Ace Your Managing-Cloud-Security Courses and Certificates Exam

A data breach may occur when APIs lack sufficient validation in cloud services. Managing Cloud documentation explains that APIs often serve as primary access points to cloud applications and data.

Without proper input validation, authentication, and authorization checks, APIs can be exploited to access sensitive data, bypass controls, or manipulate backend services. Attackers may inject malicious requests or abuse poorly secured endpoints to extract or alter data.

Inefficient bandwidth usage is a performance issue, perimeter breaches involve network defenses, and crypto-shredding is a data destruction technique. Therefore, data breach is the correct answer.

Continuous monitoring is the control that allows organizations to actively verify that a cloud provider is fulfilling contractual and compliance obligations. This involves automated collection and analysis of operational, security, and performance data. It enables organizations to ensure that service-level agreements (SLAs) are being honored and that compliance requirements are being met in real time.

While regulatory oversight is provided by external authorities and incident management is reactive in nature, continuous monitoring is a proactive approach. It allows customers to maintain visibility into provider operations. Confidential computing focuses on data protection but does not verify contract adherence.

By employing continuous monitoring, organizations establish transparency and accountability. It also supports audit processes by providing evidence that controls remain effective over time. This reduces risk associated with outsourcing critical functions to a cloud provider and ensures resilience against potential provider-side failures.

A compensating control should be implemented to address the loss of physical control when moving data to the cloud. Managing Cloud guidance explains that compensating controls are alternative safeguards used when direct controls are not feasible.

Since customers cannot physically secure cloud data centers, compensating controls such as strong encryption, key management, access controls, and monitoring are used to mitigate the risk. These controls provide equivalent or greater protection despite the lack of physical access.

The other options are not recognized control types in cloud security governance. Therefore, compensating control is the correct answer.

In the Software as a Service (SaaS) model, the cloud service provider bears the greatest responsibility for security. Managing Cloud documentation explains that in SaaS environments, the provider manages the application, operating system, middleware, infrastructure, and often many security controls.

Customers primarily focus on user access, data classification, and configuration of application-level settings, while the provider ensures platform availability, patching, vulnerability management, and infrastructure security. This shared responsibility model places the largest security burden on the provider in SaaS compared to other service models.

In PaaS and IaaS, customers assume increasing responsibility for securing operating systems, applications, and configurations. DBaaS still requires customer involvement in access control and data management. Therefore, SaaS is the correct answer.