Pass the WGU Courses and Certificates Network-and-Security-Foundation Questions and answers with ExamsMirror

TheTransport layer(Layer 4 of the OSI model) includes theTransmission Control Protocol (TCP), which provides reliable, connection-oriented communication. TCP ensures error-checking, sequencing, and retransmission of lost packets.

Application layerdeals with end-user protocols like HTTP and FTP.

Session layermanages communication sessions but not transport protocols.

Network layerfocuses on IP addressing and routing, not transport mechanisms.

Configuring switch port tracinghelps detect unauthorized devices, such as rogue access points, that are connected to the network. Network administrators can useport securityandintrusion detection systems (IDS)to monitor and block unauthorized access points.

Decreasing wireless rangemay limit exposure but does not actively detect rogue APs.

Disabling unnecessary servicesimproves security but does not prevent rogue APs.

Monitoring traffic patternshelps detect anomalies but does not directly stop rogue APs.

Platform as a Service (PaaS)provides a pre-configured computing environment that includes an operating system, runtime, and development tools, making it ideal for developers who want a ready-to-use platform. Examples include Google App Engine and Microsoft Azure App Services.

SaaSprovides fully hosted applications, not just pre-configured virtual machines.

IaaSprovides infrastructure without pre-installed software.

FaaSexecutes specific functions without persistent infrastructure.

IP address spoofingis a cyberattack where an attacker disguises their system by falsifying its IP address, making it appear as a trusted device in a network. This technique is used for bypassing security controls, launching denial-of-service (DoS) attacks, or impersonating legitimate users.

Pharmingredirects users to fake websites to steal credentials.

Man-in-the-middle attackintercepts communications between two parties.

Session hijackingtakes over an active session but does not involve falsifying an IP address.

Session hijackingoccurs when an attacker takes over an established connection between two devices, often by stealing session tokens or manipulating network traffic. This allows the attacker to impersonate a legitimate user and gain unauthorized access.

Dictionary attackinvolves password guessing, not hijacking active connections.

Social engineeringtricks users into providing information but does not hijack sessions.

IP address spoofingdisguises the attacker's identity but does not necessarily take over a session.

Availabilityensures that systems, applications, and data remain accessible and operational for authorized users when needed. Organizations implement redundancy, failover mechanisms, and backup systems to maintain availability.

Integrityensures that data remains accurate and unchanged.

Confidentialityprotects sensitive data from unauthorized access.

Innovationis not a component of the CIA triad.

Data modification attacksinvolve unauthorized changes to stored data, altering information to mislead, disrupt, or destroy integrity. Attackers may modify logs, transactions, or records for fraud or sabotage.

Launch pointis when a system is used to attack others.

Data exportis the theft of data.

Denial of availabilitymakes data inaccessible, but does not necessarily modify it.

Social engineeringinvolves manipulating people into divulging confidential information, often by impersonation, deception, or psychological tactics. Using aforged ID cardto gain trust and extract sensitive information is a classic example of social engineering.

Brute-force attackattempts to guess passwords through automated methods.

Man-in-the-middle attackintercepts communication but does not rely on deception.

Pharmingtricks users into visiting fraudulent websites but does not involve impersonation.

Pharmingis an attack that manipulates theDomain Name System (DNS)to redirect users to fraudulent websites without their knowledge. Attackers poison DNS records or compromise routers to reroute traffic to malicious sites designed to steal information.

Brute-force attackinvolves password guessing, not domain manipulation.

IP address spoofingdisguises a device’s identity but does not alter DNS records.

Session hijackingtakes over active user sessions but does not redirect websites.

Theeconomy of mechanismprinciple states that security systems should beas simple and small as possible. Reducing complexity makes security mechanisms easier to understand, audit, and defend against attacks.

Least common mechanismreduces shared resources to limit security risks.

Least privilegerestricts access based on necessity.

Zero-trust modelassumes no implicit trust in users or devices.