Security Implementation Plan 2026/2027
ACTUAL EXAM TEST BANK 300 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY
GRADED A+||NEWEST VERSION
Question 1
SWBTL is migrating to a cloud environment but wants maximum control over
security configurations. Which model is BEST?
A. SaaS
B. PaaS
C. IaaS
D. FaaS
Answer: C
Rationale: IaaS provides highest control over OS, network, and security
configurations.
Question 2
Which cloud model requires the LEAST customer-managed security responsibility?
A. IaaS
B. PaaS
C. SaaS
D. Hybrid
,Answer: C
Question 3
What is the PRIMARY benefit of hybrid cloud for SWBTL?
A. Eliminates encryption needs
B. Combines on-prem control with cloud scalability
C. Removes IAM requirements
D. Eliminates compliance obligations
Answer: B
Question 4
Which architecture best supports disaster recovery?
A. Single region deployment
B. Multi-region redundancy
C. On-prem only
D. Single server cluster
Answer: B
SHARED RESPONSIBILITY MODEL
Question 5
Who is responsible for securing the hypervisor in IaaS?
A. Customer
B. Cloud provider
C. End user
D. Auditor
Answer: B
,Question 6
Who secures application code in SaaS?
A. Provider
B. Customer
C. ISP
D. Government
Answer: A
Question 7
In PaaS, what is SWBTL responsible for?
A. Physical servers
B. Runtime environment
C. Application code and data
D. Data center security
Answer: C
IAM (IDENTITY & ACCESS MANAGEMENT)
Question 8
Best control to enforce least privilege access?
A. RBAC
B. NAT
C. VLAN
D. DLP
Answer: A
, Question 9
Which control prevents password-only authentication?
A. MFA
B. Tokenization
C. Compression
D. RAID
Answer: A
Question 10
A terminated employee still has access. What failed?
A. Patch management
B. Identity lifecycle management
C. Backup system
D. Encryption policy
Answer: B
Question 11
Which IAM control allows temporary access to cloud resources?
A. Federation
B. Role assumption / temporary credentials
C. Hardcoding keys
D. Static accounts
Answer: B
ENCRYPTION + KEY MANAGEMENT
Question 12