WGU D482 SECURE NETWORK DESIGN TASK 1
2026 EXAM PREPARATION PACK KEY
NETWORK TOPOLOGIES FIREWALL
CONFIGURATION AND SECURITY CONTROLS
WITH SAMPLE QUESTIONS
◉ A company has been the target of multiple social engineering
attacks and is implementing a new
mandatory security awareness training program to reduce the risk
of a future compromise. The security
administrator is mainly concerned with the following attack vectors:
Spoofed emails containing fake password reset links aimed at
harvesting employees' passwords
Phone calls to the helpdesk by a malicious user pretending to be an
employee needing a password reset
A malicious user tailgating while impersonating a contractor to steal
employees' mobile devices
What are the two vulnerabilities that the company needs to address
to meet the above requirements? Answer: Untrained users and Lack
of Secure access control
◉ An email link takes a user to an online store. After clicking the
link, the user is redirected to a spoofed
,online store.
Which type of attack is occurring? Answer: Cross-site scripting
◉ Which device is responsible for performing stateful packet
inspection on traffic traversing connected
segments? Answer: Firewall
◉ Which device is Layer 7 aware and provides both filtering of
unwanted source IP traffic from accessing a
network and policy on which ports may be used? Answer:
Application firewall
◉ A software circuit firewall is on the network providing protection
for a web server. There is a cross-site
scripting vulnerability on the web server.
How will the software circuit firewall react to an exploit of this
vulnerability? Answer: It will filter based solely on initial session
setup.
◉ During preproduction testing, a key security control is found to be
missing. This oversight inadvertently
allows users to view data they are not authorized to access. Upon
review of the initial security
, requirements, it was stated that authentication, authorization, and
accounting (AAA) of users was
required in the design of the system.
What occurred during the systems development life cycle (SDLC)
that caused this problem? Answer: No objective security reviews
were conducted to ensure security requirements
were being met during the development phase.
◉ Many of the devices a company uses are stand-alone, third-party
appliances. While the appliances are
evaluated for security concerns at the time of purchase, many have
reached the end of their support and will need to be replaced soon.
What should a security administrator do to protect these assets
before they are disposed of and replaced? Answer: Use a defense-in-
depth strategy
◉ During the initiation phase of the systems development life cycle
(SDLC), an administrator is working on a
new system that will support remote access to the organization's
disaster recovery environment. As part
of the effort, the administrator is attempting to calculate the
bandwidth required to support systems
identified in the business impact analysis.
2026 EXAM PREPARATION PACK KEY
NETWORK TOPOLOGIES FIREWALL
CONFIGURATION AND SECURITY CONTROLS
WITH SAMPLE QUESTIONS
◉ A company has been the target of multiple social engineering
attacks and is implementing a new
mandatory security awareness training program to reduce the risk
of a future compromise. The security
administrator is mainly concerned with the following attack vectors:
Spoofed emails containing fake password reset links aimed at
harvesting employees' passwords
Phone calls to the helpdesk by a malicious user pretending to be an
employee needing a password reset
A malicious user tailgating while impersonating a contractor to steal
employees' mobile devices
What are the two vulnerabilities that the company needs to address
to meet the above requirements? Answer: Untrained users and Lack
of Secure access control
◉ An email link takes a user to an online store. After clicking the
link, the user is redirected to a spoofed
,online store.
Which type of attack is occurring? Answer: Cross-site scripting
◉ Which device is responsible for performing stateful packet
inspection on traffic traversing connected
segments? Answer: Firewall
◉ Which device is Layer 7 aware and provides both filtering of
unwanted source IP traffic from accessing a
network and policy on which ports may be used? Answer:
Application firewall
◉ A software circuit firewall is on the network providing protection
for a web server. There is a cross-site
scripting vulnerability on the web server.
How will the software circuit firewall react to an exploit of this
vulnerability? Answer: It will filter based solely on initial session
setup.
◉ During preproduction testing, a key security control is found to be
missing. This oversight inadvertently
allows users to view data they are not authorized to access. Upon
review of the initial security
, requirements, it was stated that authentication, authorization, and
accounting (AAA) of users was
required in the design of the system.
What occurred during the systems development life cycle (SDLC)
that caused this problem? Answer: No objective security reviews
were conducted to ensure security requirements
were being met during the development phase.
◉ Many of the devices a company uses are stand-alone, third-party
appliances. While the appliances are
evaluated for security concerns at the time of purchase, many have
reached the end of their support and will need to be replaced soon.
What should a security administrator do to protect these assets
before they are disposed of and replaced? Answer: Use a defense-in-
depth strategy
◉ During the initiation phase of the systems development life cycle
(SDLC), an administrator is working on a
new system that will support remote access to the organization's
disaster recovery environment. As part
of the effort, the administrator is attempting to calculate the
bandwidth required to support systems
identified in the business impact analysis.
