WGU D315 60Q Test Prep

Test report on all 60 Qs with all answers corrected, this is the test with all the answers correct, I don't know what I missed, these are all correct answers.

A network is being created for an office, and there is a need for a router that manages internal network connections with no contact with the internet. Which type of router is needed?

Core router

An IT manager is designing a new network and needs a device that connects multiple networks. Which device is needed?

Router

A network in a small office building connects all devices using wired connections with a star topology. Which type of network is described?

LAN

An executive uses Bluetooth to connect a laptop, a mobile phone, and a headset. Which type of network is described?

PAN

A city uses fiber optic cable to connect smaller networks throughout the whole city. Which type of network is described?

MAN

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to query DNS servers to resolve domain names to IP addresses. Which command in Windows should be used for this purpose?

nslookup

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to determine which ports have an active connection. Which command in Windows should be used for this purpose?

netstat -an

In the process of setting up a Linux-based network system, a technician needs to view network interfaces and their settings. Which command should be used?

ifconfig

A person is troubleshooting a network issue and needs to test DNS connectivity. Which Linux command should be used?

nslookup

What is the TCP/IP layer that includes the Hypertext Transfer Protocol (HTTP)?

Application

Which layer of the TCP/IP model includes the Internet Message Access Protocol (IMAP)?

Application

Which layer of the TCP/IP model includes the Post Office Protocol (POP)?

Application

Which OSI model layer is responsible for breaking data into packets?

Transport

What is the layer of the OSI model that is responsible for properly transmitting data packets?

Transport

What is the OSI model layer that includes the IPX?

Network

What is the OSI model layer that includes the UDP?

Transport

Which layer of the OSI model includes the TELNET?

Application

A company uses cloud service to manage its IT resources. The underlying hardware resources are shared by other companies as well. What is the cloud deployment model described in the scenario?

Public

An organization uses one cloud service provider for data management and another service provider for development platforms. What is the cloud deployment model described in the scenario?

Multi

A company needs to maximize the number of virtual machines that can run on each host. Which hypervisor should be used?

Type 1

A developer has an existing computer with an operating system. The developer wants to use a hypervisor to have access to several virtual machines for a specific project. Which form of hypervisor fits the need described in the scenario?

Type 2

An attacker gains unauthorized access to a computer and modifies browser security settings. What is the purpose of the attack?

Data modification

An attacker uses a trojan horse to forward usernames and passwords to an anonymous email address. What is the purpose of the attack?

Data export

A hacker purposefully breaks IT security to gain unauthorized access to systems and publish sensitive data. Which term describes the given hacker?

Black-hat

A hacker acts as an information system security professional who is hired to perform penetration testing. Which term describes the given hacker?

White-hat

An organization is the victim of an attack in which an attacker uses a software program to try all possible combinations of a password and user ID. What is the type of cyberattack described in this scenario?

Brute-force attack

A data breach exposed usernames and passwords to customer accounts of an online retailer. An attacker uses the exposed data to attempt to access accounts of another online retailer. Which malicious attack strategy is represented in the scenario?

Credential stuffing

An attacker uses a list of commonly used access credentials to attempt to gain access to an online account. Which type of cyberattack is described?

Dictionary attack

An organization is the victim of an attack in which an attacker tries to gain access to a system by disguising their computer as another computer. What is the type of cyberattack described in this scenario?

IP address spoofing

An organization is the victim of an attack in which an attacker uses a program to take control of a connection by pretending to be each end of the connection. What is the type of cyberattack described in this scenario?

Session hijacking

An attacker intercepts messages between two parties before transferring them on to the correct destination. Which type of cyberattack is described?

Man-in-the-middle attack

An attacker uses a false identification to gain physical access to IT infrastructure. Which malicious attack strategy is represented in the scenario?

Social engineering

An attacker sends emails claiming that an online account has been locked. The email provides a fake link with the goal of tricking the users into providing login credentials. Which type of cyberattack is described?

Phishing

An organization is the victim of an attack in which an attacker uses a DNS poisoning strategy to direct users from a legitimate website to the attacker's website. What is the type of cyberattack described in this scenario?

Pharming

Which component of the IT security CIA triad implies that not all users are authorized to access data?

Confidentiality

Which CIA triad component is a driver for enabling data encryption?

Confidentiality

Which component of the IT security CIA triad is a driver for implementing audit and monitoring controls?

Confidentiality

Which component of the IT security CIA triad requires that the network time protocol and domain name system servers be enabled and fully operational?

Availability

What is an example of a violation of the CIA triad component confidentiality?

A company stores sensitive customer data without access controls.

What is an example of a violation of the CIA triad component availability?

A new employee has not been issued access credentials to the company's network for needed information.

A company uses hash value comparisons to determine if the data in a database has changed. What is the CIA triad component targeted in the scenario?

Integrity

A company is updating the devices it provides to employees to ensure that each employee has consistent network access. What is the CIA triad component targeted in the scenario?

Availability

A development team is designing a web application. The team is considering possible errors and exceptions. The team is committed to protecting sensitive information above all else in the event of an error or exception. What is the security principle implemented in this scenario? Fail-safe

An organization is designing an information system dashboard that can be customized for various departments. The goal is to make the dashboard intuitive, user-friendly, and secure. Which design principle for security is being incorporated?

Human-centeredness

After discovering that employees have been circumventing session timeouts for a company's internal network, the company is holding meetings to inform employees of the motivation behind the timeouts and risks involved in the workaround. Which security principle is demonstrated in this scenario?

Psychological acceptability

An organization needs to define a data classification standard and designate the assets that are critical to the organization's mission. Which type of policy should be used?

Asset classification policy

A company needs to specify security operations and management of all IT assets within the seven domains of the IT infrastructure. Which type of policy should be used?

Asset management policy

An organization has experienced war chalking in the past and wants to take actions to mitigate this type of attack. What should this organization do?

Use Wi-Fi Protected Access 2 (WPA2)

A company is specifically worried about DoS/DDoS attacks. Which strategy should be used as a mitigation against this type of attack?

Monitor normal traffic patterns

An organization uses an access control in which employees working in similar categories are grouped together and given the same permissions. What is the form of access control involved in this scenario?

Role-based

An organization is implementing an advanced firewall that analyzes packets and how packets are grouped together. Which type of access control is involved?

Context-based

A company set up a firewall to analyze network traffic, considering each packet and how groups of packets are used. What is the form of access control involved in this scenario? Context-based

A company is developing a data protection methodology in order to improve data protection measures. What is a strategy that should be used?

Implement authentication methodologies

After a series of attacks, an organization needs to bolster its data protection measures. Which strategy should be used to increase data protection?

Use transport level encryption

When assigned to a new project, a user is given temporary permissions as an editor. Which network security concept does this scenario address?

Authorization

A financial company requires a manager to verify any changes made to a client's electronic profile made by an employee. What is the principle used to address accounting in this situation?

Separation of duties

In order to prevent insider attacks, a company requires participation from at least two users to perform critical tasks. Which principle is used to address accounting in the scenario?

Separation of duties

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation? Disclose how personal identifiable information is used

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation? Implement appropriate security safeguards for stored personal data

A company is creating an information security policy document with many sub-policies. Which information should be included for each sub-policy to ensure the policy is clear and comprehensive?

Compliance requirements the sub-policy is designed to meet