OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • December 4, 2024

Question 21

A security administrator implements a solution that requires users to verify their identity using both a password and a fingerprint. This is an example of which of the following?

A. Single sign-on
B. Two-factor authentication
C. Multi-factor authentication
D. Role-based access control

Correct Answer: C. Multi-factor authentication

Explanation: Multi-factor authentication (MFA) requires users to verify their identity using more than one type of credential, such as something they know (password) and something they are (fingerprint). Single sign-on and role-based access control work differently.

Question 22

Which of the following methods is used to prevent SQL injection attacks by controlling the data input into SQL queries?

A. Data encryption
B. Input validation
C. MAC filtering
D. VPN

Correct Answer: B. Input validation

Explanation: Input validation prevents SQL injection attacks by ensuring that only valid, expected data is used in SQL queries. Other methods, such as encryption and MAC filtering, serve different purposes.

Question 23

An attacker uses a compromised device to flood a network with traffic, disrupting its services. This is an example of which type of attack?

A. Brute-force attack
B. SQL injection
C. Denial of Service (DoS)
D. Phishing

Correct Answer: C. Denial of Service (DoS)

Explanation: A Denial of Service (DoS) attack floods a network or system with traffic, disrupting its normal operations. Brute-force attacks, SQL injection, and phishing involve different attack methods.

Question 24

Which of the following protocols is used to encrypt email communications and ensure confidentiality?

A. SSL
B. S/MIME
C. FTP
D. SNMP

Correct Answer: B. S/MIME

Explanation: S/MIME is a protocol used to encrypt email communications to ensure confidentiality. SSL, FTP, and SNMP serve different purposes in network security.

Question 25

 Which of the following refers to the use of random data added to a password before hashing to enhance its security?

A. Salting
B. Encryption
C. Tokenization
D. Hashing

Correct Answer: A. Salting

Explanation: Salting adds random data to a password before hashing it, making it more secure against attacks such as brute-force attempts. Encryption, tokenization, and hashing have different functions.

Question 26

 Which of the following refers to a type of malware that can replicate itself and spread across systems without any user interaction?

A. Worm
B. Virus
C. Trojan
D. Ransomware

Correct Answer: A. Worm

Explanation: A worm is a type of malware that can replicate and spread across systems without user interaction. Viruses, trojans, and ransomware require user action to propagate.

Question 27

An attacker sends unsolicited emails containing malicious links to multiple recipients. This is an example of which type of attack?

A. Denial of Service
B. Phishing
C. SQL injection
D. Brute-force

Correct Answer: B. Phishing

Explanation: Phishing involves sending unsolicited emails with malicious links to trick users into revealing sensitive information. The other options refer to different types of attacks

Question 28

Which of the following refers to a framework that standardizes security incident response and risk management practices?

A. Role-based access control
B. NIST Cybersecurity Framework
C. VPN
D. Tokenization

Correct Answer: B. NIST Cybersecurity Framework

Explanation: The NIST Cybersecurity Framework provides standardized guidelines for risk management and incident response. Other options do not provide a risk management framework.

Question 29

Which of the following attacks involves an attacker gaining access to a system by guessing or cracking passwords?

A. Brute-force attack
B. Phishing
C. Man-in-the-middle
D. Cross-site scripting

Correct Answer: A. Brute-force attack

Explanation: A brute-force attack involves guessing or cracking passwords to gain unauthorized access to a system. Other options describe different types of attacks.

Question 30

Which of the following is used to protect data while it is being transmitted over a network?

A. Encryption
B. Firewalls
C. Tokenization
D. VPN

Correct Answer: A. Encryption

Explanation: Encryption protects data in transit by converting it into unreadable code that can only be deciphered by authorized parties. Firewalls, tokenization, and VPNs offer different types of protection.

Question 31

Which of the following ensures that a message or document has not been altered since it was sent?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication

Correct Answer: B. Integrity

Explanation: Integrity ensures that a message or document remains unchanged during transmission. Confidentiality protects against unauthorized access, availability ensures access to data when needed, and authentication verifies the identity of the sender.

Question 32

What type of attack involves the unauthorized redirection of internet traffic to malicious websites?

A. SQL injection
B. Man-in-the-middle
C. DNS poisoning
D. Cross-site scripting

Correct Answer: C. DNS poisoning

Explanation: DNS poisoning involves redirecting internet traffic from legitimate websites to malicious ones by corrupting DNS server information. SQL injection, man-in-the-middle, and cross-site scripting are different forms of attacks.

Question 33

Which of the following ensures that data is accessible only to authorized users?

A. Confidentiality
B. Integrity
C. Availability
D. Encryption

Correct Answer: A. Confidentiality

Explanation: Confidentiality ensures that sensitive data is accessible only to authorized individuals. Integrity ensures data accuracy, availability ensures timely access, and encryption is a method to achieve confidentiality and integrity.

Question 34

Which of the following is the best practice for securing sensitive data on portable devices such as USB drives?

A. MAC filtering
B. Data encryption
C. Tokenization
D. VPN

Correct Answer: B. Data encryption

Explanation: Data encryption ensures that sensitive information on portable devices, like USB drives, remains secure even if the device is lost or stolen. MAC filtering, tokenization, and VPNs serve different purposes.

Question 35

Which of the following methods involves distributing different encryption keys for each session to enhance security?

A. Perfect forward secrecy
B. Tokenization
C. Hashing
D. Salting

Correct Answer: A. Perfect forward secrecy

Explanation: Perfect forward secrecy ensures that each session uses a different encryption key, enhancing security. Tokenization, hashing, and salting are different security techniques.

Question 36

Which of the following is the primary purpose of implementing a firewall?

A. To authenticate users
B. To encrypt data
C. To control incoming and outgoing network traffic
D. To store encryption keys

Correct Answer: C. To control incoming and outgoing network traffic

Explanation: A firewall controls network traffic, monitoring and filtering it based on predefined security rules. It does not authenticate users, encrypt data, or store encryption keys.

Question 37

Which of the following protocols is used for secure file transfer over a network?

A. FTP
B. SFTP
C. HTTP
D. SMTP

Correct Answer: B. SFTP

Explanation: SFTP (Secure File Transfer Protocol) is used for secure file transfer over a network. FTP, HTTP, and SMTP are older or less secure options.

Question 38

What type of attack involves the unauthorized modification of an existing DNS record to redirect traffic to a malicious website?

A. Phishing
B. SQL injection
C. DNS spoofing
D. Cross-site scripting

Correct Answer: C. DNS spoofing

Explanation: DNS spoofing involves modifying DNS records to redirect traffic from legitimate websites to malicious ones. Phishing, SQL injection, and cross-site scripting use different attack methods.

Question 39

Which of the following security principles ensures that a user cannot deny having performed a specific action?

A. Integrity
B. Confidentiality
C. Non-repudiation
D. Availability

Correct Answer: C. Non-repudiation

Explanation: Non-repudiation ensures that a user cannot deny having performed a specific action, such as sending a message or signing a document. Integrity, confidentiality, and availability are different aspects of information security.

Question 40

Which of the following tools is used to capture and analyze network traffic?

A. Firewall
B. Packet sniffer
C. VPN
D. Antivirus software

Correct Answer: B. Packet sniffer

Explanation: A packet sniffer captures and analyzes network traffic for monitoring and troubleshooting purposes. Firewalls, VPNs, and antivirus software serve different functions.

Complete the Captcha to view next question set.

Prev Post
WGU D329 Practice Exam Questions – Set 3 – Part 1
Next Post
WGU D329 Practice Exam Questions – Set 3 – Part 3