WGU Network-and-Security-Foundation Network-and-Security-Foundation Exam Dumps: Updated Questions & Answers (November 2025)

Confidentialityensures that sensitive information is protected from unauthorized access.Encryptionis a key mechanism used to maintain confidentiality by converting readable data into a secure format that can only be accessed with a decryption key.

Integrityensures data is not altered improperly but does not directly relate to encryption.

Availabilityfocuses on system uptime and accessibility.

Applicationis not a component of the CIA triad.

TheTransport layer(Layer 4 of the OSI model) includes theTransmission Control Protocol (TCP), which provides reliable, connection-oriented communication. TCP ensures error-checking, sequencing, and retransmission of lost packets.

Application layerdeals with end-user protocols like HTTP and FTP.

Session layermanages communication sessions but not transport protocols.

Network layerfocuses on IP addressing and routing, not transport mechanisms.

Anaccess point (AP)is a network device that extends the coverage of a wireless network by acting as a bridge between wired and wireless devices. It allows users to connect to a network without needing a direct wired connection. APs are particularly useful in large office spaces where Wi-Fi signals may not reach all areas.

Routersprimarily manage network traffic but do not directly extend network range unless they include built-in AP functionality.

Serversare used for hosting applications and storing data but do not extend network connectivity.

Switchesconnect wired devices within a local network but do not extend wireless network range.

Psychological acceptabilitystates that security measures should beuser-friendly and not overlyburdensome. If security controls are too complex, users may bypass them, leading to weaker security. In this case, employees used personal email because authentication procedures were too cumbersome.

Zero-trust modelenforces strict access control, not usability.

Least common mechanismlimits shared resources.

Fail-safeensures secure failure handling, not usability.

Phishingis a cyberattack where attackers impersonate legitimate entities (e.g., banks, companies) and send fraudulent emails or messages designed to trick recipients into revealing sensitive information, such as usernames, passwords, or financial details. The fake link in the email directs victims to a malicious site that captures their credentials.

IP address spoofingdisguises a system’s identity but does not involve email deception.

Session hijackingtakes over an active session but does not involve email scams.

Man-in-the-middle attackintercepts communication rather than tricking users via emails.

Authorizationis the process of granting specific access rights and permissions based on user roles. By implementingRole-Based Access Control (RBAC), organizations ensure that users only have access to resources necessary for their job functions, reducing the risk of insider threats.

Authenticationverifies identity but does not control access.

Accountinglogs activities but does not restrict access.

Availabilityensures system uptime but is unrelated to permissions.

Platform as a Service (PaaS)provides a pre-configured computing environment that includes an operating system, runtime, and development tools, making it ideal for developers who want a ready-to-use platform. Examples include Google App Engine and Microsoft Azure App Services.

SaaSprovides fully hosted applications, not just pre-configured virtual machines.

IaaSprovides infrastructure without pre-installed software.

FaaSexecutes specific functions without persistent infrastructure.

Disabling ESSID broadcastingprevents the Wi-Fi network name from being publicly visible,making it harder for attackers to discover and target the network. While this is not a foolproof security measure, it adds an additional layer of protection against unauthorized access.

Trusting local hosts by defaultis risky and not a security best practice.

Adding more access pointsimproves coverage but does not enhance security.

WEPis outdated and highly vulnerable to attacks; WPA2 or WPA3 should be used instead.

This describes aransomware attack, which falls underdenial of availabilitybecause it prevents users from accessing their data or systems until a ransom is paid. Attackers use encryption to lock files, disrupting operations.

Data modificationrefers to unauthorized changes to information.

Data exportinvolves stealing data rather than disabling access.

Launch pointdescribes an attacker's use of a compromised system to attack others.

Awireless routeris designed to create an access point that allows wireless devices to connect to a network. It combines the functions of a traditional router with a wireless access point, enabling communication between wired and wireless devices. These routers use Wi-Fi standards (e.g., 802.11ac, 802.11ax) to transmit data wirelessly.

Broadband routersprimarily provide internet connectivity but do not necessarily include Wi-Fi functionality unless specified.

Core routershandle large-scale data routing in the backbone of networks but are not designed for access point creation.

Inter-provider border routersfunction at an ISP level for routing traffic between different networks, not for providing user access.