WGU D345 Psychopharmacology Pre Assessment & Study guide| Questions & Verified Answers | 2026–2027 Update | Exam Prep Guide

WGU D345 Psychopharmacology Pre Assessment & Study guide| Questions & Verified Answers | 2026–2027 Update | Exam Prep Guide Q: In the TCP/IP Model, which OSI layers are merged into the Application Layer? Answer Session, Presentation, and Application Layers Q: The Presentaion layers role in the OSI model includes... Answer Formatting, Encrypting and Decrypting Data Q: In which network topology do packets navigate device-to-device until reaching their destination? Answer Ring Q: Which cloud deployment often utilizes exclusive (non-shared) hardware? Answer Private Cloud Q: Which network type is commonly emplyoed for device interconnection within a single building? Answer Local Area Network (LAN) Q: In Peer-to-Peer (P2P) architecture, configuration is : Answer Decentralized, with each device requiring individual configuration Q: To verify a computers network connection and responsiveness, which command is suitable for a network technician? Answer Ping Q: To link multiple buildings, which network type is utilized? Answer Campus Area Network (CAN) Q: Which network type is used for short-distance device communication, such as connecting wireless earbuds to a smartphone? Answer Personal Area Network (PAN) Q: To inspect active TCP connections on a Windows PC, which command is appropriate for a network admin? Answer Netstart Q: In a client/server architecture, the configuration is : Answer Centralized, with configuration performed on a central server and disseminated to all devices. Q: How do OSI and TCP/IP model layer counts compare? Answer OSI has 7 layers; TCP/IP has 4 Q: Compared to Twisted Pair cables, Fiber Optic cables offer... Answer Enhanced data transmission speed and extended cabling distance Q: Arouter primary purpose in a network is: Answer To route data packets between multiple networks Q: Put the OSI layers in the correct order starting with layer 7 and going down... Answer 1 - Application 2 - Presentation 3 - Session 4 - Transport 5 - Network 6 - Data Link 7 - Physical All People Seem To Need Dominos Pizza Q: How is a community cloud defined? Answer Shared among multiple organizations with similar objectives Q: At which OSI model layer does connection management (connection establishment, maintenance, and teardown) with remote devices occur? Answer Session Layer Q: What does Infastructure as a Service (IaaS) offer consumers? Answer Computing resources in a virtualized form over the internet Q: An IP Address functions at which OSI model layer? Answer Network Layer Q: To obtain the IP Address of a Windows machine, which command is necessary? Answer Ipconfig Q: For wireless LAN connectivity, which device is typically used? Answer Wireless Access Point (WAP) Q: In cloud computing, what defines the hybrid cloud model in terms of where IT assets are located? Answer Mix of on-premises and cloud-based services for IT assets Q: Comparing device roles in P2P and client/server networks regarding resource sharing: Answer P2P networks see devices solely as requesters, client/server as providers Q: Which network topology enables multiple paths between any two devices to safeguard against link failure? Answer Mesh Q: Highlight a principal advantage of Software as a Service (SaaS). Answer No need for individual installations or updates Q: Which command is employed for DNS resolution of a domain name to its IP address? Answer Nslookup Q: To follow the journey of packets from origin to detination on Windows, which command is applied? Answer Tracert Q: Which situation are STP cables preferred over UTP cables? Answer In enviroments with significant electromagnetic interfrerence Q: Identify a type of UDP cable... Answer Cat6 Cable Q: Within a client/server architecture, the role of client devices is to: Answer Request and utilize server-provided services Q: At which OSI model layer does the MAC (Media Access Control) Address operate? Answer Data link Q: What function does a firewall serve in a network? Answer Traffic filtration in accordance with rule sets Q: A network topology where all nodes are connected to a central device is known as : Answer Star Q: Identify the network type connecting computer networks and LANs across broad geographical expanses: Answer Wide Area Network (WAN) Q: To display the mapping of IP Addresses to MAC Addresses on a WIndows system, which command should be used? Answer Arp Q: Which cloud service model fits best for software development entities aiming to build and test applications without handling the underlying Infastructure? Answer Platform as a Service (PaaS) Q: For gigabit network compatiability, the minimum Ethernet cable category required is: Answer Category 5e (CAT5e) Q: To obtain a Linux machine's IP Address, which command must a network admin execute? Answer Ifconfig Q: What distingushes a public cloud model? Answer Accessible over the public internet to anyone interested in subscribing Q: Define a Type 1 Hypervisor: Answer Direct hardware-level virtualization management software Q: During a penetration test, the tester uses a well-known software tool to gain unauthorized access to the network. This tool is considered... Answer An Exploit Q: When an attacker is inserting text that is too large to fit within a region of memory, what type of attack are they trying to perform? Answer Buffer Overflow Q: What is the primary goal of phishing? Answer To steal sensitive information like passwords and credit card numbers Q: What technique involves manipulating individuals to divulge confidential information or perform actions that may compromise security? Answer Social Engineering Q: In cybersecurity, what type pf attack involves systematically trying all possbile combinations of passwords from a predefined list? Answer Dictionary Attack A healthcare provider notices alterations in patient records that cannot be traced to legitimate medical consultations. This scenario indicates a violation of which CIA principal? Answer Integrity During a security audit, its discovered that backup drives containing sensitive information are stored unsecured. What is the best practice to secure these backup drives? Answer Store the drives in an access controlled server room A teenager uses a software tool downloaded from the internet to break into a local network without fully understanding how the tool works. This individual is referred to as a: Answer Answer Script Kiddie A cyber campaign aimed at stealing intellectual property from technology companies around the globe is later linked to a government's intelligence service. The attacker type is: Answer Nation-State A hacker is attempting to breach the network remotely. In this scenario, the attacker would be considered what? Answer External Threat A flood in the server room causes significant damage to the hardware, leading to an unplanned downtime. Which principle of the CIA triad does this incident affect the most? Answer Availability What accurately defines a Vulnerability? Answer A defect or imperfection in hardware, software, or infastructure that could be exploited to undermine security A ransomware attack encrypts all the files on a companys server, making them inaccessible, Which principle of the CIA Triad has been breached? Answer Availability In a man-in-the-middle attack, where does the attacker position themselves? Answer Between two communicating parties A hacker discovers a vulnerability in an online platform and exploits it to steal user data for personal gain. This person is categorized as a: Answer Black Hat Hacker What measure can employees take to protect company data on their personal devices used for work? Answer Enable full device encryption What term is used to describe the likelihood and impact of a threat exploiting a vulnerability? Risk What risk management strategy involves eliminating the threat or vulnerability to completely eliminate the associated risk? Risk Avoidance What risk management approach is demonstrated by opting out to keep a network device operational despite being aware of its risk and not applying any security solutions? Risk Acceptance Which term describes a security risk that originates from individuals within an organization, such as employees or contractors? Insider Threat Which of the following is a common way for malware to spread? Via E-Mail Attachments A hacker exploits a known flaw in an operating system that hasn't been updated in months, gaining unauthorized access. This is an example of an attack exploiting: Unpatched Software A hacker intercepts sensitive emails between a company's executives using a compromised Wi Fi network. This breach affects which aspect of the CIA triad? Confidentiality An individual gains unauthorized access to government websites to protest against a new policy. This person is best described as a: Hacktivist A user is setting up his new work account and sets his password to password01 so he can easily remember it. What type of vulnerability did his password choice create? Weak Password Data encryption at rest primarily addresses which component of the CIA triad? Confidentiality A man-in-the-middle (MITM) attack allows an attacker to intercept, read, and alter communications between two parties. This compromises which aspects of the CIA triad? Confidentiality and Integrity Which type of DoS attack involves sending oversized or malformed ping packets to crash the target syatem? Ping of Death Which option below describes a decoy system that is intentionally vulnerable and filled with fabricated data to lure attackers once they breach the network? Honeypot Ensuring that data is accurate and has not been tampered with relates to which component of the CIA Triad? Integrity An attacker performs a port scan to: Identify vulnerabilities and plan further attacks by discovering open ports and the services or applications running on them A critical software application fails to start due to an expired license key, halting business operations. Which component of the CIA Triad does this scenario impact? Availability Which team is responsible for defending and securing an organizations IT infrastructure and assets? Blue Security Team Which exploit includes using breaching the network cable and using a packet sniffer to listen and record the traffic on the network? Wiretapping An insider in the organization has expressed dissatisfaction and is showing signs of potentially leaking sensitive data. This individual represents a Threat What defines a zero-day attack? An attacker exploits a previously unknown vulnerability in software or hardware, before the vendor has released a patch A person conducts unauthorized penetration testing on a companys system out of curiosity and later reports the findings anonymously. This behavior fits the profile of a: Grey-Hat Hacker Which risk management approach entails reducing the likelihood of a risk occurring or reducing the impact if a risk does occur by implanting some of the type of security technology? Risk Mitigation What term describes an ethical hacker who uses their skills to help organizations identify and fix vulnerabilities? White-Hat Hacker Checksums and cryptographic hashes are primarily used to ensure: Integrity For data that is at rest, what is the best method to protect the confidentiality of data? Encryption What layer of protection could be considered the last line of defense in a well implemented security in depth strategy? Data encryption at rest What does HIPAA primarily protect? Health Information A local library has previously fallen victim to war chalking, where unauthorized individuals marked the exterior with symbols indicating an unsecured Wi-Fi network. To prevent future incidents and secure their network against unauthorized access, what should the library implement? Implement WPA2 or WPA3 wireless encrpytion Tom is trying to access a sensitive report from his company's server. Which part of the AAA framework is responsible for verifying Tom's credentials before granting access? Authentication If a company installs a state-of-the-art firewall, it is primarily engaged in: Risk Mitigation Which of he following is NOT typically considered a part of device hardening? Increasing the number of open ports How does zero-trust handle internal and external threats? Treats all network traffic with the same level of suspicion What capability does an IPS have that an IDS lacks? Blocking detected threats automatically An organization is setting up a firewall capable of analyzing individual packets and the association in which these packets are grouped. Which type of access control is being utilized? Context-Based A software developer attempts to access the customer database but is denied. What part of the AAA framework is responsible for this decision? Authorization At a software company, which of the following practices best exemplifies separation of duties in incident response? One team detects and reports security incidents, while a different team analyzes and responds to these incidents. A companys security policy requires that all incoming and outgoing messages be inspected for harmful content like viruses and spyware before they reach the desktops. Which firewall should they deploy? Application level firewall Place the wireless encryptions in order from the weakest to the strongest 1-WEP 2-WPA 3-WPA2 4-WPA3 A network firewall analyzes each packet against a set of security criteria, such as source IP address, or port number before deciding to allow or block. This approach is known as: Rule-based Access Control A user must enter a security question answer to retrieve a forgotten password. This form of authentication relies on: Something you know What best describes RBAC (Role-Based Access Control)? A system where access controls are based on the job function of users within an organization A large e-commerce company, preparing for an upcoming holiday sale, is concerned about the potential for DoS/DDoS attacks that could disrupt their services. What is the most effective strategy they should implement to mitigate the risk of such attacks? Monitor normal traffic patterns What distinguishes DAC (Discretionary Access Control) from other access control models? It allows file owners to control access Which technology is essential for achieving effective Zero-Trust architecture? Multi-Factor Authentication (MFA) An organization requires a firewall that can allow or deny packets based on administrator defined rules for IP addresses and protocols, Which type should they use? Packet Filtering Firewall What distingushes asymmetric encryption from symmetric encryption? Employs diffrent keys for encryption and decryption Anetwork administrator sets up a firewall to block all incoming connections do not originate from within the network. Which type of firewall can check whether a packet is part of an established connection? Stateful Inspection Firewall A mobile banking app is designed to terminate all active sessions and require re-authentication after detecting any unauthorized access attempts. What prinipal does this illustrate? Fail-Safe According to the Protection and Electronic Documents Act (PIPEDA), personal information must be protected by... Appropriate security safeguards After implementing a mandatory complex password policy, a company notices many employees writing down their passwords. The company decides to allow less complex passwords with two factor authentication to ensure the authentication system is more user-friendly. Which priniple is being reinforced? Psychological Acceptability An organization is adjusting its information security policies to adhere to the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, what is the organization required to do? Establish adequate security measures for the protection of stored personal data Waht are two wireless infastructure modes? Ad-Hoc Infastructure In an information security policy dicument, what must each sub-policy clearly contain to meet compliance and clarity requirements? The specfic compliance obligations the sub-policy fulfills Tom accesses his workplace computer using a fingerprint scan. The security system he interacts with uses which type of authentication? Something you are During a security review, the IT department uses records to track back an unauthorized data breach to a specific users account. Which AAA services provides this capability? Accounting What is a primary reasons attackers set up rouge access points in public places like cafes and airports? To capture personal and financial information from unsuspecting users Why is multi-factor authenication crucial in a securing systems? To ensure higher security through multiple verifaction mechanisms A large number of ICMP Echo requests originating from a spoofed IP address are flooding a network. What traditional network security tool can help mitigate this type of ICMP Ping flood attack? Firewall with ICMP filtering capablilties A company develops an encryption software that uses a simple, well-understood alogrithm instead of multiple complex algorithms. This strategy primarily enhances security through which principle? Economy of mechanism If a small business owner chooses to ignore minor security risks associated with a less critical part of the business because the cost to address them would outwiegh the potential loss, what is this an example of? Risk Acceptance A university's IT department suspects a rogue access point may be operating on campus. What should they implement? A Wireless Intrusion System (WIPS) In a secure email exchange, if Alice wants to ensure only Bob can read her message, she should encrypt it using which key? Bobs public key In the context of IT security, separation of duties is essential because it: Helps prevent any one individual from having too much control over a critical process Which strong wireless encryption protocol uses the same encryption key for all device on the wireless network? WPA2 What is the TCP/IP layer that includes the Transmission Control Protocol (TCP)? Transport Which layer of the TCP/IP model includes the Internet Message Access Protocol (IMAP)? Application Which OSI model layer creates, maintains, and disconnects process communications over the network? Session Which OSI model layer is responsible for breaking data into packets? Transport Which layer of the OSI reference model includes all computer programs that interact with the network? Application What is the OSI model layer that includes the IPX? Network What is the layer of the OSI model that is responsible for logical addressing? Network What is the layer of the OSI model that translates binary computer language into the language of the transmission medium? Physical A network is being created for an office, and there is a need for a router that manages internal network connections with no contact with the internet. Which type of router is needed? Core Router An IT manager is designing a new network and needs a device that connects multiple networks. Which device is needed? Router A network in a small office building connects all devices using wired connections with a star topology. Which type of network is described? LAN An executive uses Bluetooth to connect a laptop, a mobile phone, and a headset. Which type of network is described? PAN A city uses fiber optic cable to connect smaller networks throughout the whole city. Which type of network is described? MAN Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to view a list of network addresses and port numbers. Which command in Linux should be used for this purpose? netstat Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to determine which ports have an active connection. Which command in Windows should be used for this purpose? netstat -an In the process of setting up a Linux-based network system, a technician needs to view network interfaces and their settings. Which command should be used? ifconfig A person is troubleshooting a network issue and needs to test DNS connectivity. Which Linux command should be used? nslookup A company uses cloud service to manage its IT resources. The underlying hardware resources are shared by other companies as well. What is the cloud deployment model described in the scenario? Public An organization uses one cloud service provider for data management and another service provider for development platforms. What is the cloud deployment model described in the scenario? Multi A company needs to maximize the number of virtual machines that can run on each host. Which hypervisor should be used? Type 1 A developer has an existing computer with an operating system. The developer wants to use a hypervisor to have access to several virtual machines for a specific project. Which form of hypervisor fits the need described in the scenario? Type 2 An attacker gains unauthorized access to a computer and modifies browser security settings. What is the purpose of the attack? Data modification An attacker uses a trojan horse to forward usernames and passwords to an anonymous email address. What is the purpose of the attack? Data export A hacker purposefully breaks IT security to gain unauthorized access to systems and publish sensitive data. Which term describes the given hacker? Black-hat A hacker acts as an information system security professional who is hired to perform penetration testing. Which term describes the given hacker? White-hat An organization is the victim of an attack in which an attacker uses a software program to try all possible combinations of a password and user ID. What is the type of cyberattack described in this scenario? Brute-force attack A data breach exposed usernames and passwords to customer accounts of an online retailer. An attacker uses the exposed data to attempt to access accounts of another online retailer. Which malicious attack strategy is represented in the scenario? Credential stuffing An attacker uses a list of commonly used access credentials to attempt to gain access to an online account. Which type of cyberattack is described? Dictionary attack An organization is the victim of an attack in which an attacker tries to gain access to a system by disguising their computer as another computer. What is the type of cyberattack described in this scenario? IP address spoofing An organization is the victim of an attack in which an attacker uses a program to take control of a connection by pretending to be each end of the connection. What is the type of cyberattack described in this scenario? Man-in-the-middle attack An attacker uses a false identification to gain physical access to IT infrastructure. Which malicious attack strategy is represented in the scenario? Social engineering An attacker sends emails claiming that an online account has been locked. The email provides a fake link with the goal of tricking the users into providing login credentials. Which type of cyberattack is described? Phishing An organization is the victim of an attack in which an attacker uses a DNS poisoning strategy to direct users from a legitimate website to the attacker's website. What is the type of cyberattack described in this scenario? Pharming A company is implementing network security components to ensure a higher level of data trustworthiness. What is the CIA triad component targeted in the scenario? Integrity Which CIA triad component is a driver for enabling data encryption? Confidentiality Which component of the IT security CIA triad is a driver for implementing audit and monitoring controls? Confidentiality What is the component of the CIA triad for IT security that requires that IP packets be retransmitted if the receiving host has an invalid checksum value? Integrity What is an example of a violation of the CIA triad component confidentiality? A company stores sensitive customer data without access controls. What is an example of a violation of the CIA triad component availability? A new employee has not been issued access credentials to the company's network for needed information. A company uses hash value comparisons to determine if the data in a database has changed. What is the CIA triad component targeted in the scenario? Integrity A company is updating the devices it provides to employees to ensure that each employee has consistent network access. What is the CIA triad component targeted in the scenario? Availability An organization uses an access control in which employees working in similar categories are grouped together and given the same permissions. What is the form of access control involved in this scenario? Role-based An organization's network has been the target of several cyberattacks. Which strategy should the organization use for Wi-Fi hardening? Configure the Wi-Fi signal strength to reduce range A company set up a firewall to analyze network traffic, considering each packet and how groups of packets are used. What is the form of access control involved in this scenario? Context-based A company is developing a data protection methodology in order to improve data protection measures. What is a strategy that should be used? Implement authentication methodologies After a series of attacks, an organization needs to bolster its data protection measures. Which strategy should be used to increase data protection? Use transport level encryption An organization needs to define a data classification standard and designate the assets that are critical to the organization's mission. Which type of policy should be used? Asset classification policy A company needs to specify security operations and management of all IT assets within the seven domains of the IT infrastructure. Which type of policy should be used? Asset management policy An organization has experienced war chalking in the past and wants to take actions to mitigate this type of attack. What should this organization do? Use Wi-Fi Protected Access 2 (WPA2) A company is specifically worried about DoS/DDoS attacks. Which strategy should be used as a mitigation against this type of attack? Monitor normal traffic patterns A development team is designing a web application. The team is considering possible errors and exceptions. The team is committed to protecting sensitive information above all else in the event of an error or exception. What is the security principle implemented in this scenario? Fail-safe An organization is designing an information system dashboard that can be customized for various departments. The goal is to make the dashboard intuitive, user-friendly, and secure. Which design principle for security is being incorporated? Human-centeredness After discovering that employees have been circumventing session timeouts for a company's internal network, the company is holding meetings to inform employees of the motivation behind the timeouts and risks involved in the workaround. Which security principle is demonstrated in this scenario? Psychological acceptability When assigned to a new project, a user is given temporary permissions as an editor. Which network security concept does this scenario address? Authorization A financial company requires a manager to verify any changes made to a client's electronic profile made by an employee. What is the principle used to address accounting in this situation? Separation of duties In order to reduce the risk of insider attacks, a company assigned role-based permissions to its users. Which network security concept does this scenario address? Authorization An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation? Disclose how personal identifiable information is used An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation? Implement appropriate security safeguards for stored personal data A company is creating an information security policy document with many sub-policies. Which information should be included for each sub-policy to ensure the policy is clear and comprehensive? Compliance requirements the sub-policy is designed to meet