Scenarios: Security Implications of Architecture Models
Authored by Wayground CTE
Information technology (IT)
9th Grade
Blooms Level: Apply covered
AI Actions
Add similar questions
Adjust reading levels
Convert to real-world scenario
Translate activity
More...
Content View
Student View
8 questions
Show all answers
1.
PASSAGE QUESTION
30 sec • 1 pt
A cloud security architect is reviewing a new workload hosted on a managed container platform. The vendor contract states the provider maintains the host operating system and container runtime, while the customer configures network policies, image contents, and identity roles. A recent audit found a vulnerable library inside a customer-built image that had been running in production for 40 days.
2.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Who is accountable for remediating the vulnerable library found inside the production image?
The cloud provider
The customer team
The runtime vendor
The audit firm
Answer explanation
The contract assigns image contents to the customer. Host OS and runtime patches belong to the provider, but libraries baked into a customer image are the customer's job.
Tags
Blooms Level: Apply
3.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
The vulnerable library sat inside the customer-built image in production for 40 days before the audit surfaced it. Which control, if implemented by the customer, would most directly have shortened that 40-day exposure window?
Continuous container image vulnerability scanning integrated into the registry and CI/CD pipeline
Enabling the cloud provider's host operating system patch management service
Tightening identity role bindings on the container workload
Adding a network policy to restrict east-west traffic between containers
Answer explanation
The gap illustrated by the 40-day dwell time is a failure to discover the flaw in the customer-built image; automated image scanning in the registry and pipeline is the control that detects vulnerable libraries so patches can follow. Host OS patching is the provider's duty per the contract, and identity or network controls do not reveal vulnerable image contents.
Tags
Blooms Level: Apply
4.
OPEN ENDED QUESTION
3 mins • Ungraded
Name one process the customer team could add to catch vulnerable libraries in their images before the images reach production.
Evaluate responses using AI:
OFF
Tags
Blooms Level: Apply
5.
PASSAGE QUESTION
30 sec • 1 pt
An OT security lead at a bottling plant finds that programmable logic controllers on the filling line share the same VLAN as office printers and employee laptops. The controllers run firmware from 2014 that the vendor no longer updates. An engineer recently connected a laptop to the controller VLAN to pull production data into a spreadsheet on the corporate file share.
6.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Which observed condition creates the strongest case for isolating the controllers on a dedicated network?
Printer driver version
Unpatchable 2014 firmware
Spreadsheet file format
VLAN naming scheme
Answer explanation
Firmware the vendor no longer updates cannot be patched, so compensating controls like isolation carry the risk. The printer and spreadsheet details are not the core threat driver.
Tags
Blooms Level: Analyze
7.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
The engineer's laptop-to-controller connection most directly violates which network design principle?
Load balancing
Port mirroring
Separation of OT and IT
Dynamic routing
Answer explanation
Bridging a corporate laptop into the controller VLAN collapses the boundary between OT and IT traffic. Load balancing and routing are unrelated to that boundary.
Tags
Blooms Level: Analyze
Access all questions and much more by creating a free account
Create resources
Host any resource
Get auto-graded reports
Continue with Google
Continue with Email
Continue with Classlink
Continue with Clever
or continue with
Microsoft
%20(1).png)
Apple
Others
Already have an account?
