Wgu D415 | Software-Defined Networking (SDN) |
Objective Assessment (Oa) 2026 Update | Questions And
Answers With Rationales
Question 1
What is a function of the bastion host in a screened subnet firewall
architecture?
A. To protect the perimeter and internal networks from the internet
B. To perform most of the data packet filtering for the firewall
C. To define a clear boundary between trusted and untrusted domains
D. To serve as the main point of contact for incoming connections
✅ Correct Answer: D
Rationale:
A bastion host is a hardened system exposed to untrusted networks such as the
internet. Its primary role is to act as the main point of contact for incoming
connections, such as web or email services. Because it is directly accessible, it
is configured with strict security controls and minimal services. This reduces
the attack surface and protects internal systems from direct exposure.
Question 2
How are security threats that happen within a computer network classified?
A. As detectable and unknown
B. As malicious and robust
C. As divisive and destructive
D. As intentional and unintentional
✅ Correct Answer: D
,Rationale:
Network security threats are commonly categorized based on intent.
Intentional threats include insider attacks, malware, and deliberate breaches,
while unintentional threats include misconfigurations, human error, and
accidental data exposure. This classification helps organizations apply
appropriate preventive and corrective controls. Understanding intent is critical
for designing effective security policies.
Question 3
Which module of OpenStack should be used to improve efficiency and
scalability of user storage and unstructured data?
A. Swift
B. Neutron
C. Ironic
D. Congress
✅ Correct Answer: A
Rationale:
OpenStack Swift is an object storage system designed for scalability and
durability. It is ideal for storing large amounts of unstructured data such as
backups, images, and media files. Swift distributes data across multiple nodes,
improving fault tolerance and performance. Unlike block storage, it does not
rely on a single point of failure.
Question 4
Which approach improves the strength of software-defined networking (SDN)
security and intrusion tolerance?
A. Controller diversity
B. Controller consolidation
C. Logging
D. Virtualization
✅ Correct Answer: A
,Rationale:
Controller diversity involves using multiple SDN controllers from different
vendors or configurations. This reduces the risk of a single vulnerability
compromising the entire network. If one controller is attacked or fails, others
can continue to operate. Diversity enhances fault tolerance and resilience
against targeted attacks.
Question 5
What is a primary security concern in SDN environments?
A. Hardware dependency
B. Compromised controller security
C. Lack of routing protocols
D. Increased latency
✅ Correct Answer: B
Rationale:
The SDN controller is the centralized “brain” of the network, making it a high-
value target. If compromised, attackers could manipulate traffic flows, disable
services, or exfiltrate data. Protecting the controller through authentication,
encryption, and redundancy is critical. Centralization improves manageability
but increases risk if not secured properly.
Question 6
What is the primary function of the SDN control plane?
A. Forward packets at wire speed
B. Encrypt transmitted data
C. Make network-wide routing and policy decisions
D. Provide physical network connectivity
✅ Correct Answer: C
Rationale:
The control plane determines how traffic should flow through the network. In
SDN, this logic is centralized in the controller rather than distributed across
, devices. The controller programs forwarding devices based on policies and
network conditions. This separation improves flexibility and centralized
management.
Question 7
Which SDN plane is responsible for actual packet forwarding?
A. Management plane
B. Control plane
C. Application plane
D. Data plane
✅ Correct Answer: D
Rationale:
The data plane consists of switches and routers that forward packets based on
instructions from the control plane. These devices do not make routing
decisions themselves. Instead, they follow flow rules provided by the SDN
controller. This separation allows simpler and faster forwarding hardware.
Question 8
What protocol is commonly used for communication between SDN
controllers and switches?
A. SNMP
B. BGP
C. OSPF
D. OpenFlow
✅ Correct Answer: D
Rationale:
OpenFlow is a foundational SDN protocol that enables communication
between the controller and network devices. It allows the controller to define
how packets should be handled by switches. OpenFlow supports centralized
traffic management and dynamic flow control. This protocol is key to SDN’s
programmability.
Objective Assessment (Oa) 2026 Update | Questions And
Answers With Rationales
Question 1
What is a function of the bastion host in a screened subnet firewall
architecture?
A. To protect the perimeter and internal networks from the internet
B. To perform most of the data packet filtering for the firewall
C. To define a clear boundary between trusted and untrusted domains
D. To serve as the main point of contact for incoming connections
✅ Correct Answer: D
Rationale:
A bastion host is a hardened system exposed to untrusted networks such as the
internet. Its primary role is to act as the main point of contact for incoming
connections, such as web or email services. Because it is directly accessible, it
is configured with strict security controls and minimal services. This reduces
the attack surface and protects internal systems from direct exposure.
Question 2
How are security threats that happen within a computer network classified?
A. As detectable and unknown
B. As malicious and robust
C. As divisive and destructive
D. As intentional and unintentional
✅ Correct Answer: D
,Rationale:
Network security threats are commonly categorized based on intent.
Intentional threats include insider attacks, malware, and deliberate breaches,
while unintentional threats include misconfigurations, human error, and
accidental data exposure. This classification helps organizations apply
appropriate preventive and corrective controls. Understanding intent is critical
for designing effective security policies.
Question 3
Which module of OpenStack should be used to improve efficiency and
scalability of user storage and unstructured data?
A. Swift
B. Neutron
C. Ironic
D. Congress
✅ Correct Answer: A
Rationale:
OpenStack Swift is an object storage system designed for scalability and
durability. It is ideal for storing large amounts of unstructured data such as
backups, images, and media files. Swift distributes data across multiple nodes,
improving fault tolerance and performance. Unlike block storage, it does not
rely on a single point of failure.
Question 4
Which approach improves the strength of software-defined networking (SDN)
security and intrusion tolerance?
A. Controller diversity
B. Controller consolidation
C. Logging
D. Virtualization
✅ Correct Answer: A
,Rationale:
Controller diversity involves using multiple SDN controllers from different
vendors or configurations. This reduces the risk of a single vulnerability
compromising the entire network. If one controller is attacked or fails, others
can continue to operate. Diversity enhances fault tolerance and resilience
against targeted attacks.
Question 5
What is a primary security concern in SDN environments?
A. Hardware dependency
B. Compromised controller security
C. Lack of routing protocols
D. Increased latency
✅ Correct Answer: B
Rationale:
The SDN controller is the centralized “brain” of the network, making it a high-
value target. If compromised, attackers could manipulate traffic flows, disable
services, or exfiltrate data. Protecting the controller through authentication,
encryption, and redundancy is critical. Centralization improves manageability
but increases risk if not secured properly.
Question 6
What is the primary function of the SDN control plane?
A. Forward packets at wire speed
B. Encrypt transmitted data
C. Make network-wide routing and policy decisions
D. Provide physical network connectivity
✅ Correct Answer: C
Rationale:
The control plane determines how traffic should flow through the network. In
SDN, this logic is centralized in the controller rather than distributed across
, devices. The controller programs forwarding devices based on policies and
network conditions. This separation improves flexibility and centralized
management.
Question 7
Which SDN plane is responsible for actual packet forwarding?
A. Management plane
B. Control plane
C. Application plane
D. Data plane
✅ Correct Answer: D
Rationale:
The data plane consists of switches and routers that forward packets based on
instructions from the control plane. These devices do not make routing
decisions themselves. Instead, they follow flow rules provided by the SDN
controller. This separation allows simpler and faster forwarding hardware.
Question 8
What protocol is commonly used for communication between SDN
controllers and switches?
A. SNMP
B. BGP
C. OSPF
D. OpenFlow
✅ Correct Answer: D
Rationale:
OpenFlow is a foundational SDN protocol that enables communication
between the controller and network devices. It allows the controller to define
how packets should be handled by switches. OpenFlow supports centralized
traffic management and dynamic flow control. This protocol is key to SDN’s
programmability.
