WGU D315 Network and Security foundation Exam
Preparation Questions and Assured Success
Solutions Newly updates 2024/2025
Which type of firewall technology reads and analyzes the actual content of a message
before forwarding to its destination? - correct answer Proxy servers
An organization's IT department is concerned that malicious insiders may be using
elevated access rights. Which security control can be used to draw attacks away from
critical systems? - correct answer Honeypots
What is end-to-end encryption? - correct answer Data is encrypted on the sender's
system and only the recipient is able to decrypt it.
Which phrase describes unencrypted data? - correct answer In the clear
An adminstrator fails to configure protection for usernames and passwords transmitted
across the network. Which component of the AAA model is weakened? - correct
answer Authentication
A user is mistakenly granted access to customer accounts not required for his duties.
Which component of the AAA model is violated? - correct answer Authorization
Blue Team - correct answer The defensive team in a penetration test or incident
response exercise.
Red Team - correct answer The "hostile" or attacking team in a penetration test or
incident response exercise.
White Team - correct answer A neutral team of employees acting as observers,
referees, and judges between a red team and a blue team.
,Purple Team - correct answer A mode of penetration testing where red and blue teams
share information and collaborate throughout the engagement.
White Hat Hacker - correct answer Someone who uncovers computer weaknesses
without exploiting them. The goal of the white hat hacker is to improve system security.
Ethical Hacker
Black Hat - correct answer A hacker who exposes vulnerabilities for
financial gain or for some malicious purpose.
Gray Hat Hacker - correct answer This in-between hacker uses illegal and/or unethical
means to discover a system's security vulnerabilities. Don't have permission to hack but
may not be malicious
Script Kiddies - correct answer Individuals who want to break into computers to create
damage, yet lack the advanced knowledge of computers and networks needed to do so.
Malware - correct answer software that is intended to damage or disable computers
and computer systems. Any malicious code
Phishing - correct answer An attack that sends an email or displays a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick
the user into surrendering private information
Wiretapping - correct answer attacker listens to the network activity so that they can
capture information and data packets off the network
Packet Sniffing - correct answer Allows you to obtain anything being sent over a
network if the data being transmitted isn't encrypted
, Port Scanning Attack - correct answer An attack where an attacker scans your systems
to see which ports are listening in an attempt to find a way to gain unauthorized access.
SQL injection attack - correct answer inserting a malicious SQL query in input such
that it is passed to and executed by an application program
Buffer Overflow Attack - correct answer Inputting so much data that the input buffer
overflows. The overflow contains code that takes control of the computer.
Spoofing Attack - correct answer An attempt by someone or something to masquerade
as someone else.
Man-in-the-Middle Attack (MITM) - correct answer A hacker placing himself between a
client and a host to intercept network traffic; also called session hijacking.
Denial of Service (DoS) - correct answer Security problem in which users are not able
to access an information system; can be caused by human errors, natural disaster, or
malicious activity.
Ping Flood Attack - correct answer Ping utility used to send large number of echo
request messages and overwhelms server
Smurf Attack (ICMP Flood) - correct answer Sends a forged ICMP echo-request
packet to the broadcast address of a large IP subnet and all computers on the network
reply to the victim
social engineering attack - correct answer A type of attack where the goal is to obtain
sensitive data, including user names and
passwords, from network users through
deception and trickery.
Preparation Questions and Assured Success
Solutions Newly updates 2024/2025
Which type of firewall technology reads and analyzes the actual content of a message
before forwarding to its destination? - correct answer Proxy servers
An organization's IT department is concerned that malicious insiders may be using
elevated access rights. Which security control can be used to draw attacks away from
critical systems? - correct answer Honeypots
What is end-to-end encryption? - correct answer Data is encrypted on the sender's
system and only the recipient is able to decrypt it.
Which phrase describes unencrypted data? - correct answer In the clear
An adminstrator fails to configure protection for usernames and passwords transmitted
across the network. Which component of the AAA model is weakened? - correct
answer Authentication
A user is mistakenly granted access to customer accounts not required for his duties.
Which component of the AAA model is violated? - correct answer Authorization
Blue Team - correct answer The defensive team in a penetration test or incident
response exercise.
Red Team - correct answer The "hostile" or attacking team in a penetration test or
incident response exercise.
White Team - correct answer A neutral team of employees acting as observers,
referees, and judges between a red team and a blue team.
,Purple Team - correct answer A mode of penetration testing where red and blue teams
share information and collaborate throughout the engagement.
White Hat Hacker - correct answer Someone who uncovers computer weaknesses
without exploiting them. The goal of the white hat hacker is to improve system security.
Ethical Hacker
Black Hat - correct answer A hacker who exposes vulnerabilities for
financial gain or for some malicious purpose.
Gray Hat Hacker - correct answer This in-between hacker uses illegal and/or unethical
means to discover a system's security vulnerabilities. Don't have permission to hack but
may not be malicious
Script Kiddies - correct answer Individuals who want to break into computers to create
damage, yet lack the advanced knowledge of computers and networks needed to do so.
Malware - correct answer software that is intended to damage or disable computers
and computer systems. Any malicious code
Phishing - correct answer An attack that sends an email or displays a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick
the user into surrendering private information
Wiretapping - correct answer attacker listens to the network activity so that they can
capture information and data packets off the network
Packet Sniffing - correct answer Allows you to obtain anything being sent over a
network if the data being transmitted isn't encrypted
, Port Scanning Attack - correct answer An attack where an attacker scans your systems
to see which ports are listening in an attempt to find a way to gain unauthorized access.
SQL injection attack - correct answer inserting a malicious SQL query in input such
that it is passed to and executed by an application program
Buffer Overflow Attack - correct answer Inputting so much data that the input buffer
overflows. The overflow contains code that takes control of the computer.
Spoofing Attack - correct answer An attempt by someone or something to masquerade
as someone else.
Man-in-the-Middle Attack (MITM) - correct answer A hacker placing himself between a
client and a host to intercept network traffic; also called session hijacking.
Denial of Service (DoS) - correct answer Security problem in which users are not able
to access an information system; can be caused by human errors, natural disaster, or
malicious activity.
Ping Flood Attack - correct answer Ping utility used to send large number of echo
request messages and overwhelms server
Smurf Attack (ICMP Flood) - correct answer Sends a forged ICMP echo-request
packet to the broadcast address of a large IP subnet and all computers on the network
reply to the victim
social engineering attack - correct answer A type of attack where the goal is to obtain
sensitive data, including user names and
passwords, from network users through
deception and trickery.
