WGU D482 PERFOMANCE ASSESSMENT (Secure Network
Design - D482) SCORED A+
Question 1
Which of the following is considered the primary goal of the Confidentiality
principle within the CIA Triad?
A) Ensuring that systems and data are accessible to authorized users when
needed.
B) Preventing unauthorized disclosure of information.
C) Maintaining the accuracy and completeness of data.
D) Guaranteeing the continuous operation of network services.
E) Providing accountability for user actions.
Correct Answer: B) Preventing unauthorized disclosure of information
Rationale: Confidentiality, as part of the CIA Triad, focuses on protecting
information from unauthorized access and disclosure.
Question 2
A company has recently experienced a data breach where sensitive
customer information was altered without authorization. Which principle of
the CIA Triad was primarily compromised?
A) Availability
B) Confidentiality
C) Integrity
D) Non-repudiation
E) Authenticity
Correct Answer: C) Integrity
Rationale: Integrity ensures that data is accurate, complete, and protected
from unauthorized modification. An alteration of data without authorization
directly violates this principle.
Question 3
A Distributed Denial of Service (DDoS) attack aims to overwhelm a network
or server with excessive traffic, making it inaccessible to legitimate users.
Which security objective is directly targeted by a DDoS attack?
,A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
E) Access Control
Correct Answer: C) Availability
Rationale: DDoS attacks specifically target the availability principle by
disrupting network resources and making systems inaccessible to legitimate
users.
Question 4
Which of the following best describes the function of a firewall in a secure
network design?
A) Encrypting all data transmitted across the network.
B) Monitoring network traffic for suspicious activity and reporting it.
C) Acting as a barrier between different network segments, filtering traffic
based on predefined rules.
D) Providing secure remote access to internal network resources.
E) Collecting and analyzing security logs from various devices.
Correct Answer: C) Acting as a barrier between different network segments,
filtering traffic based on predefined rules
Rationale: Firewalls act as a barrier, monitoring and controlling network
traffic based on predefined security rules to prevent unauthorized access.
Question 5
An Intrusion Detection System (IDS) is primarily designed to perform which
of the following actions?
A) Block malicious traffic in real-time before it reaches the target.
B) Encrypt data at rest and in transit.
C) Monitor network traffic for suspicious activity and generate alerts.
D) Authenticate users attempting to access network resources.
E) Segment a network into isolated zones.
,Correct Answer: C) Monitor network traffic for suspicious activity and
generate alerts
Rationale: An IDS monitors network traffic for suspicious activity or policy
violations and generates alerts, but it does not actively block traffic.
Question 6
What is the key difference between an Intrusion Detection System (IDS) and
an Intrusion Prevention System (IPS)?
A) IDS encrypts traffic, while IPS decrypts it.
B) IDS only monitors and alerts, while IPS can actively block or prevent
detected threats.
C) IDS operates at the application layer, while IPS operates at the network
layer.
D) IDS is software-based, while IPS is hardware-based.
E) IDS is used for internal threats, while IPS is for external threats.
Correct Answer: B) IDS only monitors and alerts, while IPS can actively block
or prevent detected threats
Rationale: The primary distinction is that an IDS detects and reports, whereas
an IPS extends this capability by taking automatic action to prevent the
threat, such as dropping malicious packets.
Question 7
Which security solution aggregates and correlates security event data from
various sources across an organization's network to provide centralized
monitoring and analysis?
A) Virtual Private Network (VPN)
B) Intrusion Prevention System (IPS)
C) Network Access Control (NAC)
D) Security Information and Event Management (SIEM)
E) Web Application Firewall (WAF)
Correct Answer: D) Security Information and Event Management (SIEM)
Rationale: SIEM systems collect, aggregate, and analyze security logs and
, event data from various sources (firewalls, IDS/IPS, servers, applications) to
provide real-time monitoring, threat detection, and compliance reporting.
Question 8
In the context of network segmentation, what is the primary benefit of
dividing a network into smaller, isolated zones using VLANs or physical
means?
A) To increase overall network bandwidth for all users.
B) To simplify IP address management across the entire organization.
C) To limit the spread of threats and contain the impact of a security breach.
D) To reduce the number of required network devices.
E) To allow for easier public access to internal resources.
Correct Answer: C) To limit the spread of threats and contain the impact of a
security breach
Rationale: Network segmentation isolates sensitive data and limits the lateral
movement of threats, thereby containing the potential impact of a security
breach.
Question 9
Which of the following best describes the principle of "least privilege" in
secure network design?
A) Granting all users full administrative access to all systems.
B) Allowing users access to any resource they request, regardless of their
role.
C) Providing users with only the minimum level of access necessary to
perform their job functions.
D) Restricting network access based solely on IP address.
E) Implementing multi-factor authentication for all network services.
Correct Answer: C) Providing users with only the minimum level of access
necessary to perform their job functions
Rationale: The principle of least privilege dictates that users (or systems)
Design - D482) SCORED A+
Question 1
Which of the following is considered the primary goal of the Confidentiality
principle within the CIA Triad?
A) Ensuring that systems and data are accessible to authorized users when
needed.
B) Preventing unauthorized disclosure of information.
C) Maintaining the accuracy and completeness of data.
D) Guaranteeing the continuous operation of network services.
E) Providing accountability for user actions.
Correct Answer: B) Preventing unauthorized disclosure of information
Rationale: Confidentiality, as part of the CIA Triad, focuses on protecting
information from unauthorized access and disclosure.
Question 2
A company has recently experienced a data breach where sensitive
customer information was altered without authorization. Which principle of
the CIA Triad was primarily compromised?
A) Availability
B) Confidentiality
C) Integrity
D) Non-repudiation
E) Authenticity
Correct Answer: C) Integrity
Rationale: Integrity ensures that data is accurate, complete, and protected
from unauthorized modification. An alteration of data without authorization
directly violates this principle.
Question 3
A Distributed Denial of Service (DDoS) attack aims to overwhelm a network
or server with excessive traffic, making it inaccessible to legitimate users.
Which security objective is directly targeted by a DDoS attack?
,A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
E) Access Control
Correct Answer: C) Availability
Rationale: DDoS attacks specifically target the availability principle by
disrupting network resources and making systems inaccessible to legitimate
users.
Question 4
Which of the following best describes the function of a firewall in a secure
network design?
A) Encrypting all data transmitted across the network.
B) Monitoring network traffic for suspicious activity and reporting it.
C) Acting as a barrier between different network segments, filtering traffic
based on predefined rules.
D) Providing secure remote access to internal network resources.
E) Collecting and analyzing security logs from various devices.
Correct Answer: C) Acting as a barrier between different network segments,
filtering traffic based on predefined rules
Rationale: Firewalls act as a barrier, monitoring and controlling network
traffic based on predefined security rules to prevent unauthorized access.
Question 5
An Intrusion Detection System (IDS) is primarily designed to perform which
of the following actions?
A) Block malicious traffic in real-time before it reaches the target.
B) Encrypt data at rest and in transit.
C) Monitor network traffic for suspicious activity and generate alerts.
D) Authenticate users attempting to access network resources.
E) Segment a network into isolated zones.
,Correct Answer: C) Monitor network traffic for suspicious activity and
generate alerts
Rationale: An IDS monitors network traffic for suspicious activity or policy
violations and generates alerts, but it does not actively block traffic.
Question 6
What is the key difference between an Intrusion Detection System (IDS) and
an Intrusion Prevention System (IPS)?
A) IDS encrypts traffic, while IPS decrypts it.
B) IDS only monitors and alerts, while IPS can actively block or prevent
detected threats.
C) IDS operates at the application layer, while IPS operates at the network
layer.
D) IDS is software-based, while IPS is hardware-based.
E) IDS is used for internal threats, while IPS is for external threats.
Correct Answer: B) IDS only monitors and alerts, while IPS can actively block
or prevent detected threats
Rationale: The primary distinction is that an IDS detects and reports, whereas
an IPS extends this capability by taking automatic action to prevent the
threat, such as dropping malicious packets.
Question 7
Which security solution aggregates and correlates security event data from
various sources across an organization's network to provide centralized
monitoring and analysis?
A) Virtual Private Network (VPN)
B) Intrusion Prevention System (IPS)
C) Network Access Control (NAC)
D) Security Information and Event Management (SIEM)
E) Web Application Firewall (WAF)
Correct Answer: D) Security Information and Event Management (SIEM)
Rationale: SIEM systems collect, aggregate, and analyze security logs and
, event data from various sources (firewalls, IDS/IPS, servers, applications) to
provide real-time monitoring, threat detection, and compliance reporting.
Question 8
In the context of network segmentation, what is the primary benefit of
dividing a network into smaller, isolated zones using VLANs or physical
means?
A) To increase overall network bandwidth for all users.
B) To simplify IP address management across the entire organization.
C) To limit the spread of threats and contain the impact of a security breach.
D) To reduce the number of required network devices.
E) To allow for easier public access to internal resources.
Correct Answer: C) To limit the spread of threats and contain the impact of a
security breach
Rationale: Network segmentation isolates sensitive data and limits the lateral
movement of threats, thereby containing the potential impact of a security
breach.
Question 9
Which of the following best describes the principle of "least privilege" in
secure network design?
A) Granting all users full administrative access to all systems.
B) Allowing users access to any resource they request, regardless of their
role.
C) Providing users with only the minimum level of access necessary to
perform their job functions.
D) Restricting network access based solely on IP address.
E) Implementing multi-factor authentication for all network services.
Correct Answer: C) Providing users with only the minimum level of access
necessary to perform their job functions
Rationale: The principle of least privilege dictates that users (or systems)
