WGU Network-and-Security-Foundation Network-and-Security-Foundation Exam Practice Test

This describes aransomware attack, which falls underdenial of availabilitybecause it prevents users from accessing their data or systems until a ransom is paid. Attackers use encryption to lock files, disrupting operations.

Data modificationrefers to unauthorized changes to information.

Data exportinvolves stealing data rather than disabling access.

Launch pointdescribes an attacker's use of a compromised system to attack others.

Enhancing physical resource securityensures that servers, networking devices, and data storage facilities are protected from unauthorized physical access, theft, or tampering. This includes measures like biometric authentication, surveillance, and restricted access zones.

Using a variable network topologydoes not directly protect data.

Increasing wireless access point rangemay improve connectivity but does not enhance security.

WEPis weak and should not be used for data protection.

This scenario describes adata exportattack, where an attacker steals sensitive information (e.g., personal data, trade secrets, or financial records) and transfers it to another entity, often for malicious purposes.

Launch pointrefers to using a compromised system for further attacks.

Denial of availabilitydisrupts access to resources.

Data modificationinvolves unauthorized changes rather than theft.

Social engineeringinvolves manipulating people into divulging confidential information, often by impersonation, deception, or psychological tactics. Using aforged ID cardto gain trust and extract sensitive information is a classic example of social engineering.

Brute-force attackattempts to guess passwords through automated methods.

Man-in-the-middle attackintercepts communication but does not rely on deception.

Pharmingtricks users into visiting fraudulent websites but does not involve impersonation.

AType 1 hypervisor(bare-metal hypervisor) runs directly on the hardware, providing better security and efficiency compared to Type 2 hypervisors. It reduces attack surfaces and optimizes resource utilization. Examples include VMware ESXi and Microsoft Hyper-V.

Type 2 hypervisorsrely on a host OS, making them less secure and efficient.

Open-source and proprietarydescribe licensing models, not hypervisor types.

PIPEDArequires businesses in Canada to protectpersonal informationthrough security measures andproper disposal practices. This includessecure deletion of personal data when no longer neededto prevent unauthorized access.

Compensating individuals for data salesis not a legal requirement.

Notifying individuals of each data accessis unnecessary unless required by a breach.

Disclosing security softwareis not mandated by PIPEDA.

Theipconfigcommand in Windows provides details about a computer's network adapters, including IP addresses, subnet masks, default gateways, and DNS settings. It is particularly useful for troubleshooting connectivity issues.

traceroute(or tracert in Windows) is used to trace the path packets take to a destination.

nslookupis used for querying DNS records.

netstatprovides details about active network connections and listening ports, but not adapter configurations.

TheApplication layer(Layer 7 of the OSI model) includesHypertext Transfer Protocol (HTTP), which is used for web communication. This layer provides network services directly to applications and users.

Network layerdeals with IP addressing and packet routing.

Session layermanages connections but does not include HTTP.

Transport layerensures reliable data transmission but does not handle application protocols.

Confidentialityensures that sensitive information is protected from unauthorized access.Encryptionis a key mechanism used to maintain confidentiality by converting readable data into a secure format that can only be accessed with a decryption key.

Integrityensures data is not altered improperly but does not directly relate to encryption.

Availabilityfocuses on system uptime and accessibility.

Applicationis not a component of the CIA triad.

Anaccess point (AP)is a network device that extends the coverage of a wireless network by acting as a bridge between wired and wireless devices. It allows users to connect to a network without needing a direct wired connection. APs are particularly useful in large office spaces where Wi-Fi signals may not reach all areas.

Routersprimarily manage network traffic but do not directly extend network range unless they include built-in AP functionality.

Serversare used for hosting applications and storing data but do not extend network connectivity.

Switchesconnect wired devices within a local network but do not extend wireless network range.

ARing topologyis a network setup where each device is connected to two adjacent devices, forming a circular path for data transmission. This topology ensures that data travels in a single orbidirectional loop.

Point-to-pointtopology refers to a direct connection between two devices without forming a larger network structure.

Bus topologyhas all devices connected to a single central cable, rather than forming a ring.

Star topologyfeatures a central hub or switch that connects all devices, rather than direct device-to-device links.

AType 2 hypervisor(hosted hypervisor) runs on top of an existing operating system and allows for the creation of virtual machines. Examples include VMware Workstation and Oracle VirtualBox.

Type 1 hypervisorsrun directly on hardware without an OS (e.g., VMware ESXi, Microsoft Hyper-V).

Open-source and proprietarydescribe licensing models, not hypervisor types.

Configuring RADIUS authenticationenhances Wi-Fi security by requiring user authentication before granting access to the network. This prevents unauthorized users from connecting and mitigates risks from rogue access points.

WEPis outdated and insecure; WPA2/WPA3 with RADIUS should be used instead.

A bus topologyis a network design choice, not a security measure.

Avoiding asymmetric encryptionweakens security rather than improving it.

Restricting physical accessto data storage facilities is a critical part of database security. Even with strong cybersecurity measures,unauthorized physical accessto servers can lead to breaches. Security strategies includebiometric authentication, surveillance cameras, and restricted entry zones.

Disclosing breachesis required by compliance laws but does not protect data proactively.

Developing algorithmsimproves security but is not a fundamental checklist item.

Outsourcing data managementcan introduce security risks if not properly controlled.

ABus topologyis a network setup in which all devices share a single communication channel (central wire), and data is transmitted along this cable. Each device listens for data but only processes packets addressed to it. This topology was widely used in older Ethernet networks.

Star topologyuses a central switch or hub, not a shared wire.

Point-to-point topologyinvolves a direct link between two devices, not multiple devices sharing a medium.

Ring topologyconnects each device to two adjacent devices in a circular path, not a single shared bus.

Detecting code vulnerabilitiesthroughregular security audits, code reviews, and static analysis toolshelps prevent buffer overflow attacks. Developers should implementbounds checking,memory-safe programming languages, and input validationto mitigate risks.

Disabling cachingdoes not prevent buffer overflow attacks.

Server-side validationhelps with input security but does not directly address buffer overflows.

Intrusion protection softwaremay detect attacks but does not prevent vulnerabilities in code.

A violation ofintegrityoccurs whendata is modified incorrectly, whether intentionally or by accident. In this case, anemployee modifying a customer account incorrectlydemonstrates a breach of data integrity.

A and Crelate toavailability, as they describe system downtime.

Drelates toconfidentiality, as it describes improper data protection.

Alaunch point attackoccurs when an attacker compromises a system and uses it as a foothold to spread malware, conduct reconnaissance, or launch further attacks against other systems. Botnets and command-and-control (C2) servers operate this way.

Denial of availabilitydisrupts service, but does not spread attacks.

Data exportsteals data instead of launching further attacks.

Data modificationchanges existing information but does not involve propagating threats.