WGU E025 Course Assessment EXAM Bank |
E025 (Cloud and Network Security Models) |
Competency-Based Objective Assessment
Question 1
An enterprise is migrating its legacy financial database to a public cloud environment.
The organization requires complete visibility and administrative management over the
operating system kernel and underlying network routing tables. Which cloud service
model must the administrator select?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Function as a Service (FaaS)
Correct Answer: C
Rationale: Infrastructure as a Service (IaaS) provides the consumer with provisioning
processing, storage, networks, and other fundamental computing resources where the
consumer is able to deploy and run arbitrary software, which can include operating
systems and applications. The consumer has control over operating systems, storage,
and deployed applications, and limited control of select networking components. SaaS
and PaaS abstract the operating system layer away from the consumer.
Question 2
A software development team wants to deploy a new microservices-based web
application without managing host servers, container runtimes, or operating system
patches. They need the environment to automatically scale to zero when there is no
traffic. Which service model best fits this scenario?
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Desktop as a Service (DaaS)
D. Storage as a Service (STaaS)
Correct Answer: B
Rationale: Platform as a Service (PaaS) or serverless architectures (a sub-category of
PaaS) deliver computing platforms, runtimes, and environments execution tools without
the overhead of managing underlying hardware, operating systems, or scaling
configurations. This allows developers to focus entirely on application deployment and
data.
Question 3
Under the Shared Responsibility Model for a public Infrastructure as a Service (IaaS)
deployment, which security control is the sole responsibility of the cloud service provider
(CSP)?
A. Configuration of virtual machine firewalls
, B. Physical security of the hypervisor host nodes
C. Patch management of the guest operating system
D. Data classification and access control policies
Correct Answer: B
Rationale: In an IaaS model, the cloud service provider is exclusively responsible for
the physical security of the data centres, facilities, environmental controls, and the
physical host hardware/hypervisor layer. The customer retains full responsibility for
configuring guest operating systems, virtual network controls, applications, and
corporate data protection.
Question 4
A cloud consumer deploys an application using a Platform as a Service (PaaS)
framework. Who is responsible for patching the underlying operating system hosting the
runtime environment, and who is responsible for configuring the application's internal
data access permissions?
A. CSP is responsible for both.
B. Cloud consumer is responsible for both.
C. Cloud consumer patches the OS; CSP configures data permissions.
D. CSP patches the OS; Cloud consumer configures data permissions.
Correct Answer: D
Rationale: In a PaaS model, the cloud service provider (CSP) manages and patches
the underlying infrastructure, operating system, and middleware runtimes. The cloud
consumer remains responsible for the security of their own application code, data
configurations, and user access permissions.
Question 5
An organization establishes an internal infrastructure pool within its own data centre,
utilizing automated orchestration software to provide self-service provisioning to various
internal business units. No external entities have access to these resources. Which
cloud deployment model does this describe?
A. Public Cloud
B. Community Cloud
C. Private Cloud
D. Hybrid Cloud
Correct Answer: C
Rationale: A private cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may be owned,
managed, and operated by the organization, a third party, or some combination of them,
and it may exist on or off premises.
Question 6
A group of regional hospitals collaborates to build a shared cloud infrastructure
designed to store patient immunization data. The infrastructure is strictly managed by a
third-party vendor and accessible only to these specific participating healthcare entities
due to regulatory compliance mandates. What cloud deployment model is being
utilized?
A. Hybrid Cloud
B. Public Cloud
C. Multi-Tenant Distributed Cloud
, D. Community Cloud
Correct Answer: D
Rationale: A community cloud infrastructure is provisioned for exclusive use by a
specific community of consumers from organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance considerations).
Question 7
An enterprise uses a public cloud provider to handle unexpected spikes in e-commerce
traffic during holiday shopping seasons, while maintaining its core customer database
within an on-premises private infrastructure. Which cloud deployment model does this
architecture represent?
A. Hybrid Cloud
B. Private Cloud
C. Community Cloud
D. Edge Cloud
Correct Answer: A
Rationale: A hybrid cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities but are bound
together by standardized or proprietary technology that enables data and application
portability (e.g., cloud bursting for load balancing between clouds).
Question 8
Which characteristic of cloud computing defined by NIST allows users to unilaterally
provision computing capabilities, such as server time and network storage, as needed
automatically without requiring human interaction with each service provider?
A. Rapid Elasticity
B. On-Demand Self-Service
C. Resource Pooling
D. Broad Network Access
Correct Answer: B
Rationale: On-demand self-service is the exact NIST characteristic where a consumer
can unilaterally provision computing capabilities automatically without requiring human
intervention from the service provider.
Question 9
A cloud administrator notices that virtual machine instances dynamically scale up during
high utilization periods and spin down automatically when demand decreases, ensuring
costs scale proportionally with usage. Which NIST cloud characteristic is explicitly
demonstrated?
A. Measured Service
B. Resource Pooling
C. Broad Network Access
D. Rapid Elasticity
Correct Answer: D
Rationale: Rapid elasticity refers to the capability of cloud resources to be elastically
provisioned and released, in some cases automatically, to scale rapidly outward and
inward commensurate with demand.
Question 10
, The cloud service provider’s physical computing resources are dynamically assigned
and reassigned according to consumer demand, serving multiple consumers using a
multi-tenant model where customers generally have no control or knowledge over the
exact location of the provided resources. Which NIST characteristic does this define?
A. Broad Network Access
B. Resource Pooling
C. On-Demand Self-Service
D. Rapid Scalability
Correct Answer: B
Rationale: Resource pooling involves pooling the provider’s computing resources to
serve multiple consumers using a multi-tenant model, with different physical and virtual
resources dynamically assigned according to demand.
Question 11
An enterprise wants to establish a Zero Trust Architecture (ZTA) across its cloud
network environments. Which foundational assumption must the network security
architect adopt?
A. Internal assets residing behind the corporate perimeter are inherently safe.
B. Implicit trust is granted based solely on an asset's physical or network
location.
C. All network traffic, regardless of its origin inside or outside the perimeter, is
untrusted until authenticated and authorized.
D. High-level encryption keys remove the need for persistent request
authorization.
Correct Answer: C
Rationale: Zero Trust is a cybersecurity paradigm focused on resource protection and
the premise that trust is never implicitly granted to assets or user accounts based solely
on their physical or network location or asset ownership. Every request must be
authenticated, authorized, and validated continuously.
Question 12
Which core pillar of the Zero Trust Architecture (ZTA) emphasizes that access decisions
must be dynamic, context-aware, and enforced based on the principle of least privilege?
A. Perimeter Defensibility
B. Policy Enforcement Point (PEP) Isolation
C. Continuous Verification and Dynamic Authorization
D. Broad Network Segmentation
Correct Answer: C
Rationale: Continuous verification requires that user and device status, credentials, and
context are checked at every access request. Access decisions are dynamic and must
adjust to real-time threat signals rather than trusting a session indefinitely after a single
initial login.
Question 13
An enterprise is implementing a Zero Trust Architecture. During an access request
evaluation, the Policy Decision Point (PDP) examines the user's role, device compliance
status, time of day, and geographic location before generating an access token. What
type of access control model does this match?
A. Discretionary Access Control (DAC)
E025 (Cloud and Network Security Models) |
Competency-Based Objective Assessment
Question 1
An enterprise is migrating its legacy financial database to a public cloud environment.
The organization requires complete visibility and administrative management over the
operating system kernel and underlying network routing tables. Which cloud service
model must the administrator select?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Function as a Service (FaaS)
Correct Answer: C
Rationale: Infrastructure as a Service (IaaS) provides the consumer with provisioning
processing, storage, networks, and other fundamental computing resources where the
consumer is able to deploy and run arbitrary software, which can include operating
systems and applications. The consumer has control over operating systems, storage,
and deployed applications, and limited control of select networking components. SaaS
and PaaS abstract the operating system layer away from the consumer.
Question 2
A software development team wants to deploy a new microservices-based web
application without managing host servers, container runtimes, or operating system
patches. They need the environment to automatically scale to zero when there is no
traffic. Which service model best fits this scenario?
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Desktop as a Service (DaaS)
D. Storage as a Service (STaaS)
Correct Answer: B
Rationale: Platform as a Service (PaaS) or serverless architectures (a sub-category of
PaaS) deliver computing platforms, runtimes, and environments execution tools without
the overhead of managing underlying hardware, operating systems, or scaling
configurations. This allows developers to focus entirely on application deployment and
data.
Question 3
Under the Shared Responsibility Model for a public Infrastructure as a Service (IaaS)
deployment, which security control is the sole responsibility of the cloud service provider
(CSP)?
A. Configuration of virtual machine firewalls
, B. Physical security of the hypervisor host nodes
C. Patch management of the guest operating system
D. Data classification and access control policies
Correct Answer: B
Rationale: In an IaaS model, the cloud service provider is exclusively responsible for
the physical security of the data centres, facilities, environmental controls, and the
physical host hardware/hypervisor layer. The customer retains full responsibility for
configuring guest operating systems, virtual network controls, applications, and
corporate data protection.
Question 4
A cloud consumer deploys an application using a Platform as a Service (PaaS)
framework. Who is responsible for patching the underlying operating system hosting the
runtime environment, and who is responsible for configuring the application's internal
data access permissions?
A. CSP is responsible for both.
B. Cloud consumer is responsible for both.
C. Cloud consumer patches the OS; CSP configures data permissions.
D. CSP patches the OS; Cloud consumer configures data permissions.
Correct Answer: D
Rationale: In a PaaS model, the cloud service provider (CSP) manages and patches
the underlying infrastructure, operating system, and middleware runtimes. The cloud
consumer remains responsible for the security of their own application code, data
configurations, and user access permissions.
Question 5
An organization establishes an internal infrastructure pool within its own data centre,
utilizing automated orchestration software to provide self-service provisioning to various
internal business units. No external entities have access to these resources. Which
cloud deployment model does this describe?
A. Public Cloud
B. Community Cloud
C. Private Cloud
D. Hybrid Cloud
Correct Answer: C
Rationale: A private cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may be owned,
managed, and operated by the organization, a third party, or some combination of them,
and it may exist on or off premises.
Question 6
A group of regional hospitals collaborates to build a shared cloud infrastructure
designed to store patient immunization data. The infrastructure is strictly managed by a
third-party vendor and accessible only to these specific participating healthcare entities
due to regulatory compliance mandates. What cloud deployment model is being
utilized?
A. Hybrid Cloud
B. Public Cloud
C. Multi-Tenant Distributed Cloud
, D. Community Cloud
Correct Answer: D
Rationale: A community cloud infrastructure is provisioned for exclusive use by a
specific community of consumers from organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance considerations).
Question 7
An enterprise uses a public cloud provider to handle unexpected spikes in e-commerce
traffic during holiday shopping seasons, while maintaining its core customer database
within an on-premises private infrastructure. Which cloud deployment model does this
architecture represent?
A. Hybrid Cloud
B. Private Cloud
C. Community Cloud
D. Edge Cloud
Correct Answer: A
Rationale: A hybrid cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities but are bound
together by standardized or proprietary technology that enables data and application
portability (e.g., cloud bursting for load balancing between clouds).
Question 8
Which characteristic of cloud computing defined by NIST allows users to unilaterally
provision computing capabilities, such as server time and network storage, as needed
automatically without requiring human interaction with each service provider?
A. Rapid Elasticity
B. On-Demand Self-Service
C. Resource Pooling
D. Broad Network Access
Correct Answer: B
Rationale: On-demand self-service is the exact NIST characteristic where a consumer
can unilaterally provision computing capabilities automatically without requiring human
intervention from the service provider.
Question 9
A cloud administrator notices that virtual machine instances dynamically scale up during
high utilization periods and spin down automatically when demand decreases, ensuring
costs scale proportionally with usage. Which NIST cloud characteristic is explicitly
demonstrated?
A. Measured Service
B. Resource Pooling
C. Broad Network Access
D. Rapid Elasticity
Correct Answer: D
Rationale: Rapid elasticity refers to the capability of cloud resources to be elastically
provisioned and released, in some cases automatically, to scale rapidly outward and
inward commensurate with demand.
Question 10
, The cloud service provider’s physical computing resources are dynamically assigned
and reassigned according to consumer demand, serving multiple consumers using a
multi-tenant model where customers generally have no control or knowledge over the
exact location of the provided resources. Which NIST characteristic does this define?
A. Broad Network Access
B. Resource Pooling
C. On-Demand Self-Service
D. Rapid Scalability
Correct Answer: B
Rationale: Resource pooling involves pooling the provider’s computing resources to
serve multiple consumers using a multi-tenant model, with different physical and virtual
resources dynamically assigned according to demand.
Question 11
An enterprise wants to establish a Zero Trust Architecture (ZTA) across its cloud
network environments. Which foundational assumption must the network security
architect adopt?
A. Internal assets residing behind the corporate perimeter are inherently safe.
B. Implicit trust is granted based solely on an asset's physical or network
location.
C. All network traffic, regardless of its origin inside or outside the perimeter, is
untrusted until authenticated and authorized.
D. High-level encryption keys remove the need for persistent request
authorization.
Correct Answer: C
Rationale: Zero Trust is a cybersecurity paradigm focused on resource protection and
the premise that trust is never implicitly granted to assets or user accounts based solely
on their physical or network location or asset ownership. Every request must be
authenticated, authorized, and validated continuously.
Question 12
Which core pillar of the Zero Trust Architecture (ZTA) emphasizes that access decisions
must be dynamic, context-aware, and enforced based on the principle of least privilege?
A. Perimeter Defensibility
B. Policy Enforcement Point (PEP) Isolation
C. Continuous Verification and Dynamic Authorization
D. Broad Network Segmentation
Correct Answer: C
Rationale: Continuous verification requires that user and device status, credentials, and
context are checked at every access request. Access decisions are dynamic and must
adjust to real-time threat signals rather than trusting a session indefinitely after a single
initial login.
Question 13
An enterprise is implementing a Zero Trust Architecture. During an access request
evaluation, the Policy Decision Point (PDP) examines the user's role, device compliance
status, time of day, and geographic location before generating an access token. What
type of access control model does this match?
A. Discretionary Access Control (DAC)
