WGU C795 SECURITY+ CONTEXT DECODER
MASTERY GUIDE - SY0-701
Performance-Based Exam Blueprint Decoded
CONTEXT TYPE 1: The "BEST" Action Under Constraints
Pattern: Multiple valid technical solutions, but only one fits the business/policy context.
QUESTION 1
Scenario: "As a newly hired security analyst at a financial services company, you are
reviewing the vulnerability scan report for a legacy internal application that processes
non-sensitive HR data. The report shows a critical buffer overflow vulnerability. The
application vendor is out of business, and patching is not possible. The IT director
states the budget for this quarter is exhausted."
[CONTEXT DECODER]
● Your Role: Security Analyst (internal employee, not a consultant)
● Primary Constraint: No budget, no vendor patch available
● Implied Goal: Mitigate risk for a legacy, internal system handling non-sensitive
data
● Hidden Clue: "Legacy," "vendor out of business," "budget exhausted"
What is the BEST immediate course of action?
A) Recommend immediate decommissioning of the application.
,B) Segment the application on its own VLAN and implement strict firewall rules to limit
access to only the HR department.
C) Submit a high-priority budget request for a third-party code review and custom patch
development.
D) Document the risk as accepted since the data is non-sensitive.
Correct Answer: B
COMPLETE SOLUTION:
CONTEXT RECAP: Role=Security Analyst; Constraints=No Budget, No Patch; Goal=Risk
Mitigation for a legacy internal app.
DOMAIN & CONCEPT: Domain 3.3 - Implement secure network design concepts /
Segmentation.
ELIMINATION LOGIC:
● A (Decommission): Technically ideal but fails the "immediate" and constraint test;
decommissioning a business application requires planning, approval, and likely
has cost/workflow disruption.
● C (Budget Request): A good long-term action but is not an immediate control and
ignores the "budget exhausted" constraint.
● D (Accept Risk): An inappropriate first step for a critical vulnerability. Acceptance
requires formal review and is not a "course of action."
PERFECT FIT JUSTIFICATION: B is the BEST answer because it provides an immediate,
low-cost technical control (segmentation) that aligns with the constraints. It reduces the
attack surface by limiting access, which is a core mitigation strategy for unpatchable
systems, without requiring new funds or disrupting the business process.
,REAL-WORLD TRANSLATION: This is "compensating control" implementation—using
network security to protect a vulnerable host when traditional patching fails.
QUESTION 2
Scenario: "You are a security consultant performing a risk assessment for a small
healthcare clinic with 50 employees. The clinic handles PHI (Protected Health
Information) and must comply with HIPAA. Currently, they have no formal security
policies and use a single shared administrator password for all systems. The clinic
director states they have limited IT staff and cannot afford enterprise-grade solutions."
[CONTEXT DECODER]
● Your Role: Security Consultant (external advisor, must be practical)
● Primary Constraint: Limited staff, limited budget, small scale (50 employees)
● Implied Goal: HIPAA compliance with realistic implementation
● Hidden Clue: "Small healthcare clinic," "no formal policies," "single shared
password"
What is the BEST recommendation to address the authentication issue?
A) Implement a full Active Directory domain with smart card authentication.
B) Deploy a cloud-based Identity and Access Management (IAM) solution with SSO.
C) Implement individual user accounts with role-based access control (RBAC) and
enforce password complexity requirements.
D) Continue using the shared password but require two administrators to be present for
access.
Correct Answer: C
COMPLETE SOLUTION:
, CONTEXT RECAP: Role=Consultant; Constraints=Small scale, limited staff/budget;
Goal=HIPAA compliance with realistic controls.
DOMAIN & CONCEPT: Domain 4.1 - Given a scenario, implement identity and access
management controls / Account management.
ELIMINATION LOGIC:
● A (AD with smart cards): Enterprise-grade solution that requires significant
infrastructure, cost, and expertise—violates the small clinic context.
● B (Cloud IAM/SSO): While scalable, introduces complexity and recurring costs
that may strain a small clinic's budget; over-engineered for 50 users.
● D (Continue shared password): Violates HIPAA's unique user identification
requirement (164.312(a)(2)(i)) and basic security principles.
PERFECT FIT JUSTIFICATION: C provides the fundamental control (individual
accountability) required by HIPAA without introducing unnecessary complexity or cost.
RBAC ensures least privilege, and password complexity addresses the immediate risk.
This is the "good enough" security that fits the context.
REAL-WORLD TRANSLATION: In a small clinic, you're often replacing a Post-it note on
the monitor with actual user accounts—basic hygiene that satisfies auditors without
breaking the bank.
QUESTION 3
Scenario: "As a network security administrator for a mid-sized manufacturing company,
you discover that an employee has been using a personal cloud storage account to sync
sensitive CAD drawings from their work laptop. The company has no current DLP (Data
Loss Prevention) solution. The employee states this is the only way to work from home
because the VPN is 'too slow.' The CISO wants to prevent future occurrences without
blocking all cloud services, as legitimate business use exists."
MASTERY GUIDE - SY0-701
Performance-Based Exam Blueprint Decoded
CONTEXT TYPE 1: The "BEST" Action Under Constraints
Pattern: Multiple valid technical solutions, but only one fits the business/policy context.
QUESTION 1
Scenario: "As a newly hired security analyst at a financial services company, you are
reviewing the vulnerability scan report for a legacy internal application that processes
non-sensitive HR data. The report shows a critical buffer overflow vulnerability. The
application vendor is out of business, and patching is not possible. The IT director
states the budget for this quarter is exhausted."
[CONTEXT DECODER]
● Your Role: Security Analyst (internal employee, not a consultant)
● Primary Constraint: No budget, no vendor patch available
● Implied Goal: Mitigate risk for a legacy, internal system handling non-sensitive
data
● Hidden Clue: "Legacy," "vendor out of business," "budget exhausted"
What is the BEST immediate course of action?
A) Recommend immediate decommissioning of the application.
,B) Segment the application on its own VLAN and implement strict firewall rules to limit
access to only the HR department.
C) Submit a high-priority budget request for a third-party code review and custom patch
development.
D) Document the risk as accepted since the data is non-sensitive.
Correct Answer: B
COMPLETE SOLUTION:
CONTEXT RECAP: Role=Security Analyst; Constraints=No Budget, No Patch; Goal=Risk
Mitigation for a legacy internal app.
DOMAIN & CONCEPT: Domain 3.3 - Implement secure network design concepts /
Segmentation.
ELIMINATION LOGIC:
● A (Decommission): Technically ideal but fails the "immediate" and constraint test;
decommissioning a business application requires planning, approval, and likely
has cost/workflow disruption.
● C (Budget Request): A good long-term action but is not an immediate control and
ignores the "budget exhausted" constraint.
● D (Accept Risk): An inappropriate first step for a critical vulnerability. Acceptance
requires formal review and is not a "course of action."
PERFECT FIT JUSTIFICATION: B is the BEST answer because it provides an immediate,
low-cost technical control (segmentation) that aligns with the constraints. It reduces the
attack surface by limiting access, which is a core mitigation strategy for unpatchable
systems, without requiring new funds or disrupting the business process.
,REAL-WORLD TRANSLATION: This is "compensating control" implementation—using
network security to protect a vulnerable host when traditional patching fails.
QUESTION 2
Scenario: "You are a security consultant performing a risk assessment for a small
healthcare clinic with 50 employees. The clinic handles PHI (Protected Health
Information) and must comply with HIPAA. Currently, they have no formal security
policies and use a single shared administrator password for all systems. The clinic
director states they have limited IT staff and cannot afford enterprise-grade solutions."
[CONTEXT DECODER]
● Your Role: Security Consultant (external advisor, must be practical)
● Primary Constraint: Limited staff, limited budget, small scale (50 employees)
● Implied Goal: HIPAA compliance with realistic implementation
● Hidden Clue: "Small healthcare clinic," "no formal policies," "single shared
password"
What is the BEST recommendation to address the authentication issue?
A) Implement a full Active Directory domain with smart card authentication.
B) Deploy a cloud-based Identity and Access Management (IAM) solution with SSO.
C) Implement individual user accounts with role-based access control (RBAC) and
enforce password complexity requirements.
D) Continue using the shared password but require two administrators to be present for
access.
Correct Answer: C
COMPLETE SOLUTION:
, CONTEXT RECAP: Role=Consultant; Constraints=Small scale, limited staff/budget;
Goal=HIPAA compliance with realistic controls.
DOMAIN & CONCEPT: Domain 4.1 - Given a scenario, implement identity and access
management controls / Account management.
ELIMINATION LOGIC:
● A (AD with smart cards): Enterprise-grade solution that requires significant
infrastructure, cost, and expertise—violates the small clinic context.
● B (Cloud IAM/SSO): While scalable, introduces complexity and recurring costs
that may strain a small clinic's budget; over-engineered for 50 users.
● D (Continue shared password): Violates HIPAA's unique user identification
requirement (164.312(a)(2)(i)) and basic security principles.
PERFECT FIT JUSTIFICATION: C provides the fundamental control (individual
accountability) required by HIPAA without introducing unnecessary complexity or cost.
RBAC ensures least privilege, and password complexity addresses the immediate risk.
This is the "good enough" security that fits the context.
REAL-WORLD TRANSLATION: In a small clinic, you're often replacing a Post-it note on
the monitor with actual user accounts—basic hygiene that satisfies auditors without
breaking the bank.
QUESTION 3
Scenario: "As a network security administrator for a mid-sized manufacturing company,
you discover that an employee has been using a personal cloud storage account to sync
sensitive CAD drawings from their work laptop. The company has no current DLP (Data
Loss Prevention) solution. The employee states this is the only way to work from home
because the VPN is 'too slow.' The CISO wants to prevent future occurrences without
blocking all cloud services, as legitimate business use exists."
