WGU E025: CLOUD & NETWORK
SECURITY MODELS — 2026
ULTIMATE TEST PREP :
QUESTIONS AND
RATIONALES/GRADED A+
UPDATE 100% CORRECT
🔷 SECTION 1: Foundational Concepts — Core Principles
& Frameworks (Questions 1–15)
1. Which security model operates on the principle that no entity, whether inside or
outside the network perimeter, should be automatically trusted?
A. The Castle-and-Moat Model
B. The Zero Trust Model
C. The Permissive Security Model
D. The Traditional Perimeter Model
Rationale: Zero Trust is built on the “never trust, always verify” principle, requiring
identity verification for every access attempt — regardless of the user’s network
location.
,2. A security administrator is implementing a “Defense in Depth” strategy. Which of
the following best describes this approach?
A. Relying on a single, high-end enterprise firewall to protect all data
B. Using multiple layers of security controls to provide redundancy if one fails
C. Moving all sensitive data to a single off-site physical server
D. Ensuring that only the IT Manager has access to the cloud console
Rationale: Defense in Depth uses multiple, overlapping layers of security (physical,
technical, administrative) so that if one layer is breached, other layers remain in place
to protect the asset.
3. Which cloud security concept involves dividing a network into smaller, isolated
segments to contain potential breaches and limit lateral movement?
A. Data Encapsulation
B. Micro-segmentation
C. Vertical Scaling
D. Load Balancing
Rationale: Micro-segmentation allows granular security policies applied to individual
workloads, preventing an attacker from moving laterally across the network after an
initial breach.
4. In the CIA Triad, which element ensures that information is accessible only to
those who are authorized to have access?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
Rationale: Confidentiality ensures that data is accessible only to authorized subjects.
Integrity assures data has not been altered, while availability ensures timely, reliable
access.
, 5. Which statement best describes the concept of “least privilege” in a cloud
environment?
A. Users should have full administrative access to all resources
B. Users should be given only enough privilege to perform their duties, and no
more
C. All privileges are granted temporarily for one hour
D. Privileges are determined by the user’s job title only
Rationale: Least privilege means granting the minimum necessary access rights
required to perform job functions — reducing the risk of accidental or intentional
misuse.
6. What is the primary purpose of using Transport Layer Security (TLS) when a user
accesses a cloud-based web application?
A. To filter malicious packets at the network gateway
B. To authenticate the user to the cloud provider
C. To encrypt and protect data between the browser and the application
D. To cache frequently accessed content
Rationale: TLS provides encryption and authentication for data moving over the
internet, securing the communication channel between a web browser and a
cloud-based application.
7. Which of the following is an example of an administrative security control?
A. A firewall rule blocking specific IP addresses
B. A written policy requiring annual security awareness training
C. An intrusion detection system alerting on suspicious traffic
D. Full-disk encryption on a virtual machine
Rationale: Administrative controls include policies, procedures, and training.
Firewalls and IDS are technical controls; encryption is a technical control applied to
data.
SECURITY MODELS — 2026
ULTIMATE TEST PREP :
QUESTIONS AND
RATIONALES/GRADED A+
UPDATE 100% CORRECT
🔷 SECTION 1: Foundational Concepts — Core Principles
& Frameworks (Questions 1–15)
1. Which security model operates on the principle that no entity, whether inside or
outside the network perimeter, should be automatically trusted?
A. The Castle-and-Moat Model
B. The Zero Trust Model
C. The Permissive Security Model
D. The Traditional Perimeter Model
Rationale: Zero Trust is built on the “never trust, always verify” principle, requiring
identity verification for every access attempt — regardless of the user’s network
location.
,2. A security administrator is implementing a “Defense in Depth” strategy. Which of
the following best describes this approach?
A. Relying on a single, high-end enterprise firewall to protect all data
B. Using multiple layers of security controls to provide redundancy if one fails
C. Moving all sensitive data to a single off-site physical server
D. Ensuring that only the IT Manager has access to the cloud console
Rationale: Defense in Depth uses multiple, overlapping layers of security (physical,
technical, administrative) so that if one layer is breached, other layers remain in place
to protect the asset.
3. Which cloud security concept involves dividing a network into smaller, isolated
segments to contain potential breaches and limit lateral movement?
A. Data Encapsulation
B. Micro-segmentation
C. Vertical Scaling
D. Load Balancing
Rationale: Micro-segmentation allows granular security policies applied to individual
workloads, preventing an attacker from moving laterally across the network after an
initial breach.
4. In the CIA Triad, which element ensures that information is accessible only to
those who are authorized to have access?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
Rationale: Confidentiality ensures that data is accessible only to authorized subjects.
Integrity assures data has not been altered, while availability ensures timely, reliable
access.
, 5. Which statement best describes the concept of “least privilege” in a cloud
environment?
A. Users should have full administrative access to all resources
B. Users should be given only enough privilege to perform their duties, and no
more
C. All privileges are granted temporarily for one hour
D. Privileges are determined by the user’s job title only
Rationale: Least privilege means granting the minimum necessary access rights
required to perform job functions — reducing the risk of accidental or intentional
misuse.
6. What is the primary purpose of using Transport Layer Security (TLS) when a user
accesses a cloud-based web application?
A. To filter malicious packets at the network gateway
B. To authenticate the user to the cloud provider
C. To encrypt and protect data between the browser and the application
D. To cache frequently accessed content
Rationale: TLS provides encryption and authentication for data moving over the
internet, securing the communication channel between a web browser and a
cloud-based application.
7. Which of the following is an example of an administrative security control?
A. A firewall rule blocking specific IP addresses
B. A written policy requiring annual security awareness training
C. An intrusion detection system alerting on suspicious traffic
D. Full-disk encryption on a virtual machine
Rationale: Administrative controls include policies, procedures, and training.
Firewalls and IDS are technical controls; encryption is a technical control applied to
data.
