Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Comprehensive Cloud Security and Infrastructure Protection Practice Exam – Updated 2026 (Graded A+)

Rating
-
Sold
-
Pages
8
Grade
A+
Uploaded on
25-06-2026
Written in
2025/2026

Comprehensive Cloud Security and Infrastructure Protection Practice Exam – Updated 2026 (Graded A+)

Institution
Comprehensive Cloud Security And Infrastructure
Course
Comprehensive Cloud Security and Infrastructure

Content preview

Comprehensive Cloud Security and
Infrastructure Protection Practice Exam –
Updated 2026 (Graded A+)
Subject: Cloud Security

Subtopic: Cloud Computing Fundamentals and Security Principles

Question 1: A cloud architect is designing a multi-tenant application and must ensure that data
from different clients remains logically isolated at the storage layer. Which security principle is
being primarily addressed, and what is the most robust mechanism to achieve this in a public
cloud environment?

A) Availability; utilizing distinct cloud regions for each client.

B) Data Segregation; implementing unique encryption keys managed via a Hardware Security
Module (HSM) per client.

C) Confidentiality; relying solely on robust Identity and Access Management (IAM) roles.

D) Non-repudiation; enabling detailed logging for every read/write operation.

Correct Answer: B - Data Segregation; implementing unique encryption keys managed via
a Hardware Security Module (HSM) per client.

Rationale: Data segregation is the primary principle for ensuring that multi-tenant data does not
bleed across boundaries. While IAM (Option C) handles access control, it does not provide
cryptographic isolation. Using unique encryption keys per client via an HSM ensures that even if
there were a bypass in the logical access layer, the underlying data remains undecipherable to
other tenants. Option A is inefficient and costly, and Option D provides accountability but does
not prevent unauthorized access or maintain isolation.

Question 2: An organization is migrating a legacy application to an Infrastructure as a Service
(IaaS) model. During the threat modeling phase, the security team identifies that the "Shared
Responsibility Model" requires the client to manage the OS-level patching. What is the most
critical risk associated with failing to automate this process?

A) Increased latency in network communication between cloud instances.

B) Incompatibility with the cloud provider's proprietary load balancers.

C) Exploitation of known vulnerabilities that the provider is not obligated to remediate.

, D) Automatic termination of the virtual machine by the cloud provider for policy violations.

Correct Answer: C - Exploitation of known vulnerabilities that the provider is not
obligated to remediate.

Rationale: In the IaaS model, the cloud provider manages the physical infrastructure, while the
customer is responsible for the guest operating system, application, and data. If the customer
fails to patch the OS, they are leaving the instance vulnerable to known exploits. The provider is
not responsible for patching inside the virtual machine. Option A and B are technical
performance/compatibility issues rather than security risks, and Option D is incorrect as
providers generally do not terminate machines for lack of patching unless they pose a direct
threat to the wider network.

Question 3: A DevOps team is implementing a CI/CD pipeline for a cloud-native application.
They want to ensure that hardcoded credentials are never committed to the source code
repository. Which approach offers the most effective security control?

A) Implementing a mandatory manual code review process for every commit.

B) Utilizing pre-commit hooks that integrate with secret scanning tools.

C) Moving all credentials to a public environment variable file for easy access.

D) Establishing a policy that requires developers to rotate passwords every 24 hours.

Correct Answer: B - Utilizing pre-commit hooks that integrate with secret scanning tools.

Rationale: Relying on manual review (Option A) is prone to human error and cannot scale.
Moving credentials to public files (Option C) is a major security violation. Manual rotation
(Option D) is an administrative burden and does not prevent the initial injection of secrets. Pre-
commit hooks (Option B) act as an automated gatekeeper, preventing sensitive information from
ever reaching the repository, which is the gold standard for secret management.

Subtopic: Identity and Access Management (IAM) and Governance

Question 4: An enterprise is transitioning from a traditional perimeter-based security model to a
Zero Trust architecture. Which of the following is a fundamental requirement when applying
Zero Trust principles to cloud-based API endpoints?

A) Ensuring all users are connected to the corporate VPN before accessing the API.

B) Validating the user's identity and device health context for every single API request.

C) Allowing access based on the user's IP address whitelist within the cloud provider.

D) Utilizing a shared service account for all microservices to minimize management overhead.

Written for

Institution
Comprehensive Cloud Security and Infrastructure
Course
Comprehensive Cloud Security and Infrastructure

Document information

Uploaded on
June 25, 2026
Number of pages
8
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$21.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
becciedgar26
5.0
(1)

Get to know the seller

Seller avatar
becciedgar26 Teachme2-tutor
View profile
Follow You need to be logged in order to follow users or courses
Sold
3
Member since
1 year
Number of followers
0
Documents
765
Last sold
6 days ago

5.0

1 reviews

5
1
4
0
3
0
2
0
1
0

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions