WGU CLOUD & NETWORK
SECURITY (C842 / C845
EQUIVALENT) : QUESTIONS AND
RATIONALES/GRADED A+
UPDATE 100% CORRECT
SECTION I: CORE SECURITY CONCEPTS & GOVERNANCE (Qs 1-
10)
1. A multinational organization is implementing a "Cyber Resilience" strategy for
2026. Which metric best indicates successful resilience against a ransomware attack
that encrypted 90% of endpoints?
A) Mean Time to Detect (MTTD) of 2 hours
B) Recovery Time Objective (RTO) met within 4 hours without paying ransom
C) Number of firewall alerts generated per day
D) Total cost of the backup software license
Correct Answer: B – Cyber resilience prioritizes recovery over prevention. Meeting
RTO without ransom proves operational continuity despite compromise.
2. In the shared responsibility model for a SaaS application (e.g., Microsoft 365),
which security control remains solely the customer's responsibility in 2026?
A) Physical security of data center hard drives
B) Patching the underlying hypervisor
C) Configuration of Conditional Access policies
D) Encryption of data at rest within the database
Correct Answer: C – Identity and access configuration (Conditional Access, MFA) is
always customer-owned. The provider handles physical, hypervisor, and platform
encryption.
,3. A CISO is adopting the NIST Cybersecurity Framework (CSF) 2.0 released in 2024.
Which new "Govern" function pillar requires the board of directors to be explicitly
accountable for cyber risk?
A) Identify
B) Protect
C) Detect
D) Govern
Correct Answer: D – NIST CSF 2.0 elevated "Govern" (GV) to a core function,
mandating senior executive and board oversight of cyber risk management as a
business priority.
4. Which attack specifically undermines the integrity of a Large Language Model
(LLM) used for security log analysis by injecting malicious prompts?
A) Prompt Injection
B) SQL Injection
C) Cross-Site Scripting (XSS)
D) ARP Poisoning
Correct Answer: A – Prompt injection manipulates LLM outputs (e.g., hiding an
attack from a SOC analyst). This is the OWASP Top 10 for LLM #1.
5. A cloud security architect is implementing a "Zero Trust" architecture. Which
principle is most critical for preventing lateral movement after a web server
compromise?
A) A single, large VPN tunnel for all employees
B) Micro-segmentation with per-application firewalls
C) Annual password changes
D) A honeypot in the DMZ
Correct Answer: B – Zero Trust mandates "never trust, always verify." Micro-
segmentation prevents a compromised server from communicating with the
database server.
6. Which compliance regulation imposes the strictest reporting requirements for data
breaches involving EU citizens' biometric data processed by an AI system?
A) PCI DSS v4.0
B) HIPAA
C) GDPR (Art. 33 & 34)
D) SOX
Correct Answer: C – GDPR has a 72-hour breach notification rule and specifically
covers "special categories" of data like biometrics processed by AI.
, 7. A Security Operations Center (SOC) is struggling with alert fatigue. Which
technology best reduces false positives by using AI to learn normal user behavior?
A) Signature-based IPS
B) User and Entity Behavior Analytics (UEBA)
C) Static vulnerability scanner
D) Web Application Firewall (WAF)
Correct Answer: B – UEBA establishes behavioral baselines; deviations (e.g., a
backup account logging in at 3 AM) trigger alerts, reducing noise from static rules.
8. What is the primary security advantage of "Confidential Computing" in a multi-
tenant cloud environment?
A) It prevents SQL injection.
B) It encrypts data while it is being processed (in-use) using hardware TEEs.
C) It replaces the need for TLS certificates.
D) It blocks DDoS attacks at the edge.
Correct Answer: B – Confidential Computing uses Trusted Execution Environments
(TEEs) like Intel SGX or AMD SEV to encrypt RAM, protecting data from the cloud
provider's own admins.
9. Which of the following is a "post-quantum" cryptographic algorithm selected by
NIST for general encryption, designed to resist Shor's algorithm?
A) RSA-4096
B) ECDSA
C) CRYSTALS-Kyber
D) MD5
Correct Answer: C – Kyber (now standardized as ML-KEM) is lattice-based and
resistant to quantum computer attacks. RSA and ECC will be broken by quantum.
10. A DevSecOps team finds hardcoded credentials in a public GitHub repository.
What is the immediate response per incident response playbooks?
A) Change the commit history.
B) Rotate the compromised credentials immediately
C) Delete the repository
D) Send an email to the developer
Correct Answer: B – Credentials are considered compromised once public. Rotation
is the only way to invalidate the leak. History rewriting does not remove cloned
copies.
SECURITY (C842 / C845
EQUIVALENT) : QUESTIONS AND
RATIONALES/GRADED A+
UPDATE 100% CORRECT
SECTION I: CORE SECURITY CONCEPTS & GOVERNANCE (Qs 1-
10)
1. A multinational organization is implementing a "Cyber Resilience" strategy for
2026. Which metric best indicates successful resilience against a ransomware attack
that encrypted 90% of endpoints?
A) Mean Time to Detect (MTTD) of 2 hours
B) Recovery Time Objective (RTO) met within 4 hours without paying ransom
C) Number of firewall alerts generated per day
D) Total cost of the backup software license
Correct Answer: B – Cyber resilience prioritizes recovery over prevention. Meeting
RTO without ransom proves operational continuity despite compromise.
2. In the shared responsibility model for a SaaS application (e.g., Microsoft 365),
which security control remains solely the customer's responsibility in 2026?
A) Physical security of data center hard drives
B) Patching the underlying hypervisor
C) Configuration of Conditional Access policies
D) Encryption of data at rest within the database
Correct Answer: C – Identity and access configuration (Conditional Access, MFA) is
always customer-owned. The provider handles physical, hypervisor, and platform
encryption.
,3. A CISO is adopting the NIST Cybersecurity Framework (CSF) 2.0 released in 2024.
Which new "Govern" function pillar requires the board of directors to be explicitly
accountable for cyber risk?
A) Identify
B) Protect
C) Detect
D) Govern
Correct Answer: D – NIST CSF 2.0 elevated "Govern" (GV) to a core function,
mandating senior executive and board oversight of cyber risk management as a
business priority.
4. Which attack specifically undermines the integrity of a Large Language Model
(LLM) used for security log analysis by injecting malicious prompts?
A) Prompt Injection
B) SQL Injection
C) Cross-Site Scripting (XSS)
D) ARP Poisoning
Correct Answer: A – Prompt injection manipulates LLM outputs (e.g., hiding an
attack from a SOC analyst). This is the OWASP Top 10 for LLM #1.
5. A cloud security architect is implementing a "Zero Trust" architecture. Which
principle is most critical for preventing lateral movement after a web server
compromise?
A) A single, large VPN tunnel for all employees
B) Micro-segmentation with per-application firewalls
C) Annual password changes
D) A honeypot in the DMZ
Correct Answer: B – Zero Trust mandates "never trust, always verify." Micro-
segmentation prevents a compromised server from communicating with the
database server.
6. Which compliance regulation imposes the strictest reporting requirements for data
breaches involving EU citizens' biometric data processed by an AI system?
A) PCI DSS v4.0
B) HIPAA
C) GDPR (Art. 33 & 34)
D) SOX
Correct Answer: C – GDPR has a 72-hour breach notification rule and specifically
covers "special categories" of data like biometrics processed by AI.
, 7. A Security Operations Center (SOC) is struggling with alert fatigue. Which
technology best reduces false positives by using AI to learn normal user behavior?
A) Signature-based IPS
B) User and Entity Behavior Analytics (UEBA)
C) Static vulnerability scanner
D) Web Application Firewall (WAF)
Correct Answer: B – UEBA establishes behavioral baselines; deviations (e.g., a
backup account logging in at 3 AM) trigger alerts, reducing noise from static rules.
8. What is the primary security advantage of "Confidential Computing" in a multi-
tenant cloud environment?
A) It prevents SQL injection.
B) It encrypts data while it is being processed (in-use) using hardware TEEs.
C) It replaces the need for TLS certificates.
D) It blocks DDoS attacks at the edge.
Correct Answer: B – Confidential Computing uses Trusted Execution Environments
(TEEs) like Intel SGX or AMD SEV to encrypt RAM, protecting data from the cloud
provider's own admins.
9. Which of the following is a "post-quantum" cryptographic algorithm selected by
NIST for general encryption, designed to resist Shor's algorithm?
A) RSA-4096
B) ECDSA
C) CRYSTALS-Kyber
D) MD5
Correct Answer: C – Kyber (now standardized as ML-KEM) is lattice-based and
resistant to quantum computer attacks. RSA and ECC will be broken by quantum.
10. A DevSecOps team finds hardcoded credentials in a public GitHub repository.
What is the immediate response per incident response playbooks?
A) Change the commit history.
B) Rotate the compromised credentials immediately
C) Delete the repository
D) Send an email to the developer
Correct Answer: B – Credentials are considered compromised once public. Rotation
is the only way to invalidate the leak. History rewriting does not remove cloned
copies.
