WGU E025 Cloud and Network
Security Models PA and OA
Comprehensive Study Guide | Explore
New 100 Questions and Answers -
2026 Update | 100% Correct.
Q1: A company wants to migrate its legacy on-premises applications to a cloud
environment where it can retain full control over the operating system, runtime, and
middleware, while allowing the cloud provider to manage the underlying hardware and
virtualization layer. Which cloud service model best meets this requirement?
A) Software as a Service (SaaS)
B) Platform as a Service (PaaS)
C) Infrastructure as a Service (IaaS)
D) Function as a Service (FaaS)
Answer: C) Infrastructure as a Service (IaaS)
Rationale: IaaS provides virtualized computing resources over the internet, allowing
customers to manage operating systems, applications, and middleware while the cloud
provider handles the underlying infrastructure. PaaS (B) manages the OS and runtime for
the customer, making it less flexible for legacy applications that require specific OS
configurations. SaaS (A) delivers fully managed applications, giving the customer no
control over the underlying infrastructure or platform. FaaS (D) is serverless and event-
driven, which does not provide the OS-level control required.
,Q2: A healthcare organization must store electronic protected health information (ePHI)
and requires strict compliance with HIPAA regulations. The organization wants to
leverage cloud scalability but needs to ensure that no other tenants share the physical
hardware. Which cloud deployment model is most appropriate?
A) Public cloud
B) Private cloud
C) Hybrid cloud
D) Community cloud
Answer: B) Private cloud
Rationale: A private cloud is dedicated to a single organization, providing isolated
infrastructure that meets strict compliance requirements like HIPAA. Public cloud (A)
involves shared multi-tenant infrastructure, which may introduce compliance risks.
Hybrid cloud (C) combines public and private, but the requirement for no shared
hardware points to a private-only solution. Community cloud (D) is shared among
several organizations with common concerns, which does not guarantee the dedicated
hardware required.
Q3: Which of the following best describes the shared responsibility model in
Infrastructure as a Service (IaaS)?
A) The cloud provider is responsible for all security controls, including customer data
and applications.
B) The customer is responsible for the physical data center security and hypervisor.
C) The cloud provider manages the physical infrastructure and hypervisor; the customer
manages the OS, applications, and data.
,D) Security responsibilities are evenly split between the provider and customer with no
clear delineation.
Answer: C) The cloud provider manages the physical infrastructure and hypervisor; the
customer manages the OS, applications, and data.
Rationale: In IaaS, the provider is responsible for "security of the cloud" (physical data
centers, network hardware, hypervisor), while the customer is responsible for "security in
the cloud" (operating systems, applications, data, access controls). Option A describes a
SaaS model, option B reverses responsibilities incorrectly, and option D contradicts the
clearly defined shared responsibility model.
Q4: An organization is deploying a web application that must handle unpredictable
traffic spikes. The development team wants to minimize operational overhead related to
server management and patching. Which cloud service model should they choose?
A) IaaS with auto-scaling virtual machines
B) PaaS with built-in auto-scaling
C) On-premises bare-metal servers
D) Colocation hosting
Answer: B) PaaS with built-in auto-scaling
Rationale: PaaS abstracts the underlying infrastructure, automatically handling scaling,
patching, and server management. While IaaS (A) can auto-scale, it still requires the
customer to manage OS patching and configuration. On-premises (C) and colocation (D)
require significant operational overhead and do not offer the same level of abstraction
or automatic scaling.
, Q5: Which of the following is a characteristic of a community cloud deployment model?
A) It is owned and operated exclusively by a single organization.
B) It is available to the general public for free or pay-per-use.
C) It is shared by several organizations with shared compliance or mission objectives.
D) It consists of two or more cloud types linked by standardized technology.
Answer: C) It is shared by several organizations with shared compliance or mission
objectives.
Rationale: Community clouds are designed for organizations with common goals, such
as government agencies or healthcare providers with shared compliance requirements.
Option A describes a private cloud, option B describes a public cloud, and option D
describes a hybrid cloud.
Q6: A security architect is designing a cloud environment where sensitive financial data
will be processed. The architect wants to ensure that the hypervisor is isolated from
tenant workloads to prevent VM escape attacks. Which security control is most critical?
A) Network segmentation using VLANs
B) Hardened hypervisor with minimal attack surface
C) Multi-factor authentication for administrative access
D) Encryption of data at rest
Answer: B) Hardened hypervisor with minimal attack surface
Rationale: VM escape attacks exploit vulnerabilities in the hypervisor to break isolation
between virtual machines. Hardening the hypervisor—removing unnecessary services,
applying patches, and using minimal configurations—directly mitigates this risk. VLANs
(A) address network segmentation but not hypervisor-level isolation. MFA (C) protects
Security Models PA and OA
Comprehensive Study Guide | Explore
New 100 Questions and Answers -
2026 Update | 100% Correct.
Q1: A company wants to migrate its legacy on-premises applications to a cloud
environment where it can retain full control over the operating system, runtime, and
middleware, while allowing the cloud provider to manage the underlying hardware and
virtualization layer. Which cloud service model best meets this requirement?
A) Software as a Service (SaaS)
B) Platform as a Service (PaaS)
C) Infrastructure as a Service (IaaS)
D) Function as a Service (FaaS)
Answer: C) Infrastructure as a Service (IaaS)
Rationale: IaaS provides virtualized computing resources over the internet, allowing
customers to manage operating systems, applications, and middleware while the cloud
provider handles the underlying infrastructure. PaaS (B) manages the OS and runtime for
the customer, making it less flexible for legacy applications that require specific OS
configurations. SaaS (A) delivers fully managed applications, giving the customer no
control over the underlying infrastructure or platform. FaaS (D) is serverless and event-
driven, which does not provide the OS-level control required.
,Q2: A healthcare organization must store electronic protected health information (ePHI)
and requires strict compliance with HIPAA regulations. The organization wants to
leverage cloud scalability but needs to ensure that no other tenants share the physical
hardware. Which cloud deployment model is most appropriate?
A) Public cloud
B) Private cloud
C) Hybrid cloud
D) Community cloud
Answer: B) Private cloud
Rationale: A private cloud is dedicated to a single organization, providing isolated
infrastructure that meets strict compliance requirements like HIPAA. Public cloud (A)
involves shared multi-tenant infrastructure, which may introduce compliance risks.
Hybrid cloud (C) combines public and private, but the requirement for no shared
hardware points to a private-only solution. Community cloud (D) is shared among
several organizations with common concerns, which does not guarantee the dedicated
hardware required.
Q3: Which of the following best describes the shared responsibility model in
Infrastructure as a Service (IaaS)?
A) The cloud provider is responsible for all security controls, including customer data
and applications.
B) The customer is responsible for the physical data center security and hypervisor.
C) The cloud provider manages the physical infrastructure and hypervisor; the customer
manages the OS, applications, and data.
,D) Security responsibilities are evenly split between the provider and customer with no
clear delineation.
Answer: C) The cloud provider manages the physical infrastructure and hypervisor; the
customer manages the OS, applications, and data.
Rationale: In IaaS, the provider is responsible for "security of the cloud" (physical data
centers, network hardware, hypervisor), while the customer is responsible for "security in
the cloud" (operating systems, applications, data, access controls). Option A describes a
SaaS model, option B reverses responsibilities incorrectly, and option D contradicts the
clearly defined shared responsibility model.
Q4: An organization is deploying a web application that must handle unpredictable
traffic spikes. The development team wants to minimize operational overhead related to
server management and patching. Which cloud service model should they choose?
A) IaaS with auto-scaling virtual machines
B) PaaS with built-in auto-scaling
C) On-premises bare-metal servers
D) Colocation hosting
Answer: B) PaaS with built-in auto-scaling
Rationale: PaaS abstracts the underlying infrastructure, automatically handling scaling,
patching, and server management. While IaaS (A) can auto-scale, it still requires the
customer to manage OS patching and configuration. On-premises (C) and colocation (D)
require significant operational overhead and do not offer the same level of abstraction
or automatic scaling.
, Q5: Which of the following is a characteristic of a community cloud deployment model?
A) It is owned and operated exclusively by a single organization.
B) It is available to the general public for free or pay-per-use.
C) It is shared by several organizations with shared compliance or mission objectives.
D) It consists of two or more cloud types linked by standardized technology.
Answer: C) It is shared by several organizations with shared compliance or mission
objectives.
Rationale: Community clouds are designed for organizations with common goals, such
as government agencies or healthcare providers with shared compliance requirements.
Option A describes a private cloud, option B describes a public cloud, and option D
describes a hybrid cloud.
Q6: A security architect is designing a cloud environment where sensitive financial data
will be processed. The architect wants to ensure that the hypervisor is isolated from
tenant workloads to prevent VM escape attacks. Which security control is most critical?
A) Network segmentation using VLANs
B) Hardened hypervisor with minimal attack surface
C) Multi-factor authentication for administrative access
D) Encryption of data at rest
Answer: B) Hardened hypervisor with minimal attack surface
Rationale: VM escape attacks exploit vulnerabilities in the hypervisor to break isolation
between virtual machines. Hardening the hypervisor—removing unnecessary services,
applying patches, and using minimal configurations—directly mitigates this risk. VLANs
(A) address network segmentation but not hypervisor-level isolation. MFA (C) protects
