WGU D482 PERFOMANCE ASSESSMENT
(SECURE NETWORK DESIGN) EXAM 2025
1. Explain how a static filtering firewall operates in relation to the
provided access control list (ACL) configuration.
It dynamically adjusts rules based on traffic patterns.
It allows or blocks traffic based solely on the source
and destination IP addresses and ports.
It monitors user behavior to prevent unauthorized access.
It encrypts data to ensure confidentiality during transmission.
2. Which of the following activities applies to system
hardening? Disable unnecessary server services
Access control and least privilege for users
Use strong access control, such as two factor authentication
Timely patch systems
All of the above
3. What is the primary purpose of implementing an Access Control List (ACL)
in network security?
To encrypt data stored on hard drives
To restrict or allow traffic based on predefined rules
To monitor user activity on the network
To provide a virtual private network connection
4. What is the principle of least privilege in cybersecurity?
A policy that allows users to access all system resources without
restrictions.
, A security measure that restricts user access to only the
resources necessary for their job functions.
A method for encrypting sensitive data on hard drives.
A technique for monitoring network traffic for suspicious activity.
5. Which of the following is a major reason that social engineering
attacks succeed?
Audit logs are not monitored frequently
Lack of security awareness
Strong passwords are not required
Multiple logins are allowed
6. A recent security audit had a finding of your VPN allowing split tunneling.
The auditors preferred to require full tunneling on the VPN. What
security risk are the auditors attempting to mitigate?
Split-tunnel VPNs can avoid external e-mail filtering by sending e-
mails through directly to the main corporate e-mail server.
Attacks that come from the public network could be routed
through the endpoint and potentially bypass network perimeter
controls of the organization.
The user's corporate Active Directory (AD) credentials can leak out
of the split tunnel and be exposed to the Internet.
The VPN will bypass all network intrusion detection and prevention
technologies as the host is on a trusted network segment.
7. Explain how a demilitarized zone (DMZ) contributes to the overall security
of a network.
It allows all traffic to flow freely between internal and external
networks.
It serves as a buffer zone that separates the internal network from
external access, reducing the risk of attacks.
, It encrypts all data transmitted between the internal and external
networks.
It provides direct access to internal servers for external users.
8. What form of VPN is based on a Transport-layer standard for encryption
that is commonly used for Application-layer protocol protection?
SSL VPN
IPSec VPN
PPTP VPN
L2TP VPN
9. A server administrator is trying to encrypt web traffic for customers
outside of their organization. Which of the following protocols is the
best to
implement?
Transport layer security (TLS)
Secure Shell (SSH)
IPsec
Secure Sockets Layer (SSL)
10. Gina is the firewall administrator for a small business and recently
installed a new firewall. After seeing signs of unusually heavy network
traffic, she checked the intrusion detection system, which reported that a
fraggle
attack was underway. What firewall configuration change can Gina make
to most effectively prevent this attack?
Block ICMP echo reply packets from entering the network.
Block UDP port 7 and 19 traffic from entering the network.
Block the destination address of the attack.
11. What is the primary purpose of a certificate authority in the context
of online security?
, To encrypt data transmitted over the internet
To issue digital certificates that verify the identity of websites
To monitor network traffic for suspicious activity
To provide user training on cybersecurity best practices
12. An IT administrator wants to provide 250 staff with secure remote
access to the corporate network. Which of the following BEST achieves
this
requirement?
Software-based firewall
Mandatory Access Control (MAC)
VPN concentrator
Web security gateway
13. If a new system is being developed without proper security reviews,
what potential risks could arise from this oversight, particularly in
relation to
user data access?
Increased user satisfaction due to streamlined processes.
Unauthorized access to sensitive data, leading to data breaches.
Enhanced performance of the system due to fewer security
checks.
Improved collaboration among users due to open data access.
14. A company has two offices in different cities that need to share sensitive
data securely while maintaining visibility of their VLANs. If the company
decides to implement L2TP, what additional security measure should
they consider to enhance the confidentiality of the data being
transmitted?
Implementing a firewall at both locations
Using a Virtual Private Network (VPN) with encryption
(SECURE NETWORK DESIGN) EXAM 2025
1. Explain how a static filtering firewall operates in relation to the
provided access control list (ACL) configuration.
It dynamically adjusts rules based on traffic patterns.
It allows or blocks traffic based solely on the source
and destination IP addresses and ports.
It monitors user behavior to prevent unauthorized access.
It encrypts data to ensure confidentiality during transmission.
2. Which of the following activities applies to system
hardening? Disable unnecessary server services
Access control and least privilege for users
Use strong access control, such as two factor authentication
Timely patch systems
All of the above
3. What is the primary purpose of implementing an Access Control List (ACL)
in network security?
To encrypt data stored on hard drives
To restrict or allow traffic based on predefined rules
To monitor user activity on the network
To provide a virtual private network connection
4. What is the principle of least privilege in cybersecurity?
A policy that allows users to access all system resources without
restrictions.
, A security measure that restricts user access to only the
resources necessary for their job functions.
A method for encrypting sensitive data on hard drives.
A technique for monitoring network traffic for suspicious activity.
5. Which of the following is a major reason that social engineering
attacks succeed?
Audit logs are not monitored frequently
Lack of security awareness
Strong passwords are not required
Multiple logins are allowed
6. A recent security audit had a finding of your VPN allowing split tunneling.
The auditors preferred to require full tunneling on the VPN. What
security risk are the auditors attempting to mitigate?
Split-tunnel VPNs can avoid external e-mail filtering by sending e-
mails through directly to the main corporate e-mail server.
Attacks that come from the public network could be routed
through the endpoint and potentially bypass network perimeter
controls of the organization.
The user's corporate Active Directory (AD) credentials can leak out
of the split tunnel and be exposed to the Internet.
The VPN will bypass all network intrusion detection and prevention
technologies as the host is on a trusted network segment.
7. Explain how a demilitarized zone (DMZ) contributes to the overall security
of a network.
It allows all traffic to flow freely between internal and external
networks.
It serves as a buffer zone that separates the internal network from
external access, reducing the risk of attacks.
, It encrypts all data transmitted between the internal and external
networks.
It provides direct access to internal servers for external users.
8. What form of VPN is based on a Transport-layer standard for encryption
that is commonly used for Application-layer protocol protection?
SSL VPN
IPSec VPN
PPTP VPN
L2TP VPN
9. A server administrator is trying to encrypt web traffic for customers
outside of their organization. Which of the following protocols is the
best to
implement?
Transport layer security (TLS)
Secure Shell (SSH)
IPsec
Secure Sockets Layer (SSL)
10. Gina is the firewall administrator for a small business and recently
installed a new firewall. After seeing signs of unusually heavy network
traffic, she checked the intrusion detection system, which reported that a
fraggle
attack was underway. What firewall configuration change can Gina make
to most effectively prevent this attack?
Block ICMP echo reply packets from entering the network.
Block UDP port 7 and 19 traffic from entering the network.
Block the destination address of the attack.
11. What is the primary purpose of a certificate authority in the context
of online security?
, To encrypt data transmitted over the internet
To issue digital certificates that verify the identity of websites
To monitor network traffic for suspicious activity
To provide user training on cybersecurity best practices
12. An IT administrator wants to provide 250 staff with secure remote
access to the corporate network. Which of the following BEST achieves
this
requirement?
Software-based firewall
Mandatory Access Control (MAC)
VPN concentrator
Web security gateway
13. If a new system is being developed without proper security reviews,
what potential risks could arise from this oversight, particularly in
relation to
user data access?
Increased user satisfaction due to streamlined processes.
Unauthorized access to sensitive data, leading to data breaches.
Enhanced performance of the system due to fewer security
checks.
Improved collaboration among users due to open data access.
14. A company has two offices in different cities that need to share sensitive
data securely while maintaining visibility of their VLANs. If the company
decides to implement L2TP, what additional security measure should
they consider to enhance the confidentiality of the data being
transmitted?
Implementing a firewall at both locations
Using a Virtual Private Network (VPN) with encryption
