Free WGU Network-and-Security-Foundation Practice Exam with Questions & Answers

Adictionary attackis a password-cracking method that systematically tries common words, phrases, and predictable passwords (e.g., "password123", "admin2024") to gain access to an account. Attackers often compile large lists of weak or reused passwords.

Phishingtricks users into revealing passwords but does not systematically test multiple words.

Credential stuffinguses breached passwords rather than guessing from a list.

Social engineeringmanipulates users but does not rely on automated password attempts.

AType 2 hypervisor(hosted hypervisor) runs on top of an existing operating system and allows for the creation of virtual machines. Examples include VMware Workstation and Oracle VirtualBox.

Type 1 hypervisorsrun directly on hardware without an OS (e.g., VMware ESXi, Microsoft Hyper-V).

Open-source and proprietarydescribe licensing models, not hypervisor types.

Alaunch point attackoccurs when an attacker compromises a system and uses it as a foothold to spread malware, conduct reconnaissance, or launch further attacks against other systems. Botnets and command-and-control (C2) servers operate this way.

Denial of availabilitydisrupts service, but does not spread attacks.

Data exportsteals data instead of launching further attacks.

Data modificationchanges existing information but does not involve propagating threats.

This describes aransomware attack, which falls underdenial of availabilitybecause it prevents users from accessing their data or systems until a ransom is paid. Attackers use encryption to lock files, disrupting operations.

Data modificationrefers to unauthorized changes to information.

Data exportinvolves stealing data rather than disabling access.

Launch pointdescribes an attacker's use of a compromised system to attack others.

Session hijackingoccurs when an attacker takes over an established connection between two devices, often by stealing session tokens or manipulating network traffic. This allows the attacker to impersonate a legitimate user and gain unauthorized access.

Dictionary attackinvolves password guessing, not hijacking active connections.

Social engineeringtricks users into providing information but does not hijack sessions.

IP address spoofingdisguises the attacker's identity but does not necessarily take over a session.

UnderGDPR, individuals have the right to:

Accesstheir personal data

Request modifications or deletions(right to be forgotten)

Restrict processing of their data

Companies must also ensuretransparency and data protectionby implementing encryption and security controls.

Compensating individualsis not a GDPR requirement.

Disclosing security softwareis not mandatory, only security measures in place.

Notifying individuals every time data is viewedis unnecessary unless required by a breach.

AWireless Local Area Network (WLAN)enables wireless connectivity within a defined geographic area, such as a library, office, or coffee shop. WLANs use Wi-Fi technology to allow users to access the internet without physical cables.

Storage Area Networks (SANs)are used for data storage and do not provide internet connectivity to users.

Metropolitan Area Networks (MANs)cover larger areas, such as cities, and are not used within a single building.

Personal Area Networks (PANs)connect personal devices like smartphones and laptops over short distances, such as via Bluetooth, but do not support public internet access.

Thenetstatcommand in Linux displays active network connections, listening ports, and network statistics. It is useful for diagnosing network issues and identifying open connections.

nslookupis for DNS queries.

digprovides DNS information, not network connection status.

ifconfigshows network interface details but does not list active connections.

Enhancing physical resource securityensures that servers, networking devices, and data storage facilities are protected from unauthorized physical access, theft, or tampering. This includes measures like biometric authentication, surveillance, and restricted access zones.

Using a variable network topologydoes not directly protect data.

Increasing wireless access point rangemay improve connectivity but does not enhance security.

WEPis weak and should not be used for data protection.

Confidentialityensures that sensitive information is only accessible to authorized individuals.Role-Based Access Control (RBAC)enforces confidentiality by restricting access based on a user's role within an organization, ensuring that only authorized users can view or modify certain data.

Integrityensures data is not altered improperly.

Availabilityensures access to resources but does not manage permissions.

Consistencyis not a CIA triad component.