Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Questions and Answers

The correct answer is D — By providing over-the-air updates.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that over-the-air(OTA) updates allow organizations to remotely deploy patches and updates to mobile devices without requiring users to manually visit a central location. This method is essential for maintaining security for a geographically dispersed workforce.

Remote module updates (A), tokenized container updates (B), and mobile station updates (C) are not standard or widely recognized terms for mobile device update practices in this context.

Reference Extract from Study Guide:

"Over-the-air (OTA) updates ensure that security patches and software updates can be remotely deployed to mobile devices, supporting business continuity and device security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Management and Security

=============================================

ADatabase Administrator (DBA)is responsible for managing the database infrastructure.

Primary responsibilitiesinclude:

Installing and configuringnew databases and database servers.

Ensuring databases run efficiently and are properly maintained.

Performingbackup and recoveryoperations to prevent data loss.

Monitoring performanceand tuning databases for optimal performance.

Implementingsecurity measuresto protect the database against unauthorized access.

The correct answer is B — Parallel simulation test.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a parallel simulation test as simulating a disaster recovery process where systems are restored at an alternate site without actually taking the primary systems offline. It allows organizations to test full restoration capabilities while avoiding disruption of live operations.

Walk-throughs (A) and tabletop exercises (D) are lower-impact simulations. Full interruption tests (C) would stop operations, which the company wants to avoid.

Reference Extract from Study Guide:

"Parallel simulation tests validate the ability to recover and operate critical systems at an alternate site without affecting primary business operations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Types

=============================================

The correct answer is C — Strong authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, PCI DSS compliance requires strong access controls, including strong authentication mechanisms, especially when accessing environments containing cardholder data. SSH access must be protected with methods such as multi-factor authentication or strong, complex credentials to ensure that only authorized users gain access.

Patch management (A) maintains system security but is not specifically about authentication. Network segmentation (B) limits data exposure but does not directly relate to authentication. Vulnerability analysis (D) identifies weaknesses but does not address the need for strong authentication when connecting to sensitive environments.

Reference Extract from Study Guide:

"Strong authentication mechanisms are crucial to protect access to environments that store, process, or transmit cardholder data, in compliance with PCI DSS standards."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Regulatory Compliance and Access Control

=============================================

The correct answer is C — Implementation of role-based access controls and encryption of all sensitive data.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the combination of role-based access control (RBAC) and encryption protects sensitive health data by ensuring only authorized users can access necessary information, while encryption ensures the data remains secure both at rest and in transit.

Disabling USB ports (A) prevents data exfiltration but does not fulfill broad privacy requirements. Encrypting network traffic (B) protects in-transit data only. Firewalls (D) protect against unauthorized access but do not manage user roles or internal data privacy.

Reference Extract from Study Guide:

"Protecting sensitive health data requires a combination of access control models such as RBAC and encryption, ensuring both authorization and confidentiality."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Privacy and Data Protection Strategies

The correct answer is B — Redundant backups, a communication plan, and a designated off-site location for data storage and recovery.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that for effective business continuity and disaster recovery, companies must maintain redundant backups, establish a communication strategy for emergencies, and store critical backups in off-site or cloud locations to recover operations quickly.

While evacuation plans (A) and insurance policies (C) are important, they are not the core technical components for IT disaster recovery. Routine maintenance and remote work (D) are helpful but secondary.

Reference Extract from Study Guide:

"Redundant backups, off-site data storage, and an effective communication plan are key components of business continuity and disaster recovery strategies."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The employee needs to execute a program from the command line, which requires inputting commands into the computer.

The primary device for inputting commands is the keyboard.

Other options like the hard drive, speaker, and printer are not used for inputting commands.

The hard drive is used for data storage.

The speaker outputs sound.

The printer outputs documents.

Therefore, the correct peripheral device for this task is the keyboard.

A floating-point data type is used for numerical calculations that require a decimal point, such as percentages. In this case, to calculate 90% of the retail price of an item, a floating-point data type is necessary because it can represent both the whole number and the fractional part of the number, allowing for precise calculations.

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

The correct answer is D — Block ciphers.

Per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, block ciphers encrypt fixed-size blocks of data at a time, providing strong security suitable for data at rest, such as databases. Though they may be less performance-efficient compared to stream ciphers, their strength makes them ideal for securing stored sensitive information.

Stream ciphers (A) are optimized for real-time encryption, not stored data. Asymmetric encryption (B) is slower and more suited for key exchange rather than large data encryption. Hash functions (C) provide integrity verification, not encryption.

Reference Extract from Study Guide:

"Block ciphers encrypt fixed-length blocks of data, providing robust security ideal for protecting data at rest, such as sensitive database information."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

=============================================

Professional associations are vital for IT professionals because they:

Provide up-to-date training: Offering courses, certifications, and workshops to keep members current with the latest technologies, practices, and industry standards.

Networking opportunities: Facilitating connections with other professionals in the field, which can lead to job opportunities and collaborations.

Professional development: Offering resources and support for career growth and development.

Industry standards and best practices: Providing guidelines and frameworks to ensure high-quality work and ethical practices.

Staying engaged with professional associations helps IT professionals remain knowledgeable and competent in their field.

References

CompTIA, "Advancing the Global IT Industry."

ISACA, "Building a Better Digital World."

The correct answer is D — Recovery point objective (RPO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RPO defines the maximum amount of data loss that is tolerable in terms of time. It sets the backup frequency to ensure that in the event of a disruption, no more than the specified amount of data is lost.

Continuous data protection (A) is a method but not the term for the metric. BIA (B) identifies impacts but does not define backup timing. DR (C) refers to the overall recovery process, not backup frequency.

Reference Extract from Study Guide:

"Recovery point objective (RPO) defines the maximum age of files that must be recovered from backup storage for normal operations to resume after a failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Recovery Objectives

=============================================

The correct answer is D — Establish a baseline for normal activity.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.

Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.

Reference Extract from Study Guide:

"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

=============================================

The correct answer is C — Restrict access to the backups.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in protecting sensitive data such as cloud backups is enforcing access controls to limit who can access the data. Restricting access immediately mitigates the risk of unauthorized exposure or tampering.

Auditing access logs (A) provides insight but does not actively protect. Running vulnerability scans (B) identifies issues but does not protect immediately. Disabling repositories (D) is not practical for maintaining backup availability.

Reference Extract from Study Guide:

"Access control is the first line of defense for sensitive data repositories, ensuring that only authorized users can access backup data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Access Control

=============================================

Data support an organization's business goals by providing crucial information that aids in making informed decisions. Analyzing data helps identify trends, measure performance, and uncover insights that drive strategic planning and operational improvements. This informed decision-making process is vital for achieving business goals and staying competitive in the market.

Application Software:

Application software refers to programs that help end users perform specific tasks. Examples include email clients, word processors, and spreadsheet programs.

These are designed to be used by people to perform tasks such as writing documents, managing data, or communicating.

Operating Systems:

Operating systems (OS) manage the hardware and software resources of a computer system. They provide a platform for application software to run.

Examples include Microsoft Windows, macOS, and Linux. The OS handles system-level tasks like memory management, process scheduling, and hardware interaction.

Key Differences:

Application software (B, C) is user-oriented, aimed at helping users complete tasks.

Operating systems (A, D) manage the computer's hardware and system resources.

AnEnd User License Agreement (EULA)is a legal contract between the software manufacturer and the user.

The primary purpose of a EULA is togrant the user the right to use the software.

It outlines the terms and conditions under which the software can be used.

This can include restrictions on installation, distribution, and modification.

The EULA helps protect the intellectual property rights of the software creator.

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is A — Virtual network peering.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, virtual network peering enables direct communication between two or more virtual networks without the need for gateways, VPNs, or additional configurations. It allows seamless interconnectivity with minimal administrative overhead. Peered networks can communicate as if they were part of the same network, which meets the organization's request for the least administrative effort.

Other options like Virtual LANs (B) operate within the same network and don't span multiple virtual networks. Remote Desktop Protocol (C) is used for remote access, not network interconnection. Domain Name System (D) resolves names to IP addresses but does not establish communication pathways between networks.

Reference Extract from Study Guide:

"Virtual network peering provides a low-latency, high-bandwidth connection between virtual networks with minimal administrative setup. It is the recommended solution for direct communication across cloud-based virtual networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Architectures Module

=============================================

The correct answer is C — Competitor.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), competitors often attempt to steal intellectual property to gain a business advantage. Given the theft of valuable business assets (e-books and videos), the most likely actor is a competitor motivated by financial or market advantage, not ideology or random hacking.

An APT (A) is usually nation-state-sponsored and targets critical infrastructure. A novice hacker (B) might deface or cause damage but is less likely focused on IP theft. Hacktivists (D) are politically motivated, not financially.

Reference Extract from Study Guide:

"Competitors may engage in cyber espionage to steal intellectual property and gain market advantage, representing a significant threat to business assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Actor Categories

Computer networks provide several benefits for businesses, including:

Lower IT operations costs: Networking allows businesses to share resources, such as printers and storage, reducing the need for individual equipment for each user and lowering overall IT costs.

Increased business efficiency: Networks enable faster communication and data sharing between employees, departments, and locations, leading to more efficient business operations and improved collaboration.

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

The correct answer is B — Tabletop exercises.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a tabletop exercise as a controlled simulation where participants discuss their roles during a simulated disaster scenario. It allows the evaluation of the plan without causing real disruption to operations.

Walk-throughs (A) review plans but are less interactive. Checklists (C) are passive validation. Full interruption tests (D) would disrupt operations, which the company wants to avoid.

Reference Extract from Study Guide:

"Tabletop exercises allow teams to simulate disaster scenarios in a controlled, discussion-based format, helping validate plans without impacting real-world operations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Methods

=============================================

The correct answer is A — Electronic codebook (ECB).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), ECB mode is the simplest and most basic mode of operation for block ciphers. It encrypts each block of plaintext independently with the same key, but identical plaintext blocks produce identical ciphertext blocks, providing no additional confidentiality beyond the block cipher itself and making patterns visible.

CBC (B), CTR (C), and OFB (D) are more secure and avoid patterns.

Reference Extract from Study Guide:

"Electronic Codebook (ECB) mode encrypts each block independently and is simple but reveals patterns when identical plaintext blocks occur, thus offering minimal confidentiality beyond the underlying cipher."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Block Cipher Modes of Operation

=============================================

An information system is a coordinated set of components designed to collect, store, and process data, and to deliver information, knowledge, and digital products. Organizations use information systems to support operations, management, and decision-making. This includes both the technical components (hardware, software, databases, and networks) and the human components (people and processes).

The correct answer is B — A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

Scripting languages are designed for integrating and communicating with other programming languages.

Python: A high-level scripting language known for its readability and extensive library support.

PHP: A server-side scripting language used primarily for web development.

References

"Python Crash Course" by Eric Matthes

"PHP and MySQL Web Development" by Luke Welling and Laura Thomson

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.

Example: In the URL "http://www.example.com/index.html":

"http" is the protocol.

"www.example.com" is the domain name.

"/index.html" is the resource path ID.

The other options:

The protocol specifies the communication method.

The resource path ID specifies the specific page or resource on the server.

The IP address is not typically visible in the URL itself but can be resolved via DNS.

Therefore, the domain name is the correct part that identifies the server.

DMCA (Digital Millennium Copyright Act)

Purpose: The DMCA makes it illegal to violate copyrights by disseminating digitized material.

The DMCA was enacted in 1998 to address the issues of digital rights management and copyright infringement in the digital age. It provides legal protection to copyright holders against unauthorized copying, sharing, and distribution of their digital works. The legislation criminalizes the production and dissemination of technology, devices, or services intended tocircumvent measures that control access to copyrighted works (commonly known as DRM—Digital Rights Management).

DMCA Overview - U.S. Copyright Office

HIPAA (Health Insurance Portability and Accountability Act)

Purpose: Prohibits agencies from distributing an individual's health information without the individual's consent.

HIPAA, enacted in 1996, is designed to protect individuals' medical records and other personal health information. The Privacy Rule under HIPAA sets standards for the protection of health information by health plans, healthcare clearinghouses, and healthcare providers that conduct certain healthcare transactions electronically. It mandates the protection and confidential handling of protected health information (PHI).

The correct answer is D — Configuring third-party authentication with Security Assertion Markup Language (SAML).

According to the WGU KFO1 / D488 Study Guide, SAML enables Single Sign-On (SSO) and federated identity across different domains by securely exchanging authentication and authorization data between an identity provider (such as an organization's Active Directory Federation Services) and a service provider (such as Azure). This allows on-premises users to log into cloud services using their existing corporate credentials.

TLS (A) provides secure communication but does not manage identity federation. 2FA (B) strengthens authentication but is not about identity federation setup. LDAP (C) is a protocol for accessing directory services, not specifically designed for federation across cloud platforms.

Reference Extract from Study Guide:

"SAML is used to implement Single Sign-On (SSO) and federated identity management, allowing organizations to extend on-premises authentication capabilities to cloud services seamlessly."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Concepts

Fiber optic communications use light waves to transmit data.

This method allows for high-speed and long-distance data transmission.

The other options:

Radio towers use radio waves.

Twisted pair uses electrical signals.

Coaxial also uses electrical signals.

Therefore, the correct communication medium that uses light waves is fiber optic.

The correct answer is D — Encryption to prevent man-in-the-middle and eavesdropping attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that while NFC is inherently short-range, it is still vulnerable to eavesdropping and man-in-the-middle attacks. Applying encryption ensures that even if communication is intercepted, the data remains protected and confidential.

Kerberos (A) is primarily for authentication within internal networks. Bluetooth restrictions (B) are unrelated to NFC. PDM (C) restricts device usage but does not directly protect NFC communication.

Reference Extract from Study Guide:

"Encrypting near-field communication ensures confidentiality and protects against interception and manipulation through man-in-the-middle and eavesdropping attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless and Mobile Security Concepts

The correct answer is A — They act as an initial defense layer for potential threats.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), security edge devices such as firewalls, secure web gateways, and intrusion prevention systems (IPS) are placed at the network perimeter to serve as the first layer of defense against external threats.

DDoS protection (B) may be part of a broader security solution but is not the main role of general edge devices. SIEM modules (C) collect and correlate logs, not defend at the perimeter. TPM devices (D) are hardware-based cryptographic modules, not network edge defenses.

Reference Extract from Study Guide:

"Security edge devices provide the first line of defense against external threats by monitoring, filtering, and blocking malicious traffic entering the corporate network."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Perimeter Defense

The correct answer is D — Federated authentication.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that federated authentication allows two or more organizations to share identity information securely withoutneeding to maintain separate user accounts for external users. It supports cross-organizational access based on trusted identity providers.

Cloud identity providers (A) offer centralized authentication but don't address federation directly. SSO (B) simplifies authentication within an organization. MFA (C) adds security but does not enable cross-organization authentication.

Reference Extract from Study Guide:

"Federated authentication enables organizations to share identity information and trust external credentials without the need to manage separate accounts for external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity Federation and Single Sign-On Concepts

=============================================

Parallel conversion is a system deployment method where the new system is implemented and runs alongside the old system for a period of time. This method allows for:

Comparison of outputs: Ensuring that the new system produces the same or better results as the old system.

Risk reduction: If there are issues with the new system, the old system can still be used without interrupting business operations.

User adaptation: Users can get accustomed to the new system while still having access to the familiar old system.

Parallel conversion is often used to minimize the risk associated with deploying a new system.

References

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

The correct answer is A — Implementation of real-time transaction monitoring.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), real-time transaction monitoring detects and alerts suspicious banking activities immediately, helping prevent credit card fraud and securing the online banking system during deployment and use.

Strict firewall policies (B) help secure access but are not transaction-specific. Disabling email (C) and performing backups (D) are good practices but do not directly address fraud prevention.

Reference Extract from Study Guide:

"Real-time transaction monitoring identifies suspicious activities, providing immediate detection and prevention of fraudulent transactions in online banking systems."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Financial Systems and Fraud Prevention Strategies

=============================================

The correct answer is A — Developing and implementing a testing plan for the DRP.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), testing the disaster recovery plan is critical to ensuring that it is functional and effective when an actual disruptive event occurs. Regularly scheduled DRP testing validates that recovery processes work as intended and that personnel are familiar with their responsibilities.

Reviewing (B) and training (D) are important but are supplementary activities. Risk assessment (C) is important for planning but does not test the DRP.

Reference Extract from Study Guide:

"Testing and exercising disaster recovery plans ensure operational readiness and reveal gaps or weaknesses that can be corrected before an actual event occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing and Validation

=============================================

The correct answer is D — Measured boot.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that Measured Boot, often implemented with Trusted Platform Modules (TPMs), ensures that each component of theboot process is verified for integrity. It provides cryptographic evidence that the system's startup sequence has not been tampered with.

Two-factor authentication (A) secures user logins but does not verify boot integrity. IDS (B) monitors network or host behavior but does not protect the boot process. HSM (C) secures cryptographic operations, not the system boot.

Reference Extract from Study Guide:

"Measured Boot verifies the integrity of the boot process, providing assurance that the system has not been compromised during startup."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System Hardening and Trusted Computing

=============================================

Big data refers to the use of large and complex data sets that traditional data-processing software cannot adequately handle. Businesses leverage big data to analyze and systematically extract information from large datasets, which helps them gain valuable insights, improve decision-making, enhance customer experiences, and optimize business processes. This capability is critical in today's data-driven world, where informed decision-making can significantly impact a company's success.

The correct answer is D — Implementing strong authentication mechanisms and encryption protocols to secure communication between the LDAP server and clients.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, securing LDAP communication and strengthening authentication directly addresses vulnerabilities related to unauthorized access. Using encryption protocols such as LDAP over SSL (LDAPS) ensures that credentials and sensitive data are transmitted securely.

Security awareness training (A) helps against social engineering but does not secure the LDAP system itself. Backups (B) are a recovery measure, not a preventive one. IDPS (C) can detect attacks but does not directly secure the LDAP server against exploitation.

Reference Extract from Study Guide:

"Implementing strong authentication and encrypting communications for LDAP servers mitigates vulnerabilities by preventing unauthorized access and protecting sensitive information during transmission."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Services

The correct answer is B — Wireless intrusion prevention system (WIPS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a WIPS actively monitors wireless networks for unauthorized access points and malicious activity, such as man-in-the-middle (MITM) attacks. It can automatically detect, alert, and prevent wireless threats in real time, which is exactly what the organization requires to counteract MITM attacks on the wireless network.

A SIEM (A) collects logs and generates alerts but does not prevent wireless attacks. An inline encryptor (C) encrypts data but does not prevent wireless attacks. A Layer 3 switch (D) operates at the network layer and does not prevent wireless-specific threats.

Reference Extract from Study Guide:

"A wireless intrusion prevention system (WIPS) detects and prevents unauthorized access points and malicious wireless activity, including man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security and Threat Prevention

=============================================

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

The correct answer is D — Implementation of data encryption.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), encrypting data at rest ensures that even if attackers breach the system and obtain files, the data remains protected because it cannot be easily read without decryption keys.

Firewall enforcement (A) restricts access but does not protect data if stolen. Disabling printing services (B) limits data leakage but not core data protection. Backups (C) help with recovery, not immediate breach protection.

Reference Extract from Study Guide:

"Encrypting sensitive data ensures confidentiality even in the event of a security breach, protecting information from unauthorized exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Encryption Practices

=============================================

The correct answer is C — Integration testing.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), integration testing verifies that different modules or components of an application work together as intended.This type of testing is essential after deployment to ensure the overall system functions correctly across all tiers (e.g., web, application, and database layers).

Static code analysis (A) examines source code without execution. Dynamic code analysis (B) tests running code for vulnerabilities but not necessarily component interaction. Package scanning (D) reviews third-party libraries for vulnerabilities but does not test integration.

Reference Extract from Study Guide:

"Integration testing verifies that multiple components of an application function correctly when combined, ensuring end-to-end system reliability post-deployment."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Software Development and Testing

The correct answer is C — Data Protection Impact Assessment (DPIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a DPIA is conducted to assess how personal data is collected, stored, and processed, evaluating potential privacy impacts and defining measures to mitigate risks. This is essential for compliance with privacy laws and regulations, especially in systems handling sensitive customer information.

DR (A) and BCP (B) are about operational recovery, not data privacy. Risk management (D) is broader and not focused solely on privacy impact.

Reference Extract from Study Guide:

"A Data Protection Impact Assessment (DPIA) evaluates the effects of processing activities on the privacy of individuals and develops strategies to mitigate privacy risks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Privacy and Protection Strategies

=============================================

The correct answer is B — Avoid.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials explain that risk avoidance involves eliminating the source of risk entirely. In this scenario, by decommissioning the vulnerable website and starting anew, the organization is removing the risky environment instead of trying to fix or transfer the risk, which is a clear example of risk avoidance.

Accepting (A) would mean tolerating the risk without action. Transferring (C) would involve shifting the risk to a third party (like insurance). Mitigating (D) would involve reducing the risk without removing the vulnerable system.

Reference Extract from Study Guide:

"Risk avoidance entails eliminating the conditions that expose the organization to a threat, thereby completely removing the associated risk."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies