OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • December 3, 2024

Question 21

A security administrator needs to ensure that data on a network is encrypted and that its integrity is verified during transmission. Which of the following protocols should be used?

A. HTTP
B. FTP
C. TLS
D. Telnet

Correct Answer: C. TLS

Explanation: TLS (Transport Layer Security) ensures that data is encrypted and its integrity is verified during transmission. HTTP, FTP, and Telnet do not offer this level of security.

Question 22

Which of the following security controls is used to protect a system from unauthorized changes by limiting user privileges?

A. Role-based access control
B. MAC filtering
C. VPN
D. IDS

Correct Answer: A. Role-based access control

Explanation: Role-based access control (RBAC) limits user privileges based on their role within the organization, preventing unauthorized changes to the system.

Question 23

Which of the following encryption methods is commonly used for securing wireless networks?

A. AES
B. MD5
C. SHA
D. RSA

Correct Answer: A. AES

Explanation: AES (Advanced Encryption Standard) is commonly used to secure wireless networks, especially in WPA2 encryption. MD5, SHA, and RSA are not typically used for wireless network encryption.

Question 24

Which of the following best describes the function of a honeypot in network security?

A. To block unauthorized access
B. To detect malware
C. To attract and monitor attackers
D. To encrypt sensitive data

Correct Answer: C. To attract and monitor attackers

Explanation: A honeypot is a security mechanism designed to attract and monitor attackers, allowing administrators to observe their behavior and gather intelligence. It does not block access, detect malware, or encrypt data.

Question 25

An attacker modifies the database query in a web form to gain unauthorized access to data. This attack is known as which of the following?

A. SQL injection
B. Cross-site scripting
C. Brute-force attack
D. Phishing

Correct Answer: A. SQL injection

Explanation: SQL injection occurs when an attacker inserts or modifies SQL queries to access or manipulate a database. Cross-site scripting, brute-force attacks, and phishing are different types of attacks.

Question 26

Which of the following types of malware is primarily designed to steal sensitive information from a system?

A. Worm
B. Spyware
C. Ransomware
D. Virus

Correct Answer: B. Spyware

Explanation: Spyware is a type of malware designed to collect sensitive information from a user’s system without their knowledge. Worms, ransomware, and viruses have different purposes.

Question 27

Which of the following security measures is used to ensure that the identity of a user can be verified and that they cannot deny their actions later?

A. Encryption
B. Non-repudiation
C. IDS
D. MAC filtering

Correct Answer: B. Non-repudiation

Explanation: Non-repudiation ensures that a user’s identity can be verified and that they cannot deny their actions. This is often achieved through digital signatures. Encryption, IDS, and MAC filtering do not provide non-repudiation.

Question 28

Which of the following types of attacks involves overwhelming a network or system with traffic, making it unavailable to legitimate users?

A. Phishing
B. Man-in-the-middle attack
C. Denial of Service (DoS) attack
D. Brute-force attack

Correct Answer: C. Denial of Service (DoS) attack

Explanation: A Denial of Service (DoS) attack involves overwhelming a network or system with traffic, causing it to become unavailable to legitimate users. Phishing, MitM, and brute-force attacks have different methods and goals.

Question 29

Which of the following is a primary function of an Intrusion Detection System (IDS)?

A. To block malicious traffic
B. To monitor for suspicious activity
C. To encrypt network communication
D. To manage access control lists

Correct Answer: B. To monitor for suspicious activity

Explanation: An IDS monitors network traffic for suspicious activity and potential security breaches. It does not block traffic, encrypt communication, or manage access control lists.

Question 30

An attacker sends a large number of requests to a server, causing it to crash. This is an example of which of the following attacks?

A. Phishing
B. Man-in-the-middle attack
C. Denial of Service (DoS) attack
D. Brute-force attack

Correct Answer: C. Denial of Service (DoS) attack

Explanation: A DoS attack involves overwhelming a server or network with traffic, causing it to crash or become unavailable. Phishing, MitM, and brute-force attacks have different objectives and methods.

Question 31

Which of the following best describes the purpose of two-factor authentication?

A. To block unauthorized access
B. To verify the identity of a user
C. To monitor network traffic
D. To encrypt sensitive data

Correct Answer: B. To verify the identity of a user

Explanation: Two-factor authentication (2FA) verifies the identity of a user by requiring two forms of authentication (e.g., password and a security token). It does not block access, monitor traffic, or encrypt data.

Question 32

Which of the following attacks involves an attacker tricking a user into visiting a malicious website by disguising it as a legitimate site?

A. Phishing
B. SQL injection
C. Cross-site scripting
D. Brute-force attack

Correct Answer: A. Phishing

Explanation: Phishing involves tricking users into visiting malicious websites or revealing sensitive information by disguising the attack as legitimate. SQL injection, cross-site scripting, and brute-force attacks are different methods.

Question 33

A company wants to prevent sensitive data from being sent outside the network via email. Which of the following solutions is the best option?

A. Content filtering
B. Firewalls
C. VPN
D. Data Loss Prevention (DLP)

Correct Answer: D. Data Loss Prevention (DLP)

Explanation: Data Loss Prevention (DLP) solutions monitor and control sensitive data to prevent it from leaving the network, such as via email or file transfers. Content filtering, firewalls, and VPNs do not offer this specific protection.

Question 34

Which of the following describes the purpose of hashing in cybersecurity?

A. To encrypt sensitive data
B. To verify the integrity of data
C. To monitor network traffic
D. To authenticate users

Correct Answer: B. To verify the integrity of data

Explanation: Hashing is used to verify the integrity of data by generating a fixed-length hash value from the original data. It does not encrypt data, monitor traffic, or authenticate users.

Question 35

Which of the following attacks involves the exploitation of a vulnerability in software to gain unauthorized access to a system?

A. SQL injection
B. Phishing
C. Man-in-the-middle attack
D. Exploit

Correct Answer: D. Exploit

Explanation: An exploit takes advantage of a software vulnerability to gain unauthorized access to a system. SQL injection, phishing, and MitM attacks are specific attack types.

Question 36

Which of the following types of malware encrypts a user’s files and demands payment for the decryption key?

A. Virus
B. Trojan
C. Worm
D. Ransomware

Correct Answer: D. Ransomware

Explanation: Ransomware encrypts a user’s files and demands payment for the decryption key. Viruses, Trojans, and worms operate differently.

Question 37

 Which of the following protocols is used to ensure secure communication over a network by providing encryption, authentication, and integrity?

A. HTTP
B. FTP
C. Telnet
D. TLS

Correct Answer: D. TLS

Explanation: TLS (Transport Layer Security) ensures secure communication by providing encryption, authentication, and data integrity. HTTP, FTP, and Telnet do not provide the same level of security.

Question 38

An administrator wants to ensure that users accessing the company’s internal systems are required to provide a password and a security token. Which of the following should be implemented?

A. Single sign-on
B. Role-based access control
C. Two-factor authentication
D. MAC filtering

Correct Answer: C. Two-factor authentication

Explanation: Two-factor authentication (2FA) requires users to provide two forms of identification, such as a password and a security token, to access internal systems.

Question 39

Which of the following is the primary purpose of a Virtual Private Network (VPN)?

A. To block unauthorized access
B. To encrypt network traffic
C. To monitor for malicious activity
D. To manage access control lists

Correct Answer: B. To encrypt network traffic

Explanation: A VPN encrypts network traffic, ensuring that data transmitted over the network is secure and protected from interception. It does not block access, monitor activity, or manage access control lists.

Question 40

Which of the following types of attacks involves overwhelming a system with traffic until it becomes unavailable?

A. Phishing
B. Denial of Service (DoS) attack
C. Brute-force attack
D. Cross-site scripting

Correct Answer: B. Denial of Service (DoS) attack

Explanation: A Denial of Service (DoS) attack overwhelms a system with traffic, making it unavailable to legitimate users. Phishing, brute-force attacks, and cross-site scripting are different methods of attack.

Complete the Captcha to view next question set.

Prev Post
WGU D329 Practice Exam Questions – Set 2 – Part 1
Next Post
WGU D329 Practice Exam Questions – Set 2 – Part 3