WGU C700 Pre-Assessment Secure Network
Design 2023/ 2024 Exam | Actual Exam
Questions and Verified Answers | A Grade
Q: Which protocol provides background security support services for IPSec by negotiating,
establishing, modifying, and deleting security associations?
Secure sockets layer (SSL)
Transport layer security (TLS)
Internet small computer system interface (iSCSI)
Internet security association and key management protocol (ISAKMP)
Answer:
Internet security association and key management protocol (ISAKMP)
Q: A company needs to securely connect a client with the company’s server. The security is
handled by the two hosts and the traffic carried belongs only to the two hosts.
Which interconnection provision should be used between this server and this client?
Site-to-site virtual private network (VPN)
Host-to-site virtual private network (VPN)
Host-to-host virtual private network (VPN)
Remote access virtual private network (VPN)
Answer:
Host-to-host virtual private network (VPN)
Q: Two partnering companies are interested in connecting their respective IPSec gateways
through a secure connection.
Which interconnection is needed to meet this goal?
Site-to-site virtual private network (VPN)
Site-to-host virtual private network (VPN)
Host-to-site virtual private network (VPN)
Host-to-host virtual private network (VPN)
Answer:
Site-to-site virtual private network (VPN)
Q: An organization is interested in implementing a virtual private network (VPN) that will
extend the company’s network to all the branches.
What is the appropriate VPN technology to deploy?
VPN router
VPN gateway
Site-to-site VPN
Host-to-site VPN
Answer:
Site-to-site VPN
Q: A network administrator needs to maintain a list of destination networks along with metrics
of direction using a protocol service that operates at the network layer.
Which protocol should be used?
Secure sockets layer (SSL)
Point-to-point protocol (PPP)
Remote procedure call (RPC)
Routing information protocol (RIP)
Answer:
Routing information protocol (RIP)
Q: A network administrator is implementing a new virtual private network (VPN) for an
organization. The administrator needs to use a tunneling protocol that protects transmitted traffic
and supports the transmission of multiple protocols at the data link layer in the OSI model.
Which protocol should be used?
Layer 2 forwarding (L2F)
Layer 2 tunneling protocol (L2TP)
Internet protocol security (IPSec)
Point-to-point tunneling protocol (PPTP)
Answer:
Layer 2 tunneling protocol (L2TP)
Q: An institution is using a network application that supports an exchange of files.
Which application layer protocol should be used?
File transfer protocol (FTP)
Remote procedure call (RPC)
Border gateway protocol (BGP)
Structured query language (SQL)
Answer:
File transfer protocol (FTP)
Q: A school uses a link state routing protocol at the network layer to maintain a topography
map of all connected networks.
Which protocol should be used?
Open shortest path first (OSPF)
Routing information protocol (RIP)
Interior gateway routing protocol (IGRP)
Enhanced interior gateway routing protocol (EIGRP)
Answer:
Open shortest path first (OSPF)
WGU C700 Secure Network Design 2023/
2024 Exam | Actual Questions and Verified
Answers | A Grade
Q: Which OSI process ensures that each OSI layer at the sender adds its own information to the
packet and each OSI layer at the receiver strips off its corresponding information?
Answer:
encapsulation
Q: Your network contains four segments. Which network devices can you use to connect two or
more of the LAN segments together?
Answer:
Router
Switch
Bridge
Q: Your manager has asked you to improve network security by confining sensitive internal
data traffic to computers on a specific subnet using access control lists (ACLs). Where should the
ACLs be deployed?
Answer:
Routers
Q: Which protocols operate at the Transport layer of the OSI model?
Answer:
TCP
UDP
Q: In your organization’s Windows network, you have implemented policies that allow users to
only log in to the network from certain workstations. What concept does this action represent?
Answer:
Enforced path
Q: You need to solve a traffic problem occurring on a large Ethernet network. Within this large
segment, the accounting department is flooding the network with a high volume of data, which
causes the entire network to slow down.
Which device is a quick and low-cost solution to isolating the accounting department?
Answer:
bridge
Q: You manage the security for a small corporate network that includes a hub and firewall. You
want to provide protection against traffic sniffing. What should you do?
Answer:
Replace the hub with a switch.
Q: Which type of firewall hides a packet’s true origin before sending it through another
network?
Answer:
proxy firewall
Q: What are the key functions of the OSI Network layer?
Answer:
Path selection
Logical addressing
Q: At which layer of the OSI model do routers operate?
Answer:
Network
Q: Which function does the Session layer of the OSI model provide?
Answer:
data synchronization
Q: Which network device or component ensures that the computers on the network meet an
organization’s security policies?
Answer:
NAC
Q: Which network device provides a transparent firewall solution between an internal network
and outside networks?
Answer:
NAT router
Q: Which network device acts as an Internet gateway, firewall, and Internet caching server for a
private network?
Answer:
proxy server
Q: Which media-access method does the 802.11 standard specify for wireless networks?
Answer:
CSMA/CA
Q: Which network entity uses one public IP address and acts as the interface between a local
area network and the Internet?
Answer:
NAT
Q: Which radio transmission technology does the 802.11b standard specify?
Answer:
direct sequence spread spectrum (DSSS)
Q: You are configuring a computer to connect to the Internet. Which information must a
computer on a network have before it can communicate with the Internet?
Answer:
the IP address, default gateway, and subnet mask
Q: You are designing an Ethernet network. The Ethernet specification you select for the
network should support a data transmission rate of 100 megabits per second (Mbps) and a
maximum cable segment length of 2,000 meters (m). The cable used in the Ethernet specification
you select should also be immune to crosstalk.
Which Ethernet specification should you use on the network?
WGU C700 Secure Network Design 2023/
2024 Exam Prep| Questions and Verified
Answers | 100% Correct
Q: An active hub has circuitry that allows
Answer:
signal regeneration
Q: In a ……………. topology, cabling termination errors can crash the entire network.
Answer:
star-wired
Q: In a star-wired topology, ………………. errors can crash the entire network.
Answer:
cabling termination
Q: A passive hub connects devices in a ……………., but it does not provide any signal
regeneration.
Answer:
star topology
Q: ………………. is classified as a rule-based access control device.
Answer:
A firewall
Q: A firewall is classified as ………………. access control device.
Answer:
a rule-based
Q: Behavior-based IDS –
Answer:
An IDS that uses a learned activity baseline to identify intrusion attempts
Q: Signature-based IDS –
Answer:
An IDS that maintains an attack profile database to identify intrusion attempts
Q: Host-based IDS –
Answer:
An IDS that only monitors a single particular device for intrusion attempts
Q: Network-based IDS –
Answer:
An IDS that monitors an entire network segment for intrusion attempts
Q: an ………………. only detects intrusion attempts and employs the configured alerts to ensure
that the intrusion attempts is recorded and reported
Answer:
IDS
Q: Ethernet II frames include ………………. byte Type field.
Answer:
a twoQ: ……………. frames include a two-byte Type field.
Answer:
Ethernet II
Q: Ethernet II frames include a two-byte ………………. field.
Answer:
Type
Q: The two-byte length field is included in frames.
Answer:
802.3
Q: The 802.1Q tag, is the ………………. tag
Answer:
virtual LAN (VLAN)
Q: Both Versions 1 and 2 of ………………. use hop count as the primary metric to determine the
most desirable network path
Answer:
RIP
Q: of RIP use hop count as the primary metric to determine the most desirable network path
Answer:
Both Versions 1 and 2
Q: Convergence refers to
Answer:
the amount of time it takes for routing updates to be propagated to all routers throughout the
network.
Q: RIP v1, RIP v2, and IGRP are considered
Answer:
distance vector protocols.
Q: Open Shortest Path First (OSPF) is a ………………. protocol.
Answer:
link-state
WGU C700 Secure Network Design 2023/
2024 Exam | Real Questions and Verified
Answers | A Grade
Q: As a fundamental concept of network security, backups are vital to incident recovery. A
security administrator has been tasked with reporting on the pros and cons of various
backup/recovery technologies and is preparing a list of these technologies
- Online storage
- Offsite storage
- Onsite storage
Match the advantages and disadvantages with each backup/recovery technol- ogy to assist the
security administrator. - Offers access to data from any Internet connection
- Better option when faced with possible major catastrophes affecting connec- tivity
- Provides for quick recoveries while controlling the physical/logical informa- tion
- Puts data on someone else’s hardware
- Requires rented/leased space for storage
- Subject to physical threats under the organizations control
Answer: - Offers access to data from any Internet connection : online storage
- Better option when faced with possible major catastrophes affecting connectivity:
offsite storage - Provides for quick recoveries while controlling the physical/logical information: Onsite storage
- Puts data on someone else’s hardware: Online storage
- Requires rented/leased space for storage: Offsite storage
- Subject to physical threats under the organizations control: Onsite storage
Q: A company is concerned about employee usernames and passwords be- ing obtained through
phishing campaigns.
Which emerging technology should the company employ to keep this from happening?
Answer:
Tokens
Q: Which method could be used to protect against data leakage?
Answer:
Deep con- tent inspection
Q: A large organization will be heavily dependent on a number of in-house web services that
are Internet-facing.
Which control should be used by this organization to protect against Inter- net-based attackers?
Answer:
Application firewall
Q: A security administrator has decided that it is important to simplify the management of
many of the edge security devices through a single web in- terface. The administrator decides to
purchase a replacement security device that can filter common website attacks, allow users
remote access to their network resources, and scan emails for malware.
What should the administrator deploy to meet these goals?
Answer:
Hybrid firewall
Q: Recently, many organizations are embracing Bring Your Own Device
(BYOD) as a means to reduce cost.
What is the primary reason these organizations must ensure malware detec- tion remains a top
priority?
Answer:
To protect the organization from attacks introduced by the lack of a perimeter
Q: A security administrator has recently subscribed to online threat feeds that discuss continual
security improvement, better log visibility, and improved risk mitigation techniques.
Which explanation should be given as the reason for improving continuous detection processes
in these discussions?
Answer:
New vulnerabilities are identified every day, and as such networks need to adapt
Q: A company is in the process of separating valid network traffic from malicious traffic.
Currently, the company does not want to block valid traffic that would cause an outage to an
application.
Which device will monitor and classify potential malicious traffic to improve current policies?
Answer:
Intrusion Detection System (IDS)
Q: What are two security controls that are applicable to the LAN-to-WAN
domain?
Choose 2 answers
Answer:
Proxy server
Stateful packet inspection
Q: A company’s chief executive officer (CEO) is traveling overseas for a business meeting and
wants to protect emails and video conference calls from a breach in confidentiality.
Which strategy should be used to achieve this objective?
Answer:
Secure a VPN back into the corporate offices.
Q: An enterprise environment has multiple stakeholders, each of whom has a unique role,
responsibility, and level of access.
What is a cost-effective method of segmenting the network for this environ- ment?