Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. WGU
  5. Managing-Cloud-Security

WGU Managing-Cloud-Security Exam Questions
WGU Managing Cloud Security (JY02) (Page 3 )

Updated On: 28-Feb-2026
Page 3 of 17
PDF with 80 Questions

An organization wants to ensure that all entities trust any certificate generated internally in the organization.
What should be used to generate these certificates?

  1. Individual users' private keys
  2. The organization's certificate repository server
  3. The organization's certificate authority server
  4. Individual systems' private keys

Answer(s): C

Explanation:

Trust in digital certificates comes from their issuance by a Certificate Authority (CA). A CA is a trusted entity that validates identities and signs certificates. In internal environments, organizations often operate a private CA to issue certificates for users, systems, and services.

If certificates were generated by individual private keys or systems without central authority, there would be no unified trust chain, and validating authenticity across the organization would be impossible. A certificate repository server only distributes certificates but cannot establish trust.

By using an organizational CA server, all certificates are linked to a root of trust. Systems configured to trust the organization's CA will trust any certificate it issues. This allows secure internal communications (TLS, VPN, email signing) and ensures scalability as new services come online. It also supports compliance with enterprise PKI policies.



A customer service representative needs to verify a customer's private information, but the representative does not need to see all the information.
Which technique should the service provider use to protect the privacy of the customer?

  1. Hashing
  2. Encryption
  3. Masking
  4. Tokenization

Answer(s): C

Explanation:

Data masking is a privacy-preserving technique that replaces sensitive fields with obfuscated or partial values while retaining usability. For example, displaying only the last four digits of a Social Security Number or credit card number. This allows a representative to verify identity without accessing the full data set.

Hashing and encryption protect data at rest or in transit, but they do not allow selective partial display. Tokenization substitutes sensitive data with unique tokens but is typically used for storage and processing rather than interactive verification. Masking, on the other hand, is specifically designed for scenarios where a user must work with limited but recognizable data.

By using masking, organizations enforce the principle of least privilege, reduce exposure of sensitive information, and align with privacy standards such as PCI DSS and GDPR.



An organization is planning for an upcoming Payment Card Industry Data Security Standard (PCI DSS) audit and wants to ensure that only relevant files are included in the audit materials.
Which process should the organization use to ensure that the relevant files are identified?

  1. Normalization
  2. Tokenization
  3. Categorization
  4. Anonymization

Answer(s): C

Explanation:

Categorization is the process of systematically identifying and classifying files according to content and relevance. In preparation for a PCI DSS audit, it is critical to identify which files fall within scope--those that contain cardholder data or impact its security.

Normalization adjusts data format, tokenization substitutes sensitive data with tokens, and anonymization removes identifiers.
While useful, none directly address the task of isolating "relevant files" for audit. Categorization ensures that files are grouped correctly, allowing auditors to focus on the proper scope and preventing unnecessary exposure of unrelated data.

This step aligns with PCI DSS requirements that limit scope to systems and data directly affecting cardholder data security. Proper categorization streamlines audits and demonstrates effective data governance.



As part of an e-discovery process, an employee needs to identify all documents that contain a specific phrase.
Which type of discovery method should the employee use to identify these documents?

  1. Location-based
  2. Content-based
  3. Label-based
  4. Metadata-based

Answer(s): B

Explanation:

Content-based discovery involves searching within the actual text or binary content of documents to find matches for keywords, phrases, or patterns. In e-discovery, when the requirement is to locate documents containing a specific phrase, searching based on content is the most direct and reliable method.

Other approaches, such as metadata-based discovery, only examine properties like creation date or author, which do not reveal the presence of specific text. Label-based discovery relies on pre-applied classification labels, which may not always be accurate. Location-based discovery limits searches to folders or storage locations but does not guarantee relevance.

Content-based discovery provides completeness in legal and regulatory investigations. It ensures that no relevant documents are overlooked simply because of inconsistent labeling or metadata, thus supporting compliance and defensibility in court proceedings.



An organization wants to track how often a file is accessed and by which users.
Which information rights management (IRM) solution should the organization implement?

  1. Automatic expiration
  2. Dynamic policy control
  3. Persistent protection
  4. Continuous auditing

Answer(s): D

Explanation:

Continuous auditing in the context of Information Rights Management (IRM) allows organizations to monitor access events in real time. It records who accessed a file, when, and how often. This enables organizations to enforce accountability and detect unusual access patterns, which are crucial for both security monitoring and compliance reporting.

Automatic expiration sets a time limit on file availability, while dynamic policy control adjusts permissions based on context (such as location or device). Persistent protection ensures files remain encrypted and controlled wherever they travel.
While each feature is valuable, only continuous auditing provides the tracking and visibility into usage required by the scenario.

This approach aligns with governance requirements, providing an audit trail that supports incident response and compliance with data protection regulations. Continuous auditing strengthens both operational security and accountability.






Post your Comments and Discuss WGU Managing-Cloud-Security exam dumps with other Community members:

Join the Managing-Cloud-Security Discussion