WGU D415 – SDN | OA | OBJECTIVE ASSESSMENT EXAM QUESTIONS AND CORRECT DETAILED ANSWERS

Prepare for the WGU D415 Software Defined Networking (SDN) objective assessment (OA) exam with this comprehensive question bank. Contains actual exam questions with correct detailed answers covering all essential SDN and NFV domains: OpenStack modules (Nova, Glance, Keystone, Cinder, Swift, Neutron, Horizon, Heat, Ceilometer, Ironic, Congress, Designate, Barbican, Murano, Trove, Sahara, Manila, Zaqar, Magnum), virtual overlay networks provisioning, defense-in-depth layers (preventative, detection/response, recovery), authenticated vulnerability scanning, secure boot for VNF authenticity, physical resource segregation for security, IPS vs IDS (IPS takes configured action on threats), security threat classification (intentional/unintentional), TAP/SPAN ports for IDS to avoid inline performance impact, centralized networking advantages (easy deployment/management), firewalls blocking controller-southbound connectivity, network programmability benefits (reduced user error), OpenStack Swift for unstructured data storage, Glance for VM image management, Barbican for secure authentication storage, SDN southbound API (controller to OpenFlow switch/router communication), northbound API connecting application and control layers, bastion host as main point of contact for incoming connections, traditional firewalls fail to protect against internal attacks, controller diversity for security/intrusion tolerance, proactive/reactive security recovery mechanisms, clustering defends against single point of failure in controller, logs for event analysis/troubleshooting, moving target defense (MTD) shuffling technique (swapping computing architectures), CVSS as open-source framework for software vulnerability identification/definition, software-defined security key features (policy-driven automated orchestration, removing human middleware), proactive security (changing attack surface over time), SNMP advantage over NetFlow (real-time management functionality), firewall restricts access between protected network and internet, IPS can reset network connection automatically, centralized logging interdependent services (collect logs, transport logs), communication between LANs requires router, event-based telemetry exposes link state change (up up to up down), transport OSI layer handles segment PDU, OpenFlow protocol defines controller-network device communication, Ansible open-source network automation tool, infrastructure as code for reliable state, SDN introduces flexibility/dynamism/automation into network object management, OpenStack Keystone provides authentication, SDN southbound interface for controller to manage forwarding elements, Beacon OpenFlow controller multi-threaded cross-platform modular, DHCP server destination port 67, IPv6 anycast address identifies each network interface, VLANs as logical LANs based on physical LANs, network virtualization benefit: debugging and intrusion detection via slices, Layer 2 switch controls data frames to connected devices, L2TP supports VPNs without encryption, AAA authorization for granting user privileges, password authentication (what user knows), attack phase reconnaissance (gathering information), vulnerability as weakness/gap in security system, cyber kill chain exploitation (actual detonation of attack), defense-in-depth detection and response mechanism (watches activities to determine attacks/repair damages), NIST publishes security frameworks/standards, logging provides deep insight into events, IPS proactively examines/detects/prevents vulnerability exploitation, application plane security problems (cross-site scripting, request forgery), OpenFlow protocol enables SDN controller to interact with switch/router, virtual router prohibits VXLAN network communication with other networks, virtual firewall inspects packets and provides filtering/monitoring for VMs, SDN microsegmentation fine-grained data flow policy management reduces attack surface, distributed firewall topology independence protects telecommuters, proxy program deals with external devices on behalf of internal clients, network automation configures multiple wireless access points, automation software can add firewall to network, Ansible playbook logic, Chef written in C++/Clojure/Ruby, SDN enables single device configured for switching/routing/load balancing/security monitoring, NFV moves network functions from dedicated hardware to non-physical environment, NIST 800-125B virtual firewalls for delay-sensitive VMs, NIST 800-125B firewall integrated with virtualization management platform, NIST 800-53 generate timestamps for audit records, NFV moved functions from stand-alone appliances to software on any server, NFV pay-as-you-go services without large upfront investment, VNFs as software applications performing specific network tasks within NFV architecture, NFV and SDN mutually beneficial used together, RBAC for differentiated access based on entitlement, IEEE 1588 synchronized clock for accurate time-sensitive event correlation, SDLC initiation phase includes security categorization and preliminary risk assessment, quantitative and qualitative risk analysis methodologies, asset as anything of value to organization, workload migrations impact NFV tenant quality of service/security, VNF manager vulnerability allows attackers to obtain cryptographic keys, key concept in host routing: single gateway preferred for specific traffic type, Nessus vulnerability scanning program, bastion firewall placed in DMZ withstands attacks, application plane developed for telemetry, hardware end-of-life compromised data security due to reduced security fix support. Essential for WGU D415 SDN OA exam success.