Cybersecurity-Architecture-and-Engineering Sample Questions Answers

The correct answer is B — Advanced Encryption Standard (AES).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient for encrypting stored or transmitted healthcare data.

WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an asymmetric encryption method typically used for key exchanges, not bulk data encryption.

Reference Extract from Study Guide:

"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing strong protection for confidentiality and integrity in HIPAA-regulated environments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory Compliance

=============================================

The correct answer is D — Implementation of multifactor authentication for all user accounts.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), multifactor authentication (MFA) strengthens identity verification by requiring multiple forms of credentials, significantly reducing the risk of identity theft.

Firewalls (A) and USB port controls (B) improve system security but do not directly prevent identity theft. Vulnerability scanning and patch management (C) address software weaknesses but not user authentication.

Reference Extract from Study Guide:

"Multifactor authentication (MFA) enhances user account security by requiring multiple verification factors, making it significantly harder for attackers to commit identity theft."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Best Practices

The correct answer is D — Implementation of licensing technologies in order to restrict unauthorized access to the system.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), using licensing technologies helps prevent software piracy by ensuring that only authorized users with valid licenses can access and operate the system. License management solutions validate user access and reduce unauthorized duplication or usage of proprietary software.

Disabling external devices (A) protects against physical data theft but not piracy. Encrypting patient data (B) protects confidentiality but not against software piracy. Virus scanning (C) detects malware, not unauthorized software copying.

Reference Extract from Study Guide:

"Licensing technologies enforce legal software use and prevent unauthorized access, helping organizations protect intellectual property and defeat piracy efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Software and Intellectual Property Protection

=============================================

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

DNSSEC (Domain Name System Security Extensions)is a security protocol that adds cryptographic validation to DNS responses, making it nearly impossible for attackers to spoof DNS responses or redirect users to malicious sites.

NIST SP 800-81 Rev. 2 (Secure Domain Name System (DNS) Deployment Guide):

“DNSSEC provides data origin authentication and data integrity to DNS responses using digital signatures, effectively mitigating spoofing and cache poisoning attacks.”

While patching and awareness are important, DNSSECdirectly mitigatesthe technical risk described.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement DNS hardening techniques such as DNSSEC

The correct answer is C — Constantly scan for known signatures on every machine.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), scanning for known malware signatures is an essential method for detecting infections such as botnets. Signature-based detection compares files and behaviors against databases of known indicators of compromise (IOCs).

Two-factor authentication (A) protects login processes but does not detect malware. Firewall rules (B) help control access but do not detect infections. Configuration management (D) ensures system setup integrity but does not detect botnets.

Reference Extract from Study Guide:

"Signature-based scanning detects malware and botnets by comparing system files and behaviors against databases of known threats and indicators of compromise (IOCs)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Malware Detection and Threat Response

The correct answer is B — Log analysis.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) curriculum, log analysis is critical for retrospective threat hunting — reviewing system, network, and application logs to identify signs of compromise or unauthorized activities that might have gone unnoticed in real-time. This technique helps uncover attacks that have already occurred in hybrid or cloud environments.

Honeypots (A) are proactive traps to detect future attacks. Social engineering (C) involves manipulating people, not hunting threats. Penetration testing (D) is used to find vulnerabilities, not to review past incidents.

Reference Extract from Study Guide:

"Threat hunting through log analysis involves systematically reviewing collected logs to uncover evidence of past or ongoing compromises, enabling organizations to identify and respond to threats that may have bypassed preventive controls."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection and Hunting Concepts

Of course!

Here are the verified and properly formatted answers for your next set of questions, strictly following your instructions and the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official course materials:

=============================================

The correct answer is A — Recovery time objective (RTO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RTO is the maximum acceptable amount of time that a system, application, or process can be offline after a failure before unacceptable consequences occur to the business.

BIA (B) is the process of analyzing impact. BCP (C) is the overall plan for maintaining operations. DR (D) refers to the broader recovery effort.

Reference Extract from Study Guide:

"Recovery time objective (RTO) defines the maximum tolerable downtime for critical systems before significant business impact occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Recovery Objectives and Disaster Recovery Metrics

=============================================

Identity federationallows authentication credentials to be used across multiple systems or domains—includingon-premises and cloud platforms—without duplicating user databases.

NIST SP 800-63C (Federated Identity Guidelines):

“Federation enables users to access multiple, disparate services using a single digital identity that can be shared securely across organizational boundaries.”

This approach is essential in hybrid architectures where cloud VMs and on-prem servers must recognize acentralized identity providerlike Active Directory.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity in hybrid and multi-cloud environments

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

An information system is a coordinated set of components designed to collect, store, and process data, and to deliver information, knowledge, and digital products. Organizations use information systems to support operations, management, and decision-making. This includes both the technical components (hardware, software, databases, and networks) and the human components (people and processes).

Themost sustainable solutionto eliminate security risks associated with legacy systems is toupgrade themto supported versions that receive security updates and patches.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems running unsupported or outdated software must be prioritized for upgrade to ensure that known vulnerabilities are mitigated.”

While short-term isolation may work temporarily, it does not address theroot causeor meet compliance requirements long-term.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Perform lifecycle management and upgrade legacy systems

Preventing unauthorized access and impersonation during exams or coursework is critical in e-learning platforms.Strong user authentication(e.g., MFA, CAPTCHA, secure login mechanisms) ensures that only authorized users access exams and coursework.

NIST SP 800-63B (Digital Identity Guidelines – Authentication):

“Secure user authentication ensures the identity of individuals accessing sensitive applications, reducing the risk of impersonation and credential misuse.”

Firewall rules and patching are important, but they don't directly addressuser-level fraud prevention.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Secure authentication mechanisms for web platforms

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

Anoperating system (OS)is a system software that manages computer hardware and software resources and provides common services for computer programs.

It serves as an intermediary between users and the computer hardware.

Key functionsof an OS include:

Managinghardware resourceslike the CPU, memory, and I/O devices.

Providing auser interface(UI) for interaction with the system.

File managementand handling file operations.

Process managementand multitasking.

Securityand access control.

Examples include Windows, Linux, and macOS.

Operating Systems:

Operating systems are software that manage computer hardware and software resources, providing common services for computer programs.

Commonly Used Operating Systems:

Mac OS: Developed by Apple Inc., used on Apple computers.

Linux: An open-source operating system used on a wide variety of devices from servers to personal computers.

Microsoft Windows: Developed by Microsoft, it is one of the most widely used operating systems for personal and business computers.

Not Operating Systems:

Microsoft Outlook: An email client, part of the Microsoft Office suite.

MySQL: A relational database management system.

Mozilla Firefox: A web browser.

AData Protection Impact Assessment (DPIA)is a formal process toassess the risks to personal data privacybefore implementing systems or technologies that handle personal data, especially under regulations likeGDPRor HIPAA.

NIST Privacy Framework v1.0 (Appendix D):

“A DPIA helps organizations systematically analyze, identify, and minimize the data protection risks of a project or plan involving personal information.”

While BCP and DR focus on operational resilience, DPIA isprivacy-focusedand risk-driven.

????WGU Course Alignment:

Domain:Risk Management and Privacy Engineering

Topic:Conduct privacy impact assessments for systems processing personal data

The correct answer is B — Implementing domain name system security extensions (DNSSEC) to digitally sign DNS responses and prevent DNS spoofing attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that DNSSEC protects the integrity and authenticity of DNS responses, thereby preventing DNS spoofing (also called DNS cache poisoning), which could redirect users to malicious sites.

Restricting DNS access (A) is not sufficient against spoofing. Increasing patching frequency (C) is good practice but does not specifically stop spoofing. Security awareness training (D) helps against phishing, not DNS vulnerabilities.

Reference Extract from Study Guide:

"DNSSEC digitally signs DNS data to ensure the integrity and authenticity of DNS responses, mitigating risks such as DNS spoofing and cache poisoning."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Networking Protocols

=============================================

Proprietary softwareis a type of software that is owned by an individual or a company.

It is usually sold commercially and comes with acommercial software license.

This type of license typically restricts the ways in which the software can be used, modified, and distributed.

Users must agree to the terms of the license, which often include restrictions on copying, sharing, and modifying the software.

Example:Microsoft Windows and Adobe Photoshop are proprietary software products.

The SQL statementSELECT * FROM Customers WHERE State = 'Arizona';is used to select records from theCustomerstable.

TheSELECT *clause indicates that all columns from theCustomerstable should be returned.

TheWHEREclause filters the rows to only include those where theStatecolumn value is'Arizona'.

The result is a subset of theCustomerstable with all rows that match the condition.

The correct answer is C — Encrypting data.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that encryption is the best defense against man-in-the-middle attacks because even if traffic is intercepted, the data remains unreadable without the appropriate decryption keys.

Disabling Wi-Fi (A) is not practical and does not eliminate MITM threats entirely. Password policies (B and D) strengthen account security but do not protect data transmission.

Reference Extract from Study Guide:

"Encryption ensures the confidentiality of data in transit, preventing unauthorized parties from accessing the content even during man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Transmission Security

=============================================

Scripting languages are designed for integrating and communicating with other programming languages.

Python: A high-level scripting language known for its readability and extensive library support.

PHP: A server-side scripting language used primarily for web development.

References

"Python Crash Course" by Eric Matthes

"PHP and MySQL Web Development" by Luke Welling and Laura Thomson

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

A Business Intelligence (BI) system is designed to analyze and present data in a way that supports decision-making processes. It helps organizations make informed, strategic decisions by providing insights through data analysis, visualization, and reporting. BI systems aggregate data from various sources, enabling a comprehensive view of the business that informs planning and strategy.

A system administrator is responsible for managing, installing, and maintaining an organization's computer systems and networks. This role involves configuring new hardware, setting up user accounts, troubleshooting system and network issues, and ensuring the systems run efficiently.

The correct answer is B — Wireless intrusion prevention system (WIPS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a WIPS actively monitors wireless networks for unauthorized access points and malicious activity, such as man-in-the-middle (MITM) attacks. It can automatically detect, alert, and prevent wireless threats in real time, which is exactly what the organization requires to counteract MITM attacks on the wireless network.

A SIEM (A) collects logs and generates alerts but does not prevent wireless attacks. An inline encryptor (C) encrypts data but does not prevent wireless attacks. A Layer 3 switch (D) operates at the network layer and does not prevent wireless-specific threats.

Reference Extract from Study Guide:

"A wireless intrusion prevention system (WIPS) detects and prevents unauthorized access points and malicious wireless activity, including man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security and Threat Prevention

=============================================

The correct answer is B — Parallel simulation test.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a parallel simulation test as simulating a disaster recovery process where systems are restored at an alternate site without actually taking the primary systems offline. It allows organizations to test full restoration capabilities while avoiding disruption of live operations.

Walk-throughs (A) and tabletop exercises (D) are lower-impact simulations. Full interruption tests (C) would stop operations, which the company wants to avoid.

Reference Extract from Study Guide:

"Parallel simulation tests validate the ability to recover and operate critical systems at an alternate site without affecting primary business operations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Types

=============================================

The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical systems and establishing a disaster recovery plan ensures business continuity and system availability even after incidents like hardware failures, cyberattacks, or data corruption.

While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, backups and disaster recovery specifically ensure availability.

Reference Extract from Study Guide:

"Data backups and disaster recovery planning are essential controls to ensure system availability during and after a security incident or technical failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery

=============================================

The correct answer is D — Packet capture.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, packet captures (PCAP files) allow analysts to inspect individual network packets to understand traffic patterns, detect anomalies, and investigate attacks like DDoS. A packet capture provides complete network session data, enabling in-depth analysis of traffic behavior at the packet level.

Web server access logs (A) only capture web activity. Syslog messages (B) primarily record system events but not raw traffic data. Operating system event logs (C) focus on system-level actions, not network flows.

Reference Extract from Study Guide:

"Packet captures record the full network traffic and are essential for investigating network-based attacks such as DDoS incidents by analyzing traffic flows, protocols, and payloads."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Monitoring Concepts

=============================================

The correct answer is A — Virtual private network (VPN).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a VPN creates an encrypted tunnel over public or private networks, ensuring confidentiality, integrity, and authentication of data transmitted between geographically dispersed offices.

SIEM (B) manages security events, not secure communications. PPTP (C) is an outdated and insecure VPN protocol. NAC (D) enforces endpoint security but does not establish secure tunnels.

Reference Extract from Study Guide:

"A virtual private network (VPN) provides a secure, encrypted tunnel between geographically separated networks, enabling confidential communication over untrusted networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Remote Access Technologies

The System Development Life Cycle (SDLC) is a process used for planning, creating, testing, and deploying an information system. It involves several stages, including requirements gathering, system design, implementation, testing, deployment, and maintenance. The SDLC ensures that the system meets the needs of users and is developed in a structuredand efficient manner.

A programming language is a formal language comprising a set of instructions that produce various kinds of output. Programming languages are used in computer programming to implement algorithms and manipulate data. They provide the vocabulary and grammatical rules for instructing a computer to perform specific tasks, allowing developers to write software programs that can be executed by a computer.

The correct answer is B — Public key infrastructure (PKI).

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, PKI is the framework that enables the issuance and management of digital certificates used for device authentication. By using certificates, devices can securely authenticate themselves to access corporate resources without relying solely on passwords.

VPNs (A) secure network connections but do not authenticate devices themselves. Certificate signing (C) is a part of PKI but not the complete infrastructure. Endpoint passwords (D) authenticate users, not necessarily the devices.

Reference Extract from Study Guide:

"Public key infrastructure (PKI) enables the issuance of digital certificates used for authenticating users, systems, and devices, ensuring secure access control."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptography and PKI Concepts

=============================================

BIOS protectioninvolves enabling hardware security features such asfirmware password protection,secure boot, andwrite protection, which prevent unauthorized firmware modifications.

NIST SP 800-147 (BIOS Protection Guidelines):

“Proper BIOS protection mechanisms, including authenticated updates and access control, are critical to maintaining the integrity of the platform’s startup environment.”

This is apreventive control. BIOS monitoring is reactive; backups protect data, not firmware integrity.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply firmware and BIOS security controls to prevent low-level tampering

The correct answer is A — By looking for extra and unexpected symbols and characters in certain queries.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), SQL injection attacks often include malicious SQL code in input fields, with unusual symbols such as semicolons, apostrophes, or comments (', --, ;). Analysts detect these attacks by monitoring for unexpected or abnormal input patterns in database queries.

Changes to primary keys (B) and repeated login failures (C) are unrelated to SQLi detection. Administrative commands (D) relate more to privilege escalation.

Reference Extract from Study Guide:

"SQL injection attacks typically involve abnormal input that includes special SQL characters or commands; monitoring for such anomalies can reveal attempted injections."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application and Database Security Threats

=============================================

The correct answer is A — Unsecured wireless access points.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that unauthorized logins to a WLAN often indicate poorly secured wireless access points, such as those lacking strong encryption (e.g., WPA2/WPA3), not using strong passwords, or having open accesswithout authentication. This vulnerability can allow attackers to access internal systems and sensitive data.

Up-to-date anti-malware software (B), a strong password policy (C), and regular security training (D) are good security practices but do not directly explain unauthorized WLAN access.

Reference Extract from Study Guide:

"Unauthorized wireless access often results from unsecured wireless configurations, including weak encryption, open networks, or default credentials, posing significant risks to organizational assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security Concepts

=============================================

Wireless Intrusion Prevention Systems (WIPS)are specifically designed to monitor wireless networks and prevent rogue access points, MITM attacks, and wireless eavesdropping. Unlike Layer 3 switches or SIEM tools, WIPS directly addresses wireless threat vectors.

NIST SP 800-153 (Guidelines for Securing Wireless Local Area Networks):

“WIPS technologies help detect and prevent unauthorized wireless access points and attacks such as evil twin and man-in-the-middle attempts.”

????WGU Course Alignment:

Domain:Network Security

Topic:Implement wireless network protections (e.g., WIPS)

The correct answer is C — Obfuscating error messages on the site or within the uniform resource locator (URL).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that minimizing the information revealed through error messages and URLs prevents attackers from gathering reconnaissance information that could be used to exploit vulnerabilities.

HTTPS (A and B) protects data in transit but does not conceal server details. PCI-DSS certification (D) improves overall security but is not focused specifically on information disclosure during a redesign.

Reference Extract from Study Guide:

"Obfuscating detailed error messages and removing revealing information in URLs help prevent attackers from gaining reconnaissance data that could be used in targeted attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security

=============================================

SHA-256is a widely usedcryptographic hash functionthat generates a fixed-size output(digest) from input data. It is designed to detect even the smallest change in the input, thereby ensuringdata integrity.

NIST FIPS PUB 180-4 (Secure Hash Standard):

“SHA-256 is used to verify the integrity of data by producing a hash value that is unique to the input, enabling detection of unauthorized changes.”

Unlike RSA and AES (used for encryption), hash algorithms are one-way functions used forintegrity verification.

????WGU Course Alignment:

Domain:Cryptography

Topic:Apply hashing techniques to ensure data integrity

Data encryptionprotects sensitive ERP system information by rendering the data unreadable to unauthorized users, even if the system is compromised. This is the most effective method to preserve confidentiality in a breach.

NIST SP 800-111 (Guide to Storage Encryption Technologies):

“Encryption ensures that even if data is exfiltrated or accessed by unauthorized individuals, it cannot be understood without the appropriate decryption keys.”

Backups and firewalls are important, butencryption directly protects data at restfrom unauthorized viewing.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement encryption controls for stored business data

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================

Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.

OWASP Secure Coding Practices – Error Handling and Logging:

“Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details.”

HTTPS secures transport, but doesn't addressinformation disclosurevia error output.

????WGU Course Alignment:

Domain:Information Systems and Architecture

Topic:Implement secure design practices (e.g., error handling, obfuscation)

Recovery Point Objective (RPO)defines themaximum acceptable amount of data lossmeasured in time. It determines how often backups should occur to avoid losing critical business data.

NIST SP 800-34 Rev. 1:

“RPO represents the point in time prior to an outage to which systems and data must be restored to resume business operations.”

CDP is a method; RPO is thestrategic planning metric.

????WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Define RPO to support data resilience and backup planning

The correct answer is B — Mandatory vacation.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, mandatory vacation policies require employees to take time off, during which their duties are either paused or performed by others. This break can reveal fraudulent activities, as the original employee cannot cover up their misconduct during their absence.

Separation of duties (A) prevents a single person from controlling critical processes but is not about temporarily removing an employee. Job rotation (C) moves employees between rolesregularly but doesn't enforce a break. Least privilege (D) restricts access but does not address uncovering hidden misconduct.

Reference Extract from Study Guide:

"Mandatory vacations help detect fraudulent activities, as employee absence can expose irregularities that would otherwise remain hidden through continuous control over processes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Administrative Security Controls

=============================================

Before taking disruptive actions,identification and threat classificationmust occur. Cross-referencing againstknown malicious IP lists(e.g., threat intelligence feeds) helps determine if the address is benign, malicious, or compromised.

NIST SP 800-61 Rev. 2 (Computer Security Incident Handling Guide):

“Security teams should validate the threat source by comparing it to blacklists and threat intelligence before containment steps are taken.”

Blocking or rate-limiting prematurely may disrupt legitimate activity, makingintelligence-based comparisonthe prudent first step.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Perform traffic analysis and threat intelligence correlation

To determine an order total, the item unit price is essential because it represents the cost per unit of the item. By multiplying the unit price by the quantity ordered, you can calculate the total cost for each item in the order, and then sum these totals to get the overall order total.

The correct answer is C — Implementation of secure user authentication protocols.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that secure authentication mechanisms, like strong passwords, multifactor authentication, and session management, prevent unauthorized access and impersonation, thus helping prevent cheating inlearning platforms.

Firewall policies (A) and disabling Bluetooth (B) harden systems but do not directly address authentication. Software updates (D) protect against system vulnerabilities but not user integrity.

Reference Extract from Study Guide:

"Secure authentication protocols ensure that users accessing learning management systems are properly verified, reducing risks of impersonation and cheating."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Access Control and Identity Verification

=============================================

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

TheCentral Processing Unit (CPU)is the primary component of a computer that performs most of the processing inside a computer.

Carrying out the instructions of a computer program: The CPU executes program instructions, which are the basic tasks that tell the computer what to do.

Containing an arithmetic logic unit (ALU): The ALU performs all arithmetic and logic operations, such as addition, subtraction, and comparison.

The CPU also manages data flow between the computer's other components.

It fetches instructions from memory, decodes them, and then executes them, which involves performing calculations and making decisions.

The correct answer is B — Compare the unknown address to known IP addresses to determine if it is a threat.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), proper threat analysis requires identifying and verifying whether an unknown source is malicious before taking action. Comparing the IP address against known threat databases or intelligence feeds allows the organization to make informed decisions.

Permanently blocking (A) or temporarily blocking (C) without analysis could cause disruption if the IP is legitimate. Rate limiting (D) reduces traffic but does not determine threat status.

Reference Extract from Study Guide:

"Effective incident analysis begins by verifying and classifying the suspicious activity, including checking unknown IP addresses against threat intelligence sources."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Analysis and IncidentHandling

=============================================

The correct answer is C — Implementing shell restrictions.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), shell restrictions on Linux systems can prevent users (or attackers) from executing unauthorized commands, significantly reducing the exploitation risk on Linux servers.

Host-based IDPS (A) detects attacks but does not directly harden the OS. Access control (B) andassessments/penetration testing (D) are important but do not focus specifically on securing the Linux shell environment.

Reference Extract from Study Guide:

"Implementing shell restrictions on Linux systems minimizes the attack surface by limiting the ability of users and processes to execute unauthorized commands."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Linux System Hardening Techniques

Data support an organization's business goals by providing crucial information that aids in making informed decisions. Analyzing data helps identify trends, measure performance, and uncover insights that drive strategic planning and operational improvements. This informed decision-making process is vital for achieving business goals and staying competitive in the market.

Machine-level languages, also known as assembly languages, are low-level programming languages that are closely related to machine code.

Definition: Machine-level languages consist of instructions that are directly executed by a computer's CPU.

Assemblers: An assembler is a tool that translates assembly language code into machine code.

Characteristics: Assembly languages are specific to a computer architecture and provide a way to write programs that can be executed by the hardware directly.

References

"Structured Computer Organization" by Andrew S. Tanenbaum

"Computer Systems: A Programmer's Perspective" by Randal E. Bryant and David R. O'Hallaron

The correct answer is C — Data loss prevention (DLP).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), DLP technologies monitor and control the transfer of sensitive information outside of the corporate network, preventing unauthorized data exfiltration whether by internal misuse or external threats.

MFA (A) strengthens authentication but does not monitor data transfer. IDS (B) detects intrusions but does not prevent data loss. IPS (D) blocks network attacks but is not specifically designed for preventing exfiltration of sensitive data.

Reference Extract from Study Guide:

"Data loss prevention (DLP) solutions protect sensitive data by monitoring, detecting, and blocking potential data exfiltration attempts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Protection Technologies

=============================================

The feature in collaboration software that allows only one user to modify a document at a time ensures data integrity.

Data integrity refers to the accuracy and consistency of data over its lifecycle.

By restricting modification access to one user at a time, the system prevents concurrent changes that could lead to data conflicts or corruption.

The other options:

Data availability ensures data is accessible when needed.

Data confidentiality ensures data is protected from unauthorized access.

Data accessibility refers to the ease of accessing data.

Therefore, ensuring data integrity is the purpose of this feature.

An input device is any hardware component that allows a user to enter data into a computer.

A scanner is an input device that converts physical documents into digital format.

The other options:

Printer is an output device.

Flash drive is a storage device.

CD can be both storage and media for input/output depending on the context but is not primarily used for direct data input.

Therefore, a scanner is the correct answer for an input device.

The correct answer is A — Electronic codebook (ECB).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), ECB mode is the simplest and most basic mode of operation for block ciphers. It encrypts each block of plaintext independently with the same key, but identical plaintext blocks produce identical ciphertext blocks, providing no additional confidentiality beyond the block cipher itself and making patterns visible.

CBC (B), CTR (C), and OFB (D) are more secure and avoid patterns.

Reference Extract from Study Guide:

"Electronic Codebook (ECB) mode encrypts each block independently and is simple but reveals patterns when identical plaintext blocks occur, thus offering minimal confidentiality beyond the underlying cipher."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Block Cipher Modes of Operation

=============================================

Arelational databaseis structured to recognize relations among stored items of information.

Multiple tablesin a relational database can have interrelated fields.

These relationships are often managed throughforeign keys, which reference the primary keys of other tables.

This relational model allows for complex queries and data integrity across the database.

Example:Tables such asCustomers,Orders, andProductsin a sales database, whereOrderstable may reference bothCustomersandProductstables to establish relationships.

AES (Advanced Encryption Standard)is a symmetric block cipher approved by NIST for protecting sensitive data, includingelectronic protected health information (ePHI). It is the recommended encryption method underHIPAA compliance guidelines.

NIST FIPS 197 (Advanced Encryption Standard - AES):

“AES is a symmetric cipher used to protect sensitive electronic data and is approved for use in securing government and healthcare systems.”

WEP is outdated, SMTP is a protocol for email, and RSA is better suited for key exchange, not bulk data encryption.

????WGU Course Alignment:

Domain:Cryptography and Compliance

Topic:Use NIST-approved encryption (AES) for healthcare data under HIPAA

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

AHost-based Intrusion Detection and Prevention System (HIDPS)can detect unauthorized activity or suspicious changesat the OS level, including those specifically targetingLinux kernel modules, services, or rootkits.

NIST SP 800-94 Rev. 1:

“HIDPS software runs on individual hosts or devices in the network, analyzing inbound and outbound packets and alerting administrators to suspicious activity.”

HIDPS is especially effective in server environments wherekernel-level visibilityis critical.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement and monitor HIDPS on enterprise Linux servers

The correct answer is D — Configuring third-party authentication with Security Assertion Markup Language (SAML).

According to the WGU KFO1 / D488 Study Guide, SAML enables Single Sign-On (SSO) and federated identity across different domains by securely exchanging authentication and authorization data between an identity provider (such as an organization's Active Directory Federation Services) and a service provider (such as Azure). This allows on-premises users to log into cloud services using their existing corporate credentials.

TLS (A) provides secure communication but does not manage identity federation. 2FA (B) strengthens authentication but is not about identity federation setup. LDAP (C) is a protocol for accessing directory services, not specifically designed for federation across cloud platforms.

Reference Extract from Study Guide:

"SAML is used to implement Single Sign-On (SSO) and federated identity management, allowing organizations to extend on-premises authentication capabilities to cloud services seamlessly."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Concepts

The correct answer is C — Structured Query Language (SQL) injection attacks.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a Web Application Firewall (WAF) protects web applications by filtering and monitoring HTTP traffic. It isspecifically effective against attacks such as SQL injection, cross-site scripting (XSS), and other application-layer vulnerabilities.

Phishing (A) and social engineering (D) involve human deception, not web application vulnerabilities. Brute force attacks (B) typically target authentication but are not the primary focus of a WAF.

Reference Extract from Study Guide:

"A web application firewall (WAF) detects and prevents attacks against web applications, including SQL injection and cross-site scripting (XSS)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Firewall and Threat Protection

=============================================

The operating system (OS) is the primary software that manages all the hardware and other software on a computer. It acts as an intermediary between users and the computer hardware. The OS handles basic tasks such as controlling and allocating memory, prioritizing system requests, controlling input and output devices, facilitating networking, and managing files. Examples include Windows, macOS, and Linux.

Data Loss Prevention (DLP)systems are specifically designed todetect, monitor, andpreventunauthorized attempts to access, transmit, or extract sensitive data — including email, removable media, and cloud uploads.

NIST SP 800-207A (Data Protection):

“DLP systems are used to prevent sensitive information from being transmitted outside of a trusted boundary by monitoring and enforcing content-based policies.”

IDS and IPS detect threats but do notfocus on protecting data from being exfiltrated. MFA protects user identities, not data leakage.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Implement DLP controls to protect sensitive data from unauthorized extraction