Network-and-Security-Foundation WGU Network-and-Security-Foundation Free Practice Exam Questions (2025 Updated)

TheNetwork or Internet layerof the TCP/IP model is responsible for addressing, routing, and delivering packets across networks. TheInternet Protocol (IP)operates at this layer, ensuring thatdata is correctly routed from the source to the destination.

Physical or network access layerdeals with hardware transmission (e.g., Ethernet, Wi-Fi).

Application layerincludes end-user services (e.g., HTTP, FTP).

Transport layermanages data flow using protocols like TCP and UDP but does not handle IP addressing.

Accounting(also known asauditing or logging) is a network security concept that tracks user activities, includingsuccessful and failed authentication attempts, system changes, and resource access. This helps in detecting and mitigating security breaches.

Authenticationverifies user identity but does not track activity.

Availabilityensures systems remain operational.

Authorizationcontrols user permissions but does not log activities.

TheTransport layerin the TCP/IP model includes theUser Datagram Protocol (UDP)andTransmission Control Protocol (TCP). UDP is a connectionless protocol used for fast, lightweight data transmission where reliability is not the priority (e.g., video streaming, VoIP).

Application layerhandles end-user services but not transport mechanisms.

Network or internet layerdeals with IP addressing and routing, not UDP.

Physical or network access layerconcerns hardware transmission methods.

ARing topologyis a network setup where each device is connected to two adjacent devices, forming a circular path for data transmission. This topology ensures that data travels in a single orbidirectional loop.

Point-to-pointtopology refers to a direct connection between two devices without forming a larger network structure.

Bus topologyhas all devices connected to a single central cable, rather than forming a ring.

Star topologyfeatures a central hub or switch that connects all devices, rather than direct device-to-device links.

Credential stuffingis a cyberattack where attackers use stolen username-password combinations from one breach to try logging into other services, exploiting users who reuse passwords. Automated tools test multiple credentials against multiple sites, leading to unauthorized access.

Brute-force attacksystematically tries all possible passwords but does not use breached data.

Session hijackingintercepts active user sessions but does not use stolen credentials.

Social engineeringmanipulates users into revealing credentials, rather than using breached data.

Integrityin theCIA (Confidentiality, Integrity, Availability) triadensures that data is not altered in an unauthorized manner. In networking, integrity mechanisms such as checksums, message authentication codes (MACs), and digital signatures verify that transmitted data has not been tampered with. If an IP packet has an invalid checksum, the system detects corruption and requests retransmission, ensuring data integrity.

Confidentialityprotects against unauthorized access but does not ensure data consistency.

Availabilityensures that resources are accessible but does not verify data correctness.

Consistencyis not a formal component of the CIA triad.

A violation ofintegrityoccurs whendata is modified incorrectly, whether intentionally or by accident. In this case, anemployee modifying a customer account incorrectlydemonstrates a breach of data integrity.

A and Crelate toavailability, as they describe system downtime.

Drelates toconfidentiality, as it describes improper data protection.

Confidentialityensures that sensitive information is only accessible to authorized individuals.Role-Based Access Control (RBAC)enforces confidentiality by restricting access based on a user's role within an organization, ensuring that only authorized users can view or modify certain data.

Integrityensures data is not altered improperly.

Availabilityensures access to resources but does not manage permissions.

Consistencyis not a CIA triad component.

Theipconfigcommand in Windows provides details about a computer's network adapters, including IP addresses, subnet masks, default gateways, and DNS settings. It is particularly useful for troubleshooting connectivity issues.

traceroute(or tracert in Windows) is used to trace the path packets take to a destination.

nslookupis used for querying DNS records.

netstatprovides details about active network connections and listening ports, but not adapter configurations.

AType 1 hypervisor(bare-metal hypervisor) runs directly on the hardware, providing better security and efficiency compared to Type 2 hypervisors. It reduces attack surfaces and optimizes resource utilization. Examples include VMware ESXi and Microsoft Hyper-V.

Type 2 hypervisorsrely on a host OS, making them less secure and efficient.

Open-source and proprietarydescribe licensing models, not hypervisor types.

Thepingcommand in Linux is used to check network connectivity to a specific hostname or IP address. It sends ICMP Echo Request packets and measures response times.

nslookupis used for DNS lookups, not connectivity testing.

ifconfigdisplays network interface configurations but does not test connectivity.

digis used for detailed DNS queries.

Role-Based Access Control (RBAC)assigns permissions based on a user's role within an organization, such as department, job function, or hierarchy. This ensures that usersonly have access to resources necessary for their duties.

Attribute-based access control (ABAC)considers dynamic attributes like time, location, and device.

Context-based access controlrestricts access based on environmental conditions.

Discretionary access control (DAC)allows data owners to determine access rights.

Psychological acceptabilitystates that security measures should beuser-friendly and not overlyburdensome. If security controls are too complex, users may bypass them, leading to weaker security. In this case, employees used personal email because authentication procedures were too cumbersome.

Zero-trust modelenforces strict access control, not usability.

Least common mechanismlimits shared resources.

Fail-safeensures secure failure handling, not usability.

Configuring RADIUS authenticationenhances Wi-Fi security by requiring user authentication before granting access to the network. This prevents unauthorized users from connecting and mitigates risks from rogue access points.

WEPis outdated and insecure; WPA2/WPA3 with RADIUS should be used instead.

A bus topologyis a network design choice, not a security measure.

Avoiding asymmetric encryptionweakens security rather than improving it.

PIPEDArequires businesses in Canada to protectpersonal informationthrough security measures andproper disposal practices. This includessecure deletion of personal data when no longer neededto prevent unauthorized access.

Compensating individuals for data salesis not a legal requirement.

Notifying individuals of each data accessis unnecessary unless required by a breach.

Disclosing security softwareis not mandated by PIPEDA.

Human-centerednessin security design prioritizesuser experience and productivitywhile implementing security measures. It ensures that security policies are intuitive and do not excessively burden users, reducing resistance to security compliance.

Least common mechanismminimizes shared resources to enhance security.

Fail-safeensures secure defaults in case of system failure.

Zero-trust modelassumes no inherent trust in users or devices.

TheApplication layer(Layer 7 of the OSI model) includesHypertext Transfer Protocol (HTTP), which is used for web communication. This layer provides network services directly to applications and users.

Network layerdeals with IP addressing and packet routing.

Session layermanages connections but does not include HTTP.

Transport layerensures reliable data transmission but does not handle application protocols.