WGU C700 Pre-Assessment Secure Network
Design Exam (Latest 2023/ 2024) | Real
Questions and Verified Answers | A Grade
QUESTION
What should a network administrator do to ensure that the server operating system is up to date?
Install patches
Update default settings
Implement physical security
Limit the use of the root account
Answer:
Install patches
QUESTION
Which form of firewall control is implemented at the Layer 3 level of the OSI model?
Next-generation firewall
Circuit-level gateway firewall
Static packet-filtering firewall
Application-level gateway firewall
Answer:
Static packet-filtering firewall
QUESTION
Which Layer 2 control protocol is implemented to resolve internet protocol (IP) addresses into
media access control (MAC) addresses?
Address resolution protocol (ARP)
Hypertext transfer protocol (HTTP)
Internet message access protocol (IMAP)
Simple network management protocol (SNMP)
Answer:
Address resolution protocol (ARP)
QUESTION
Which Layer 3 firewall can recognize malware applications?
Proxy
Circuit-level
Next-generation
Stateful packet inspection
Answer:
Next-generation
QUESTION
Which access point hardening technology must be used in conjunction with the 802.11i standard
for wireless transmission between the access point and the wireless client host?
Layer 2 switch
Layer 3 switch
Wireless access point
Protected access point
Answer:
Protected access point
QUESTION
Which hardening technique satisfies a policy that requires complete integrity from the download
source for all files downloaded by employees to the organization’s workstations?
Source-based firewall for packet inspection downloads
State-based firewall for packet inspection downloads
Intrusion prevention system (IPS) to quarantine downloaded files until they are approved by an
administrator
Intrusion detection system (IDS) that requires the message-digest algorithm 5 (MD5) or the
secure hash algorithm (SHA) totals from the source
Answer:
Intrusion detection system (IDS) that requires the message-digest algorithm 5 (MD5) or the
secure hash algorithm (SHA) totals from the source
QUESTION
Which hardening technique satisfies a policy that requires complete confidentiality for data
transmission of customer financial data during a web-based purchase transaction that is sent to a
corporate web server from a customer web browser?
Implementing a Kerberos authentication process that is required for customers prior to sending
data
Implementing secure sockets layer (SSL) on the web server that is required for customers prior
to sending data
Requiring customers to use the secure real-time transport protocol to establish a connection with
the web server prior to sending data
Requiring customers to use the challenge handshake authentication protocol to establish a
connection to the web server prior to sending data
Answer:
Implementing secure sockets layer (SSL) on the web server that is required for customers prior
to sending data
QUESTION
Which hardening technique satisfies a policy that requires complete confidentiality for VoIP
communications?
Pretty good privacy (PGP)
Secure sockets layer (SSL)
MIME object security services (MOSS)
Secure real-time transport protocol (SRTP)
Answer:
Secure real-time transport protocol (SRTP)
WGU C700 Secure Network Exam Design
(Latest 2023/ 2024) | Actual Questions and
Verified Answers | A Grade
QUESTION
A device on a network is pinging over 100 endpoints on the infrastructure. The IP and MAC
addresses belong to the network management system. How- ever, the MAC address has been
spoofed. The machine is tracked down, and
it is an unknown rogue device that somehow got past the network admission control (NAC)
device.
Which action should be taken from this point forward?
Answer:
Contain and unplug this device from the network.
QUESTION
A network has been subjected to a series of simple yet aggressive attacks for a number of weeks.
The company’s leadership and security team want to know the type of information the attacker is
searching for, and the ways in which the attacker has been successful.
What are three methods that should be used to research the attacker’s inten- tions and
capabilities?
Choose 3 answers
Answer:
Honeynet
Padded cell
Honeypot
QUESTION
An alarm has been triggered based on the Intrusion Detection System (IDS) thresholds on a
company’s main operational network. An immediate analy- sis of the IDS logs shows an intruder
successfully breached the perimeter network defenses and began data exfiltration. Although the
network security
administrator managed to lock out the intruder and deny access from the source, the company
must now go into “incident response” mode.
Which three goals should the administrator accomplish as quickly as possi- ble?
Choose 3 answers
Answer:
Minimize operational and network downtime. Restore the environment back to a secured normal
state.
Minimize loss (e.g., financial, reputational, data, intellectual property).
QUESTION
An application server was recently attacked, resulting in compromise of all transactional credit
card information via the website. It was revealed that the attacker was able to compromise a
system administrator’s computer via a spear phishing attack. This gave the attacker the ability to
compromise the application server.
Which network security management practice should be applied to treat these operational
weaknesses?
Answer:
Increase training of information technology staff on the dangers of social engineering.
QUESTION
An attacker compromises an Internet-facing web server. The attacker then uses the compromised
web server to gain unauthorized access to other internal servers.
Which control or design consideration prevents exploitation of the internal network?
Answer:
Demilitarized zone
QUESTION
Recently, a company experienced several malware infections. Though the virus scanners have
been regularly updated, re-infections happen regularly. An investigation of the infected PCs
shows that several critical OS files have not been updated in more than a year.
Which two strategies should the company deploy in the future to detect and minimize the
possibility of this kind of infection?
Choose 2 answers
Answer:
Vulnerability assessments
Patch management
QUESTION
Company A has established a business partnership with Company B. Company A and Company
B need to securely interconnect their networks, while minimally impacting the end-user
experience.
How should access to these two networks be granted?
Answer:
Site-to-site VPN
QUESTION
A company’s chief information officer (CIO) has tasked the network secu- rity team with a set of
requirements for the next iteration of network security. The CIO wants a solution that will
implement the following items:
Access control
- Connectionless data integrity checking
- Data origin authentication
- Replay detection and rejection
- Confidentiality using encryption
- Traffic flow confidentiality
- What provides this set of services?
Answer:
Internet Protocol Security (IPSec)
WGU C700 Secure Network Design Exam
Practice (Latest 2023/ 2024) | Questions and
Verified Answers | 100% Correct
QUESTION
On a TCP/IP network, there are over ………………. ports that are vulnerable.
Answer:
65,000
QUESTION
The first ………………. ports are the well-known ports
Answer:
1,024
QUESTION
The first 1,024 ports are the ………………. ports
Answer:
well-known
QUESTION
An Active Hub Is On the ……………. OSI Layer
Answer:
Physical
QUESTION
Active hub has what?
Answer:
regeneration
QUESTION
passive hub doesn’t have what?
Answer:
regeneration
QUESTION
Flow control, error notification, physical device addressing, and specification of the networking
topology can take place at the ………………. layer
Answer:
Data-link
QUESTION
An ………………. is an access control method that limits the paths through which a user can access
resources
Answer:
enforced path
QUESTION
An enforced path is an access control method that
Answer:
limits the paths through which a user can access resources
QUESTION
A ………………. is a mechanism that allows a user to communicate with the trusted computing
base (TCB).
Answer:
trusted path
QUESTION
A trusted path is a mechanism that allows a user to communicate with ……………….
Answer:
the trusted computing base (TCB).
QUESTION
A ………………. is a set of resources that are managed by the same security policy and security
group
Answer:
security domain
QUESTION
A security domain is a set of resources that are managed by the ……………….
Answer:
same security policy and security group
QUESTION
………………. is the hardware, firmware, and software resources of a TCB.
Answer:
A security kernel
QUESTION
A security kernel is the hardware, firmware, and software resources of a
Answer:
trusted computing base (TCB)
QUESTION
The ………………. copies a frame’s destination address to the switch’s buffer and then sends the
frame to its destination.
Answer:
cut-through method
QUESTION
The cut-through method copies a frame’s ……………. to the switch’s buffer and then sends the
frame to its destination.
Answer:
destination address
QUESTION
The ………………. method copies an entire frame to its buffer,
Answer:
store-and-forward
QUESTION
The store-and-forward method copies an ………………. to its buffer,
WGU C700 Secure Network Design Exam
(Latest 2023/ 2024) | Actual Questions and
Verified Answers | A Grade
QUESTION
You are configuring a computer to connect to the Internet. Which information must a computer
on a network have before it can communicate with the Internet?
Answer:
the IP address, default gateway, and subnet mask
QUESTION
You must propose a cabling scheme for your company’s new location. Several departments are
located on the same floor with a maximum distance of 61 meters (200 feet) between
departments. You want a relatively easy, low-cost installation with simple connections.
Which type of cabling would you propose?
Answer:
Twisted-pair
QUESTION
Which layer of the TCP/IP model corresponds to the Transport layer of the OSI model?
Answer:
Transport
QUESTION
Which unshielded twisted-pair (UTP) category consists of four twisted pairs of copper wire and
is certified for transmission rates of up to 100 Mbps?
Answer:
Category 5
QUESTION
You are preparing to perform routine maintenance on the network. The network must remain
inaccessible while you are performing this maintenance. You send a message with the packet
header 135.135.255.255.
Answer:
It broadcasts your message to all stations on the 135.135 network.
QUESTION
Which notation is the network prefix that is used to denote an unsubnetted Class C IP address?
Answer:
/8
QUESTION
What should you use to connect a computer to a 100BaseTX Fast Ethernet network?
Answer:
Use a CAT5 UTP cable with an RJ-45 connector.
QUESTION
Which device converts messages between two dissimilar electronic mail (e-mail) applications?
Answer:
e-mail gateway
QUESTION
Which characteristics apply to Fast Ethernet 100Base-TX networks?
100 Mbps data-transmission rate
Two pairs of Category 5 UTP cabling
Four pairs of Category 3, 4, or 5 UTP cabling
Maximum segment length of 100 meters (328 feet)
Maximum segment length of 412 meters (1,352 feet) half-duplex
Answer:
100 Mps data-transmission rate
Two pairs of Cat 5 UTP cabling
Max segment length of 100m
QUESTION
You are deploying a virtual private network (VPN) for remote users. You have decided to deploy
the VPN gateway in its own demilitarized zone (DMZ) behind the external firewall. What are the
benefits of this deployment?
Answer:
The firewall can protect the VPN gateway and inspect plain text from the VPN
QUESTION
You are servicing a Windows computer that is connected to your company’s Ethernet network.
You need to determine the manufacturer of the computer’s NIC. You issue the ipconfig /all
command in the command prompt window and record the NIC’s MAC address, which is 00-20-
AF-D3-03-1B.
Which part of the MAC address will help you to determine the NIC’s manufacturer?
Answer:
00-20-AF
QUESTION
Which cable type is vulnerable to the use of vampire taps?
Answer:
Coaxial
QUESTION
What is the base network ID for the address 196.11.200.71/18?
Answer:
196.11.192.0
QUESTION
You administer a TCP/IP network that is not subnetted. One of the network hosts has the
following IP address: 130.250.0.10. Which IP address is the network ID of the network you
administer?
Answer:
130.250.0.0
QUESTION
You want to use the IANA-designated private IP address range that private IP address range with
a maximum of 16 bits to provide host IP addresses.
Which IP address is a valid host IP address in this range?
Answer:
192.168.0.1
QUESTION
You are a consultant. One of your clients has asked you to establish network hosts for its
network. This network is connected to the Internet.What is the maximum number of hosts that
this company can have with a network address of 208.15.208.0 using the default subnet mask?
Answer:
254