WGU D483 SECURITY OPERATIONS TASK
GUIDE PRACTICE EXAMINATION 2026
QUESTIONS WITH ANSWERS GRADED A+
◍ What is the difference between IDS and IPS?.
Answer: IDS detects, IPS blocks
◍ A company has recently upgraded to the latest version of the web
application. During a review of the logs, the security analyst notices an
unauthorized change made to the web application by an unknown user.
Which of the following logs would most likely provide information about
the unauthorized change?
A. System log
B. Application log
C. Event log
D. Security log.
Answer: B.Application log
◍ What is alerting?.
Answer: Notifying about suspicious activity
◍ A security analyst is conducting an assessment of the network security of a
small office. The analyst must determine if any unauthorized devices and
services are on the network. What type of scan/sweep would indicate to the
security analyst that unauthorized devices and services are running on the
network?
A. Port scan
B. Ping sweep
C. TCP sweep
D. UDP sweep.
Answer: A.Port scan
,◍ A security researcher has discovered a vulnerability in a web application
that allows an attacker to make requests to internal or external resources on
behalf of the web server. Which of the following web vulnerabilities best
describes this scenario?
A. Server-Side Request Forgery (SSRF)
B. Cross-Site Request Forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Structured Query Language (SQL) injection.
Answer: A.Server-Side Request Forgery (SSRF)Server-Side Request
Forgery (SSRF) is a type of web vulnerability that allows an attacker to
request internal or external resources on behalf of the web server.
◍ A security analyst wants to use a web application scanner to test the security
of a web application. Which of the following is a feature of Burp Suite that
could support the security analyst's requirements?
A. Testing for vulnerabilities in the application source code
B. Assessing the security of the underlying operating system
C. Detecting malware and viruses on the web server
D. Intercepting and modifying HTTP requests and responses.
Answer: D.Intercepting and modifying HTTP requests and responses
◍ What is the first step in vulnerability management?.
Answer: Identify vulnerabilities
◍ An e-commerce company recently suffered a data breach, and a security
audit revealed several vulnerabilities in their web application. The company
wants to improve its web application security by following secure coding
best practices and enhancing session management. Which of the following
actions should the company take to achieve this?
A. Employ HTTPS for all data transmissions
B. Utilize hard-coded credentials
C. Use short session timeouts
D. Disable input validation.
Answer: C.Use short session timeoutsUsing short session timeouts is a
, secure coding best practice for session management. Short timeouts help
prevent unauthorized access to a user's session by reducing the window of
opportunity for an attacker to hijack the session.While employing HTTPS
for all data transmissions is a good security practice, it does not directly
relate to secure coding best practices or session management.
◍ A company is implementing a PKI to enhance the validity of its
communications. What is the purpose of PKI in this instance?
A. To provide secure and private communication over the internet
B. To verify the authenticity of digital documents and the identity of users
or devices
C. To encrypt data transmissions between servers
D. To detect and prevent unauthorized access to the network.
Answer: B.To verify the authenticity of digital documents and the identity of
users or devicesPublic Key Infrastructure (PKI) authenticates user identities
and encrypts messages to ensure the confidentiality and security of email
communications, actively managing and distributing public keys.
◍ What is metadata?.
Answer: Data about data
◍ A company has hired a security analyst to perform a comprehensive
information gathering and reconnaissance phase of a penetration testing
engagement. The analyst needs to use a tool that can automate gathering
information about a target and performing reconnaissance on the target
network. Which of the following tools is best suited for this task?
A. Aircrack-ng
B. Recon-ng
C. Snort
D. Metasploit.
Answer: B.Recon-ngRecon-ng automates the reconnaissance and
information-gathering process, making it an ideal choice for the given
scenario.Aircrack-ng tool is primarily for assessing the security of wireless
networks. While it is a valuable tool for its intended purpose, it does not
, cover the comprehensive information. gathering and reconnaissance needed
in the given scenario.Snort is an open-source intrusion detection system
(IDS) and intrusion prevention system (IPS) tool. While it is a valuable tool
for network security, it does not specialize in information gathering and
reconnaissance like Recon-ng.Although Metasploit can be in the later stages
of a penetration testing engagement, it is not specifically for the initial
information gathering and reconnaissance phase.
◍ What is the biggest benefit of automation in security?.
Answer: Speed and consistency.
◍ What does containment mean?.
Answer: Isolate issue
◍ When reviewing the issues on the Arachni web user interface (UI), how can
a web administrator determine the way in which the system detected a
cross-site scripting vulnerability on a targeted site?Check the input
sectionCheck the repeater sectionCheck the dispatchers sectionCheck the
intruder section.
Answer: Check the input section
◍ What should a company use to detect attacks but not block them?.
Answer: IDS - Intrusion Detection System
◍ A cloud architect advises an associate to consider a serverless platform for
their new endeavor. What benefits would the architect highlight about a
serverless platform? (Select the two best options.)
A. Serverless platforms require the management of physical or virtual server
instances.
B. There are considerable management demands for file system security
monitoring.
C. There is no requirement to provision multiple servers for redundancy or
load balancing.
D. The service provider manages the underlying architecture..
Answer: C.There is no requirement to provision multiple servers for
redundancy or load balancing.D.The service provider manages the
GUIDE PRACTICE EXAMINATION 2026
QUESTIONS WITH ANSWERS GRADED A+
◍ What is the difference between IDS and IPS?.
Answer: IDS detects, IPS blocks
◍ A company has recently upgraded to the latest version of the web
application. During a review of the logs, the security analyst notices an
unauthorized change made to the web application by an unknown user.
Which of the following logs would most likely provide information about
the unauthorized change?
A. System log
B. Application log
C. Event log
D. Security log.
Answer: B.Application log
◍ What is alerting?.
Answer: Notifying about suspicious activity
◍ A security analyst is conducting an assessment of the network security of a
small office. The analyst must determine if any unauthorized devices and
services are on the network. What type of scan/sweep would indicate to the
security analyst that unauthorized devices and services are running on the
network?
A. Port scan
B. Ping sweep
C. TCP sweep
D. UDP sweep.
Answer: A.Port scan
,◍ A security researcher has discovered a vulnerability in a web application
that allows an attacker to make requests to internal or external resources on
behalf of the web server. Which of the following web vulnerabilities best
describes this scenario?
A. Server-Side Request Forgery (SSRF)
B. Cross-Site Request Forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Structured Query Language (SQL) injection.
Answer: A.Server-Side Request Forgery (SSRF)Server-Side Request
Forgery (SSRF) is a type of web vulnerability that allows an attacker to
request internal or external resources on behalf of the web server.
◍ A security analyst wants to use a web application scanner to test the security
of a web application. Which of the following is a feature of Burp Suite that
could support the security analyst's requirements?
A. Testing for vulnerabilities in the application source code
B. Assessing the security of the underlying operating system
C. Detecting malware and viruses on the web server
D. Intercepting and modifying HTTP requests and responses.
Answer: D.Intercepting and modifying HTTP requests and responses
◍ What is the first step in vulnerability management?.
Answer: Identify vulnerabilities
◍ An e-commerce company recently suffered a data breach, and a security
audit revealed several vulnerabilities in their web application. The company
wants to improve its web application security by following secure coding
best practices and enhancing session management. Which of the following
actions should the company take to achieve this?
A. Employ HTTPS for all data transmissions
B. Utilize hard-coded credentials
C. Use short session timeouts
D. Disable input validation.
Answer: C.Use short session timeoutsUsing short session timeouts is a
, secure coding best practice for session management. Short timeouts help
prevent unauthorized access to a user's session by reducing the window of
opportunity for an attacker to hijack the session.While employing HTTPS
for all data transmissions is a good security practice, it does not directly
relate to secure coding best practices or session management.
◍ A company is implementing a PKI to enhance the validity of its
communications. What is the purpose of PKI in this instance?
A. To provide secure and private communication over the internet
B. To verify the authenticity of digital documents and the identity of users
or devices
C. To encrypt data transmissions between servers
D. To detect and prevent unauthorized access to the network.
Answer: B.To verify the authenticity of digital documents and the identity of
users or devicesPublic Key Infrastructure (PKI) authenticates user identities
and encrypts messages to ensure the confidentiality and security of email
communications, actively managing and distributing public keys.
◍ What is metadata?.
Answer: Data about data
◍ A company has hired a security analyst to perform a comprehensive
information gathering and reconnaissance phase of a penetration testing
engagement. The analyst needs to use a tool that can automate gathering
information about a target and performing reconnaissance on the target
network. Which of the following tools is best suited for this task?
A. Aircrack-ng
B. Recon-ng
C. Snort
D. Metasploit.
Answer: B.Recon-ngRecon-ng automates the reconnaissance and
information-gathering process, making it an ideal choice for the given
scenario.Aircrack-ng tool is primarily for assessing the security of wireless
networks. While it is a valuable tool for its intended purpose, it does not
, cover the comprehensive information. gathering and reconnaissance needed
in the given scenario.Snort is an open-source intrusion detection system
(IDS) and intrusion prevention system (IPS) tool. While it is a valuable tool
for network security, it does not specialize in information gathering and
reconnaissance like Recon-ng.Although Metasploit can be in the later stages
of a penetration testing engagement, it is not specifically for the initial
information gathering and reconnaissance phase.
◍ What is the biggest benefit of automation in security?.
Answer: Speed and consistency.
◍ What does containment mean?.
Answer: Isolate issue
◍ When reviewing the issues on the Arachni web user interface (UI), how can
a web administrator determine the way in which the system detected a
cross-site scripting vulnerability on a targeted site?Check the input
sectionCheck the repeater sectionCheck the dispatchers sectionCheck the
intruder section.
Answer: Check the input section
◍ What should a company use to detect attacks but not block them?.
Answer: IDS - Intrusion Detection System
◍ A cloud architect advises an associate to consider a serverless platform for
their new endeavor. What benefits would the architect highlight about a
serverless platform? (Select the two best options.)
A. Serverless platforms require the management of physical or virtual server
instances.
B. There are considerable management demands for file system security
monitoring.
C. There is no requirement to provision multiple servers for redundancy or
load balancing.
D. The service provider manages the underlying architecture..
Answer: C.There is no requirement to provision multiple servers for
redundancy or load balancing.D.The service provider manages the
