legally but do not guarantee recovery. Therefore, portability and interoperability are the correct focus.

Under the General Data Protection Regulation (GDPR), an EU citizen must provide specific consent before an organization may process their personal data, unless another lawful basis explicitly applies. Managing Cloud principles explain that consent must be freely given, specific, informed, and unambiguous. This ensures individuals retain control over how their personal information is collected and used.

Consent must clearly state the purpose of processing and cannot be implied or bundled with unrelated terms. Organizations must also be able to demonstrate that consent was obtained and allow individuals to withdraw consent at any time. This requirement strengthens transparency and accountability in data handling practices.

The other options do not satisfy GDPR consent requirements. Legal purpose attestation is an organizational responsibility, data accuracy verification is a data quality obligation, and statements of need do not replace explicit consent. Therefore, specific consent is required before processing personal data.