Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Questions and Answers

Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.

OWASP Secure Coding Practices – Error Handling and Logging:

“Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details.”

HTTPS secures transport, but doesn't addressinformation disclosurevia error output.

????WGU Course Alignment:

Domain:Information Systems and Architecture

Topic:Implement secure design practices (e.g., error handling, obfuscation)

Business continuity planning (BCP) is essential because it ensures that an organization can quickly resume its critical functions after a disruption. The key aspects include:

Minimizing downtime: Strategies to restore business operations as quickly as possible.

Risk management: Identifying potential threats and creating plans to mitigate their impact.

Data recovery: Ensuring that data can be restored quickly in the event of a loss.

Communication plans: Establishing protocols for communicating with employees, customers, and stakeholders during and after a disruption.

The primary goal of BCP is to ensure the quickest return to business operations, maintaining service levels and minimizing financial losses.

References

Andrew Hiles, "The Definitive Handbook of Business Continuity Management," Wiley.

Michael Wallace and Lawrence Webber, "The Disaster Recovery Handbook," AMACOM.

Step by Step Comprehensive Detailed Explanation

A compiler is a program that translates source code written in a high-level programming language into machine code.

Definition: A compiler processes the entire source code of a program and translates it into a machine code executable.

Functionality: This process is typically done in several stages, including lexical analysis, syntax analysis, semantic analysis, optimization, and code generation.

Output: The result is an executable file that can be run on a specific operating system.

References

"Compilers: Principles, Techniques, and Tools" by Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman

NISTIR 7860, "C++ Coding Standards"

The correct answer is D — Installing endpoint protection software.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that endpoint protection (including antivirus, anti-malware, and endpoint detection and response) is critical for detecting,blocking, and removing commodity malware like ransomware and Trojans.

Firewalls (A) help with perimeter security but don't directly block malware on endpoints. Rerouting communications (B) is not a standard protection method. Two-factor authentication (C) secures logins but does not protect systems from malware infection.

Reference Extract from Study Guide:

"Endpoint protection software defends individual systems against malware threats by detecting, blocking, and removing malicious files and processes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Security Solutions

=============================================

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The correct answer is D — Identity federation.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) details that identity federation enables users to authenticate using the same credentials across multiple systems and platforms, including hybrid cloud and on-premises environments. Federation facilitates Single Sign-On (SSO) and seamless authentication.

Two-step verification (A) improves authentication strength but does not federate identities. CHAP (B) is an old protocol for PPP connections. Privileged identity management (C) manages high-privilege accounts, not general user access across domains.

Reference Extract from Study Guide:

"Identity federation allows for seamless authentication across on-premises and cloud environments by trusting external identity providers, supporting Single Sign-On (SSO) and hybrid deployments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Federation and Identity Management Concepts

Abastion scanneris a tool or hardened system that inspects network traffic and identifies security vulnerabilities, particularly those visible from an external (internet-facing) viewpoint. It plays a key role inpost-development assessment.

OWASP Testing Guide v4.2:

"Use bastion hosts or hardened scanners to perform vulnerability assessments from an attacker’s perspective."

This option is preferable for final validation before system release, especially when looking for exposure from the public internet.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Evaluate hardened systems and scanning tools during release validation

The correct answer is D — Implementation of multifactor authentication for all user accounts.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), multifactor authentication (MFA) strengthens identity verification by requiring multiple forms of credentials, significantly reducing the risk of identity theft.

Firewalls (A) and USB port controls (B) improve system security but do not directly prevent identity theft. Vulnerability scanning and patch management (C) address software weaknesses but not user authentication.

Reference Extract from Study Guide:

"Multifactor authentication (MFA) enhances user account security by requiring multiple verification factors, making it significantly harder for attackers to commit identity theft."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Best Practices

The correct answer is B — A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

Parallel conversion is a system deployment method where the new system is implemented and runs alongside the old system for a period of time. This method allows for:

Comparison of outputs: Ensuring that the new system produces the same or better results as the old system.

Risk reduction: If there are issues with the new system, the old system can still be used without interrupting business operations.

User adaptation: Users can get accustomed to the new system while still having access to the familiar old system.

Parallel conversion is often used to minimize the risk associated with deploying a new system.

References

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

Logging and monitoringendpoint activity enables early detection of unauthorized access, suspicious file changes, or user behavior anomalies that may indicate an insider threat or external breach.

NIST SP 800-137 (Information Security Continuous Monitoring):

“Endpoint logging and behavior monitoring are essential for detecting unauthorized access to sensitive information, especially in healthcare environments governed by HIPAA.”

This control supportsreal-time alerting,incident response, andcompliance auditingfor patient data (ePHI).

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement endpoint monitoring and logging for healthcare compliance (e.g., HIPAA)

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.

Example: In the URL "http://www.example.com/index.html":

"http" is the protocol.

"www.example.com" is the domain name.

"/index.html" is the resource path ID.

The other options:

The protocol specifies the communication method.

The resource path ID specifies the specific page or resource on the server.

The IP address is not typically visible in the URL itself but can be resolved via DNS.

Therefore, the domain name is the correct part that identifies the server.

The correct answer is A — Recovery time objective (RTO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RTO is the maximum acceptable amount of time that a system, application, or process can be offline after a failure before unacceptable consequences occur to the business.

BIA (B) is the process of analyzing impact. BCP (C) is the overall plan for maintaining operations. DR (D) refers to the broader recovery effort.

Reference Extract from Study Guide:

"Recovery time objective (RTO) defines the maximum tolerable downtime for critical systems before significant business impact occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Recovery Objectives and Disaster Recovery Metrics

=============================================

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================

Theavailabilityof the POS system depends on itsresilience against known vulnerabilities. Applyingregular security patchesensures that attackers cannot exploit outdated components, which could crash or disrupt the POS system.

NIST SP 800-40 Rev. 3 (Guide to Enterprise Patch Management):

“Prompt application of security patches mitigates vulnerabilities that can be exploited to disrupt system availability or compromise data.”

Backups protect from data loss, butpatching is proactive protectionfor uptime and availability.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Maintain system availability through proactive patch management

When an organization decides to expand its business by selling products online, the IT department needs to ensure that the website is equipped to handle e-commerce transactions. This involves:

Setting up a secure online payment system: Ensuring that payment gateways and encryption methods are in place to protect sensitive customer data.

Scalability: Making sure the website infrastructure can handle increased traffic and transaction volumes without compromising performance.

Integration: Ensuring the e-commerce platform is integrated with the organization's existing systems, such as inventory management, order fulfillment, and customer relationship management (CRM) systems.

Compliance: Adhering to regulatory requirements and industry standards for online transactions, such as PCI DSS compliance for payment processing.

Therefore, making sure the website can handle e-commerce transactions is crucial for a successful online business expansion.

References

Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.

Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.

The correct answer is D — Secure Shell (SSH).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials state that SSH provides strong encryption and authentication for remote access over unsecured networks. SSH ensures that sessions are confidential and that only authorized users can access remote systems.

HTTP (A) and FTP (B) transmit data in plaintext and do not provide encryption. Telnet (C) also transmits data in plaintext and is insecure for remote access.

Reference Extract from Study Guide:

"Secure Shell (SSH) is used for secure remote management, offering encrypted communications and authentication mechanisms to protect against unauthorized access and eavesdropping."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Communications

=============================================

The correct answer is A — Unsecured wireless access points.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that unauthorized logins to a WLAN often indicate poorly secured wireless access points, such as those lacking strong encryption (e.g., WPA2/WPA3), not using strong passwords, or having open accesswithout authentication. This vulnerability can allow attackers to access internal systems and sensitive data.

Up-to-date anti-malware software (B), a strong password policy (C), and regular security training (D) are good security practices but do not directly explain unauthorized WLAN access.

Reference Extract from Study Guide:

"Unauthorized wireless access often results from unsecured wireless configurations, including weak encryption, open networks, or default credentials, posing significant risks to organizational assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security Concepts

=============================================

The employee needs to execute a program from the command line, which requires inputting commands into the computer.

The primary device for inputting commands is the keyboard.

Other options like the hard drive, speaker, and printer are not used for inputting commands.

The hard drive is used for data storage.

The speaker outputs sound.

The printer outputs documents.

Therefore, the correct peripheral device for this task is the keyboard.

The correct answer is B — Implementing security patches and updates on a regular basis and using hybrid cloud topology.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that timely application of security patches is critical to addressing vulnerabilities like outdated software. A hybrid cloud topology offers the flexibility and scalability needed by financial institutions while keeping sensitive data protected in more controlled environments.

Strong password policies (A) help, but public cloud alone may not be best for sensitive banking systems. Antivirus (C) addresses only part of the threat. Private cloud (D) improves security but may not offer the scalability benefits of a hybrid approach.

Reference Extract from Study Guide:

"Timely application of security patches mitigates vulnerabilities, and hybrid cloud models balance the need for scalability and sensitive data protection in financial institutions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Mitigation Strategies and Cloud Topologies

=============================================

The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical systems and establishing a disaster recovery plan ensures business continuity and system availability even after incidents like hardware failures, cyberattacks, or data corruption.

While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, backups and disaster recovery specifically ensure availability.

Reference Extract from Study Guide:

"Data backups and disaster recovery planning are essential controls to ensure system availability during and after a security incident or technical failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery

=============================================

The correct answer is C — Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) clearly states that encryption protects the confidentiality of transmitted information. In the case of SNMP (especially older versions like SNMPv1 and SNMPv2), communications are unencrypted, making encryption critical to protecting network management information from unauthorized disclosure.

Access controls (A) restrict who can access systems but do not encrypt data. Network segmentation (B) separates systems but does not encrypt traffic. Security monitoring (D) detects threats but does not protect data confidentiality.

Reference Extract from Study Guide:

"Encryption safeguards sensitive data transmitted over the network, ensuring confidentiality in compliance with privacy regulations such as HIPAA."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Data Protection

Short-term storage of data on a motherboard is managed by Random Access Memory (RAM).

RAM is volatile memory, meaning it temporarily stores data that is actively being used or processed by the CPU.

The other options:

The hard drive is used for long-term storage.

BIOS (Basic Input/Output System) is firmware for hardware initialization.

Read Only Memory (ROM) is used for permanent data storage that doesn't change.

Thus, RAM is the correct answer for short-term data storage.

The correct answer is D — Packet capture.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, packet captures (PCAP files) allow analysts to inspect individual network packets to understand traffic patterns, detect anomalies, and investigate attacks like DDoS. A packet capture provides complete network session data, enabling in-depth analysis of traffic behavior at the packet level.

Web server access logs (A) only capture web activity. Syslog messages (B) primarily record system events but not raw traffic data. Operating system event logs (C) focus on system-level actions, not network flows.

Reference Extract from Study Guide:

"Packet captures record the full network traffic and are essential for investigating network-based attacks such as DDoS incidents by analyzing traffic flows, protocols, and payloads."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Monitoring Concepts

=============================================

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

Applyingregular updates and patchesis fundamental to risk mitigation. Choosing ahybrid cloud topologyallows the financial institution to retaincritical services in-housewhile leveragingcloud scalabilityfor high-volume transactions.

NIST SP 800-160 Vol. 1 (Systems Security Engineering):

“Security patching is essential for mitigating vulnerabilities, especially in high-assurance environments like financial systems.”

Thehybrid modelbalancesperformance, control, and security, which is vital for core banking systems.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply risk mitigation techniques and choose secure deployment topologies

The correct answer is A — Developing and implementing a testing plan for the DRP.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), testing the disaster recovery plan is critical to ensuring that it is functional and effective when an actual disruptive event occurs. Regularly scheduled DRP testing validates that recovery processes work as intended and that personnel are familiar with their responsibilities.

Reviewing (B) and training (D) are important but are supplementary activities. Risk assessment (C) is important for planning but does not test the DRP.

Reference Extract from Study Guide:

"Testing and exercising disaster recovery plans ensure operational readiness and reveal gaps or weaknesses that can be corrected before an actual event occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing and Validation

=============================================

The correct answer is D — Recovery point objective (RPO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RPO defines the maximum amount of data loss that is tolerable in terms of time. It sets the backup frequency to ensure that in the event of a disruption, no more than the specified amount of data is lost.

Continuous data protection (A) is a method but not the term for the metric. BIA (B) identifies impacts but does not define backup timing. DR (C) refers to the overall recovery process, not backup frequency.

Reference Extract from Study Guide:

"Recovery point objective (RPO) defines the maximum age of files that must be recovered from backup storage for normal operations to resume after a failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Recovery Objectives

=============================================

Security edge devices(such as NGFWs, IDS/IPS, and secure gateways) are deployed at thenetwork perimeterto inspect and filter traffic, providing aninitial layer of defenseagainst external threats before they reach internal systems.

NIST SP 800-41 Rev. 1:

“Edge security devices enforce security policy at network boundaries and act as a first line of defense by preventing unauthorized or malicious traffic from entering the internal network.”

They are not TPMs or SIEMs, though they maygenerate dataconsumed by SIEMs.

????WGU Course Alignment:

Domain:Network Security

Topic:Deploy perimeter defense technologies at network entry points

Identity federationallows authentication credentials to be used across multiple systems or domains—includingon-premises and cloud platforms—without duplicating user databases.

NIST SP 800-63C (Federated Identity Guidelines):

“Federation enables users to access multiple, disparate services using a single digital identity that can be shared securely across organizational boundaries.”

This approach is essential in hybrid architectures where cloud VMs and on-prem servers must recognize acentralized identity providerlike Active Directory.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity in hybrid and multi-cloud environments

Copyrightsare a common legal method used to protect software.

A copyright gives the creator of the software exclusive rights to use and distribute the software.

It protects against unauthorized copying, modification, and distribution of the software.

Software creators can enforce their copyrights to prevent others from infringing on their intellectual property.

Example:Copyright law is often invoked in cases of software piracy.

The correct answer is B — Access logs.

As outlined in the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, access logs record who accessed which system components, when they did so, and what changes they made. These logs are vital for creating an audit trail that can be reviewed to detect unauthorized changes to applications or systems.

NetFlow logs (A) track network traffic flows but not system or application changes. Packet capture logs (C) deal with network data but are not specialized for auditing application-level events. Router logs (D) capture network device activity, not application access information.

Reference Extract from Study Guide:

"Access logs maintain detailed records of user actions within systems and applications, providing the necessary audit trail for tracking authorized and unauthorized activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Log Management Concepts

=============================================

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

The correct answer is A — Mandatory access control (MAC).

Per WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, MAC is a strict access control model where access to resources is based on information labels (such as classified, secret, top secret) and user clearances. Only administrators define and control the policy rules, and users cannot alter access settings, making it ideal for environments where classification labels determine access rights, such as government systems.

ABAC (B) focuses on attributes but is more dynamic rather than based purely on rigid classifications. DAC (C) gives data owners control over access permissions, unsuitable for classified government environments. RBAC (D) assigns permissions based on roles, but not necessarily aligned with security labels.

Reference Extract from Study Guide:

"Mandatory access control (MAC) enforces access policies based on fixed labels and security classifications, making it the preferred model for high-security environments like government agencies handling classified data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is C — Implementing a mobile device management (MDM) solution.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that an MDM solution enables organizations to enforce security policies on personal devices, such as encryption, remote wipe capabilities, and application controls. MDM allows safe access to corporate resources while managing the inherent risks of BYOD environments.

Blocking access (A) contradicts the BYOD policy goal. Security audits (B) monitor but do not control personal devices. Awareness training (D) is important but does not enforce technical protections on devices.

Reference Extract from Study Guide:

"Mobile device management (MDM) solutions enforce security policies on employee-owned devices, ensuring compliance and reducing the risks associated with BYOD implementations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Security

=============================================

The correct answer is C — Implementing local drive encryption on employee laptops.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that encryption protects sensitive data at rest, ensuring that if a laptop is lost or stolen, the data remains unreadable without the decryption key. This control directly addresses the protection of sensitive customer data.

Restricting software installation (A) is a good security practice but does not specifically protect stored sensitive data. Biometric authentication (B) strengthens authentication but does not encrypt data. Awareness training (D) helps users behave securely but does not technically protect the data itself.

Reference Extract from Study Guide:

"Local drive encryption protects sensitive data stored on mobile devices such as laptops, ensuring confidentiality even if the device is lost or stolen."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Security and Device Hardening

=============================================

Private Information Retrieval (PIR)allows a user to retrieve data from a server without revealingwhich datais being requested. It’s aprivacy-preserving protocolprimarily used in secure databases and web applications.

ACM Computing Surveys – Private Information Retrieval:

“PIR enables users to query a database without disclosing the identity of the item being retrieved, maintaining the user’s privacy.”

Homomorphic encryption protects data during processing, while PIR protectsaccess patterns.

????WGU Course Alignment:

Domain:Cryptography and Privacy Engineering

Topic:Apply PIR techniques for private querying in databases

To determine an order total, the item unit price is essential because it represents the cost per unit of the item. By multiplying the unit price by the quantity ordered, you can calculate the total cost for each item in the order, and then sum these totals to get the overall order total.

The correct answer is B — Internet Protocol Security (IPsec).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), IPsec provides secure communication over IP networks by encrypting and authenticating IP packets. It is widely used for site-to-site VPNs and ensures confidentiality, integrity, and authentication between different cloud environments like Azure and AWS.

TCP (A) is a transport layer protocol ensuring reliable delivery but not encryption. FTP (C) is used for file transfer and is insecure unless secured with extensions. SSH (D) secures remote terminal sessions but is not primarily used for network-wide secure communication.

Reference Extract from Study Guide:

"IPsec provides a secure method of communication across IP networks, ensuring data confidentiality, integrity, and authentication for VPN connections and hybrid cloud communications."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols for Hybrid Environments

=============================================

Regularlyreviewing and updatingthe Disaster Recovery Plan ensures it remains effective astechnology, processes, and risks evolve. It ensures that the DRP reflects current infrastructure, contacts, and business requirements.

NIST SP 800-34 Rev. 1:

“Plans should be reviewed and updated regularly to ensure accuracy and relevance. Failure to do so may result in ineffective or outdated procedures.”

Testing is important, butregular updates ensure long-term plan viability.

????WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Maintain and periodically revise DRPs to reflect current risks and systems

The correct answer is D — By providing over-the-air updates.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that over-the-air(OTA) updates allow organizations to remotely deploy patches and updates to mobile devices without requiring users to manually visit a central location. This method is essential for maintaining security for a geographically dispersed workforce.

Remote module updates (A), tokenized container updates (B), and mobile station updates (C) are not standard or widely recognized terms for mobile device update practices in this context.

Reference Extract from Study Guide:

"Over-the-air (OTA) updates ensure that security patches and software updates can be remotely deployed to mobile devices, supporting business continuity and device security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Management and Security

=============================================

The correct answer is A — A process to reassess risks on a defined schedule.

Based on the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, risks must be reassessed periodically because the threat landscape, organizational assets, and business processes evolve over time. Risks identified years ago might have changed in likelihood, impact, or may have been mitigated already. Therefore, it is essential to establish a formal process for periodic risk review and reassessment to maintain accurate and actionable risk profiles.

Availability of risk documents (B), methods of capture (C), and leadership involvement in scoring (D) are important, but they do not directly address the primary issue of outdated risk assessments.

Reference Extract from Study Guide:

"Organizations must implement a periodic review and reassessment process for risks to ensure that risk profiles reflect the current threat environment, organizational changes, and mitigation efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Framework

SHA-256is a widely usedcryptographic hash functionthat generates a fixed-size output(digest) from input data. It is designed to detect even the smallest change in the input, thereby ensuringdata integrity.

NIST FIPS PUB 180-4 (Secure Hash Standard):

“SHA-256 is used to verify the integrity of data by producing a hash value that is unique to the input, enabling detection of unauthorized changes.”

Unlike RSA and AES (used for encryption), hash algorithms are one-way functions used forintegrity verification.

????WGU Course Alignment:

Domain:Cryptography

Topic:Apply hashing techniques to ensure data integrity

The correct answer is D — Measured boot.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that Measured Boot, often implemented with Trusted Platform Modules (TPMs), ensures that each component of theboot process is verified for integrity. It provides cryptographic evidence that the system's startup sequence has not been tampered with.

Two-factor authentication (A) secures user logins but does not verify boot integrity. IDS (B) monitors network or host behavior but does not protect the boot process. HSM (C) secures cryptographic operations, not the system boot.

Reference Extract from Study Guide:

"Measured Boot verifies the integrity of the boot process, providing assurance that the system has not been compromised during startup."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System Hardening and Trusted Computing

=============================================

The correct answer is C — Stream ciphers.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content explains that stream ciphers encrypt data bit-by-bit or byte-by-byte, making them highly efficient and suitable for real-time applications like video conferencing where low latency is critical.

Block ciphers (A) encrypt large chunks of data, causing latency. Asymmetric encryption (B) is too slow for real-time data streams. Hash functions (D) are used for data integrity, not for ongoing data encryption.

Reference Extract from Study Guide:

"Stream ciphers encrypt data continuously and are ideal for real-time applications such as video or audio streaming where low latency is essential."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

The correct answer is D — Identify.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in risk management is identifying potential risks. Only once risks are identified can they be assessed, controlled, and reviewed. In this case, identifying potential data breaches, outages, and cost issues is the starting point.

Assess (A) happens after identification. Control (B) involves implementing responses. Review (C) happens later to check effectiveness.

Reference Extract from Study Guide:

"The first phase of risk management is risk identification, where potential threats and vulnerabilities are recognized and documented."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is B — Avoid.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials explain that risk avoidance involves eliminating the source of risk entirely. In this scenario, by decommissioning the vulnerable website and starting anew, the organization is removing the risky environment instead of trying to fix or transfer the risk, which is a clear example of risk avoidance.

Accepting (A) would mean tolerating the risk without action. Transferring (C) would involve shifting the risk to a third party (like insurance). Mitigating (D) would involve reducing the risk without removing the vulnerable system.

Reference Extract from Study Guide:

"Risk avoidance entails eliminating the conditions that expose the organization to a threat, thereby completely removing the associated risk."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies

The development of scope creep is often signaled by the addition of many unplanned features to the original project. This indicates that the project scope is expanding beyond its initial boundaries. Key indicators include:

Uncontrolled changesto the project scope.

Continuous new requestsfrom stakeholders that were not part of the original requirements.

Increased project complexityand difficulty in managing the project timeline and resources.

Scope creep can lead to delays, budget overruns, and project failure if not managed properly.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

The statement refers to the different types of media that can be used for data backup. Backup media encompasses various storage devices and methods used to store copies of data. Examples include:

CDs and DVDs: Optical storage media used for smaller-scale backups.

Hard drives: Mechanical or solid-state drives used for local and external backups.

Cloud storage: Online services providing remote storage and access to backups.

Choosing the appropriate backup media is crucial for ensuring data availability and recovery in case of data loss.

References

David M. Kroenke and Randall J. Boyle, "Using MIS," Pearson.

Curtis Preston, "Backup & Recovery: Inexpensive Backup Solutions for Open Systems," O'Reilly Media.

Wireless Intrusion Prevention Systems (WIPS)are specifically designed to monitor wireless networks and prevent rogue access points, MITM attacks, and wireless eavesdropping. Unlike Layer 3 switches or SIEM tools, WIPS directly addresses wireless threat vectors.

NIST SP 800-153 (Guidelines for Securing Wireless Local Area Networks):

“WIPS technologies help detect and prevent unauthorized wireless access points and attacks such as evil twin and man-in-the-middle attempts.”

????WGU Course Alignment:

Domain:Network Security

Topic:Implement wireless network protections (e.g., WIPS)

The characteristic of quality data represented here is relevance. When an organization sends customers email messages based on their purchase patterns, it ensures that the information is relevant to the customers' interests and needs. Relevant data is tailored to the specific context in which it is used, enhancing its value and effectiveness.

An information system is a coordinated set of components designed to collect, store, and process data, and to deliver information, knowledge, and digital products. Organizations use information systems to support operations, management, and decision-making. This includes both the technical components (hardware, software, databases, and networks) and the human components (people and processes).

The second generation of computers (1956-1963) saw the introduction of transistors, which replaced vacuum tubes used in the first generation. Transistors allowed computers to be smaller, faster, more reliable, and more energy-efficient compared to their predecessors.

The correct answer is D — Implementation of data encryption.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), encrypting data at rest ensures that even if attackers breach the system and obtain files, the data remains protected because it cannot be easily read without decryption keys.

Firewall enforcement (A) restricts access but does not protect data if stolen. Disabling printing services (B) limits data leakage but not core data protection. Backups (C) help with recovery, not immediate breach protection.

Reference Extract from Study Guide:

"Encrypting sensitive data ensures confidentiality even in the event of a security breach, protecting information from unauthorized exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Encryption Practices

=============================================

Fiber optic communications use light waves to transmit data.

This method allows for high-speed and long-distance data transmission.

The other options:

Radio towers use radio waves.

Twisted pair uses electrical signals.

Coaxial also uses electrical signals.

Therefore, the correct communication medium that uses light waves is fiber optic.

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

The correct answer is D — Host-based intrusion detection system (HIDS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a HIDS monitors individual servers or endpoints for suspicious activity and potential breaches. It provides real-time detection of unauthorized access and unusual behaviors on hosts.

HSM (A) protects cryptographic keys. Two-factor authentication (B) strengthens user authentication but does not monitor server activity. Antivirus tools (C) detect malware but are not designed to detect broader suspicious behaviors.

Reference Extract from Study Guide:

"Host-based intrusion detection systems (HIDS) monitor individual servers for unauthorized activities, unauthorized access attempts, and changes to critical system files."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Intrusion Detection Systems

=============================================

The correct answer is D — Likelihood.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that when evaluating the chance of future incidents, the focus should be on likelihood — the probability that a threat will exploit a vulnerability again. Given that a breach has already occurred, it is important to assess how likely another breach could happen without additional security measures.

Impact (A) measures consequences, not probability. Risk (B) is a combination of impact and likelihood, but to specifically focus on future potential, likelihood (D) is primary. Threat actors (C) describe adversaries, not probabilities.

Reference Extract from Study Guide:

"Likelihood refers to the probability that a specific threat will successfully exploit a vulnerability, and is a key consideration in predicting future incidents."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Assessment Concepts

=============================================

ADatabase Administrator (DBA)is responsible for managing the database infrastructure.

Primary responsibilitiesinclude:

Installing and configuringnew databases and database servers.

Ensuring databases run efficiently and are properly maintained.

Performingbackup and recoveryoperations to prevent data loss.

Monitoring performanceand tuning databases for optimal performance.

Implementingsecurity measuresto protect the database against unauthorized access.

The correct answer is D — Weak passwords.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), unauthorized SSH access from an unknown IP address often suggests that the attacker exploited weak or compromised passwords to gain access. Weak passwords are a common vulnerability for services exposed to the internet, especially SSH servers.

Exfiltration (A) refers to data theft after access, not initial unauthorized access. Unpatched software (B) might lead to other vulnerabilities but is not indicated here. Enumeration (C) is gathering information but not gaining login access directly.

Reference Extract from Study Guide:

"Weak or compromised passwords are a primary cause of unauthorized access, particularly for remote management interfaces such as SSH."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication Security BestPractices

=============================================

In a star network topology, each network device is connected to a central device like a hub or a switch.

This central device acts as a repeater for data flow.

The other options:

Bus topology uses a single central cable.

Mesh topology involves each device being connected to every other device.

Ring topology connects devices in a circular fashion.

Therefore, the star topology correctly describes a network where devices connect to a central hub or switch.

The correct answer is C — Least privilege.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course material, the principle of least privilege ensures that users are granted only the minimum level of access required to perform their job functions. In this case, if the insider only had access to resources necessary for their user role, they would not have been able to access sensitive administrative information.

Password complexity (A) strengthens account security but does not prevent excessive access. Separation of duties (B) divides critical tasks but is not solely about limiting access. Job rotation (D) moves employees between roles but is not an access control measure.

Reference Extract from Study Guide:

"The principle of least privilege requires limiting user access rights to the minimum necessary to perform their tasks, reducing the risk of insider threats and unauthorized access to sensitive information."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Principles

=============================================

The correct answer is D — Encryption to prevent man-in-the-middle and eavesdropping attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that while NFC is inherently short-range, it is still vulnerable to eavesdropping and man-in-the-middle attacks. Applying encryption ensures that even if communication is intercepted, the data remains protected and confidential.

Kerberos (A) is primarily for authentication within internal networks. Bluetooth restrictions (B) are unrelated to NFC. PDM (C) restricts device usage but does not directly protect NFC communication.

Reference Extract from Study Guide:

"Encrypting near-field communication ensures confidentiality and protects against interception and manipulation through man-in-the-middle and eavesdropping attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless and Mobile Security Concepts

The correct answer is C — Competitor.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), competitors often attempt to steal intellectual property to gain a business advantage. Given the theft of valuable business assets (e-books and videos), the most likely actor is a competitor motivated by financial or market advantage, not ideology or random hacking.

An APT (A) is usually nation-state-sponsored and targets critical infrastructure. A novice hacker (B) might deface or cause damage but is less likely focused on IP theft. Hacktivists (D) are politically motivated, not financially.

Reference Extract from Study Guide:

"Competitors may engage in cyber espionage to steal intellectual property and gain market advantage, representing a significant threat to business assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Actor Categories

The correct answer is A — Risk appetite.

As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, risk appetite defines the amount and type of risk an organization is willing to accept in pursuit of its objectives. It is a strategic-level metric used by executive leadership and boards to determine if the current level of risk exceeds what the organization is comfortable handling.

Risk evaluation plans (B) outline how risks are assessed, treatment plans (C) describe mitigation actions, and risk tolerance (D) is more operational, defining acceptable variation from the appetite but not the overall strategic limit.

Reference Extract from Study Guide:

"Risk appetite represents the amount of risk an organization is willing to pursue or retain and is established by senior leadership as part of governance activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Concepts

=============================================