Free Practice Questions for WGU Network-and-Security-Foundation Exam

Restricting physical accessto data storage facilities is a critical part of database security. Even with strong cybersecurity measures,unauthorized physical accessto servers can lead to breaches. Security strategies includebiometric authentication, surveillance cameras, and restricted entry zones.

Disclosing breachesis required by compliance laws but does not protect data proactively.

Developing algorithmsimproves security but is not a fundamental checklist item.

Outsourcing data managementcan introduce security risks if not properly controlled.

ABus topologyis a network setup in which all devices share a single communication channel (central wire), and data is transmitted along this cable. Each device listens for data but only processes packets addressed to it. This topology was widely used in older Ethernet networks.

Star topologyuses a central switch or hub, not a shared wire.

Point-to-point topologyinvolves a direct link between two devices, not multiple devices sharing a medium.

Ring topologyconnects each device to two adjacent devices in a circular path, not a single shared bus.

Adictionary attackis a password-cracking method that systematically tries common words, phrases, and predictable passwords (e.g., "password123", "admin2024") to gain access to an account. Attackers often compile large lists of weak or reused passwords.

Phishingtricks users into revealing passwords but does not systematically test multiple words.

Credential stuffinguses breached passwords rather than guessing from a list.

Social engineeringmanipulates users but does not rely on automated password attempts.

Thedigcommand in Linux is used for DNS troubleshooting. It queries DNS records and provides detailed information about domain name resolutions.

traceroutetracks the path packets take to a destination but does not diagnose DNS.

netstatlists active connections, not DNS records.

ifconfigis used for managing network interfaces.

AType 1 hypervisor(bare-metal hypervisor) runs directly on the hardware, providing better security and efficiency compared to Type 2 hypervisors. It reduces attack surfaces and optimizes resource utilization. Examples include VMware ESXi and Microsoft Hyper-V.

Type 2 hypervisorsrely on a host OS, making them less secure and efficient.

Open-source and proprietarydescribe licensing models, not hypervisor types.

Availabilityensures that systems, applications, and data remain accessible and operational for authorized users when needed. Organizations implement redundancy, failover mechanisms, and backup systems to maintain availability.

Integrityensures that data remains accurate and unchanged.

Confidentialityprotects sensitive data from unauthorized access.

Innovationis not a component of the CIA triad.

UnderGDPR, individuals have the right to:

Accesstheir personal data

Request modifications or deletions(right to be forgotten)

Restrict processing of their data

Companies must also ensuretransparency and data protectionby implementing encryption and security controls.

Compensating individualsis not a GDPR requirement.

Disclosing security softwareis not mandatory, only security measures in place.

Notifying individuals every time data is viewedis unnecessary unless required by a breach.

Social engineeringinvolves manipulating people into divulging confidential information, often by impersonation, deception, or psychological tactics. Using aforged ID cardto gain trust and extract sensitive information is a classic example of social engineering.

Brute-force attackattempts to guess passwords through automated methods.

Man-in-the-middle attackintercepts communication but does not rely on deception.

Pharmingtricks users into visiting fraudulent websites but does not involve impersonation.