Managing-Cloud-Security Exam Dumps : WGU Managing Cloud Security (JY02, GZO1)

NIST SP 800-37 provides a detailed guide for implementing the Risk Management Framework (RMF). Managing Cloud documentation explains that this framework offers a structured process for integrating security and risk management into system development and operational activities.

NIST SP 800-37 outlines steps such as categorizing systems, selecting and implementing security controls, assessing effectiveness, authorizing systems, and continuous monitoring. This lifecycle-based approach helps organizations manage risk in cloud and traditional environments consistently.

ISO 31000 provides general risk management principles, ISO 27001 focuses on information security management systems, and PCI DSS is a compliance standard. Therefore, NIST SP 800-37 is the correct guide for implementing the RMF.

A compensating control should be implemented to address the loss of physical control when moving data to the cloud. Managing Cloud guidance explains that compensating controls are alternative safeguards used when direct controls are not feasible.

Since customers cannot physically secure cloud data centers, compensating controls such as strong encryption, key management, access controls, and monitoring are used to mitigate the risk. These controls provide equivalent or greater protection despite the lack of physical access.

The other options are not recognized control types in cloud security governance. Therefore, compensating control is the correct answer.

In the Software as a Service (SaaS) model, the cloud service provider bears the greatest responsibility for security. Managing Cloud documentation explains that in SaaS environments, the provider manages the application, operating system, middleware, infrastructure, and often many security controls.

Customers primarily focus on user access, data classification, and configuration of application-level settings, while the provider ensures platform availability, patching, vulnerability management, and infrastructure security. This shared responsibility model places the largest security burden on the provider in SaaS compared to other service models.

In PaaS and IaaS, customers assume increasing responsibility for securing operating systems, applications, and configurations. DBaaS still requires customer involvement in access control and data management. Therefore, SaaS is the correct answer.