Cybersecurity-Architecture-and-Engineering Questions and Answers

The operating system (OS) is the primary software that manages all the hardware and other software on a computer. It acts as an intermediary between users and the computer hardware. The OS handles basic tasks such as controlling and allocating memory, prioritizing system requests, controlling input and output devices, facilitating networking, and managing files. Examples include Windows, macOS, and Linux.

The correct answer is C — Stream ciphers.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content explains that stream ciphers encrypt data bit-by-bit or byte-by-byte, making them highly efficient and suitable for real-time applications like video conferencing where low latency is critical.

Block ciphers (A) encrypt large chunks of data, causing latency. Asymmetric encryption (B) is too slow for real-time data streams. Hash functions (D) are used for data integrity, not for ongoing data encryption.

Reference Extract from Study Guide:

"Stream ciphers encrypt data continuously and are ideal for real-time applications such as video or audio streaming where low latency is essential."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

Electronic Codebook (ECB)is thesimplest modeof block cipher operation, but it encrypts each blockindependently, which results inidentical ciphertext for identical plaintext blocks— making itunsafe for use with structured or repetitive data.

NIST SP 800-38A (Recommendation for Block Cipher Modes of Operation):

“ECB reveals patterns in plaintext and should not be used when such patterns are meaningful and predictable.”

Though efficient, ECB lackssemantic securityand is rarely recommended in practice.

????WGU Course Alignment:

Domain:Cryptography

Topic:Evaluate block cipher modes for appropriate use cases

Federated authenticationallows two or more organizations to share access credentials based ontrusted identity providers. This enables users from one domain to access systems in another without creating separate accounts.

NIST SP 800-63C (Digital Identity Guidelines – Federation):

“Federated identity allows users to access multiple services across security domains using a single identity, reducing the administrative burden of account duplication.”

This is essential in B2B or inter-organizational environments likehealthcare information exchange.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity systems for cross-organizational access

ChaChais a modern, high-performancestream cipherderived from Salsa20, known for its resistance to timing attacks and its use inTLS 1.3 and mobile securitydue to its efficiency and security. When paired withPoly1305, it provides bothencryption and authentication.

RFC 8439 (ChaCha20 and Poly1305 for IETF Protocols):

“ChaCha20 is a secure cipher designed for high-speed software implementations. It is robust against side-channel and cryptanalytic attacks and is used in conjunction with Poly1305 for authenticated encryption.”

CBC, ECB, and CTR are block cipher modes, not stream ciphers.

????WGU Course Alignment:

Domain:Cryptography

Topic:Identify secure and modern stream ciphers for real-time encryption

Desktops typically have more memory (RAM) and internal storage (hard drives or SSDs) compared to handheld computers. This allows desktops to handle more intensive computingtasks and store larger amounts of data. Handheld devices, on the other hand, prioritize portability and battery life over high storage and memory capacity.

In a star network topology, each network device is connected to a central device like a hub or a switch.

This central device acts as a repeater for data flow.

The other options:

Bus topology uses a single central cable.

Mesh topology involves each device being connected to every other device.

Ring topology connects devices in a circular fashion.

Therefore, the star topology correctly describes a network where devices connect to a central hub or switch.

The correct answer is C — Encrypting data.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that encryption is the best defense against man-in-the-middle attacks because even if traffic is intercepted, the data remains unreadable without the appropriate decryption keys.

Disabling Wi-Fi (A) is not practical and does not eliminate MITM threats entirely. Password policies (B and D) strengthen account security but do not protect data transmission.

Reference Extract from Study Guide:

"Encryption ensures the confidentiality of data in transit, preventing unauthorized parties from accessing the content even during man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Transmission Security

=============================================

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

SHA-256is a widely usedcryptographic hash functionthat generates a fixed-size output(digest) from input data. It is designed to detect even the smallest change in the input, thereby ensuringdata integrity.

NIST FIPS PUB 180-4 (Secure Hash Standard):

“SHA-256 is used to verify the integrity of data by producing a hash value that is unique to the input, enabling detection of unauthorized changes.”

Unlike RSA and AES (used for encryption), hash algorithms are one-way functions used forintegrity verification.

????WGU Course Alignment:

Domain:Cryptography

Topic:Apply hashing techniques to ensure data integrity

The correct answer is D — Secure Shell (SSH).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials state that SSH provides strong encryption and authentication for remote access over unsecured networks. SSH ensures that sessions are confidential and that only authorized users can access remote systems.

HTTP (A) and FTP (B) transmit data in plaintext and do not provide encryption. Telnet (C) also transmits data in plaintext and is insecure for remote access.

Reference Extract from Study Guide:

"Secure Shell (SSH) is used for secure remote management, offering encrypted communications and authentication mechanisms to protect against unauthorized access and eavesdropping."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Communications

=============================================

The correct answer is B — Implementing domain name system security extensions (DNSSEC) to digitally sign DNS responses and prevent DNS spoofing attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that DNSSEC protects the integrity and authenticity of DNS responses, thereby preventing DNS spoofing (also called DNS cache poisoning), which could redirect users to malicious sites.

Restricting DNS access (A) is not sufficient against spoofing. Increasing patching frequency (C) is good practice but does not specifically stop spoofing. Security awareness training (D) helps against phishing, not DNS vulnerabilities.

Reference Extract from Study Guide:

"DNSSEC digitally signs DNS data to ensure the integrity and authenticity of DNS responses, mitigating risks such as DNS spoofing and cache poisoning."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Networking Protocols

=============================================

Computer networks provide several benefits for businesses, including:

Lower IT operations costs: Networking allows businesses to share resources, such as printers and storage, reducing the need for individual equipment for each user and lowering overall IT costs.

Increased business efficiency: Networks enable faster communication and data sharing between employees, departments, and locations, leading to more efficient business operations and improved collaboration.

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

AnIntrusion Prevention System (IPS)detects and blocks malicious activity in real time based on defined policies or behavior patterns. IPS tools can enforcerate limiting,connection attempts, and evenauto-blockingafter repeated failures.

NIST SP 800-94 Rev. 1:

“Intrusion prevention systems not only detect potential incidents but actively prevent attempts such as brute-force attacks on services like SSH.”

Firewalls may filter traffic, but only an IPSactively terminates or blocks behavior-based threats like repeated failed logins.

????WGU Course Alignment:

Domain:Network Security

Topic:Deploy and configure IPS for automated protection against brute-force attacks

Applyingregular updates and patchesis fundamental to risk mitigation. Choosing ahybrid cloud topologyallows the financial institution to retaincritical services in-housewhile leveragingcloud scalabilityfor high-volume transactions.

NIST SP 800-160 Vol. 1 (Systems Security Engineering):

“Security patching is essential for mitigating vulnerabilities, especially in high-assurance environments like financial systems.”

Thehybrid modelbalancesperformance, control, and security, which is vital for core banking systems.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply risk mitigation techniques and choose secure deployment topologies

The correct answer is A — They act as an initial defense layer for potential threats.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), security edge devices such as firewalls, secure web gateways, and intrusion prevention systems (IPS) are placed at the network perimeter to serve as the first layer of defense against external threats.

DDoS protection (B) may be part of a broader security solution but is not the main role of general edge devices. SIEM modules (C) collect and correlate logs, not defend at the perimeter. TPM devices (D) are hardware-based cryptographic modules, not network edge defenses.

Reference Extract from Study Guide:

"Security edge devices provide the first line of defense against external threats by monitoring, filtering, and blocking malicious traffic entering the corporate network."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Perimeter Defense

Short-term storage of data on a motherboard is managed by Random Access Memory (RAM).

RAM is volatile memory, meaning it temporarily stores data that is actively being used or processed by the CPU.

The other options:

The hard drive is used for long-term storage.

BIOS (Basic Input/Output System) is firmware for hardware initialization.

Read Only Memory (ROM) is used for permanent data storage that doesn't change.

Thus, RAM is the correct answer for short-term data storage.

The correct answer is C — Implementation of role-based access controls and encryption of all sensitive data.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the combination of role-based access control (RBAC) and encryption protects sensitive health data by ensuring only authorized users can access necessary information, while encryption ensures the data remains secure both at rest and in transit.

Disabling USB ports (A) prevents data exfiltration but does not fulfill broad privacy requirements. Encrypting network traffic (B) protects in-transit data only. Firewalls (D) protect against unauthorized access but do not manage user roles or internal data privacy.

Reference Extract from Study Guide:

"Protecting sensitive health data requires a combination of access control models such as RBAC and encryption, ensuring both authorization and confidentiality."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Privacy and Data Protection Strategies

The correct answer is C — Common Vulnerabilities and Exposures (CVE).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) highlights that the CVE database provides information about publicly disclosed cybersecurity vulnerabilities in software, including open-source libraries. By consulting the CVE list, the security team can assess whether the open-source libraries have known vulnerabilities before approving their use.

Agile (A) and Waterfall (B) are software development methodologies, not vulnerability databases. Continuous delivery (D) refers to automated software deployment and not vulnerability assessment.

Reference Extract from Study Guide:

"The Common Vulnerabilities and Exposures (CVE) database provides standardized information on publicly known cybersecurity vulnerabilities, enabling risk assessment of software components."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management Concepts

=============================================

AData Protection Impact Assessment (DPIA)is a formal process toassess the risks to personal data privacybefore implementing systems or technologies that handle personal data, especially under regulations likeGDPRor HIPAA.

NIST Privacy Framework v1.0 (Appendix D):

“A DPIA helps organizations systematically analyze, identify, and minimize the data protection risks of a project or plan involving personal information.”

While BCP and DR focus on operational resilience, DPIA isprivacy-focusedand risk-driven.

????WGU Course Alignment:

Domain:Risk Management and Privacy Engineering

Topic:Conduct privacy impact assessments for systems processing personal data

The correct answer is B — Compare the unknown address to known IP addresses to determine if it is a threat.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), proper threat analysis requires identifying and verifying whether an unknown source is malicious before taking action. Comparing the IP address against known threat databases or intelligence feeds allows the organization to make informed decisions.

Permanently blocking (A) or temporarily blocking (C) without analysis could cause disruption if the IP is legitimate. Rate limiting (D) reduces traffic but does not determine threat status.

Reference Extract from Study Guide:

"Effective incident analysis begins by verifying and classifying the suspicious activity, including checking unknown IP addresses against threat intelligence sources."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Analysis and IncidentHandling

=============================================

Security edge devices(such as NGFWs, IDS/IPS, and secure gateways) are deployed at thenetwork perimeterto inspect and filter traffic, providing aninitial layer of defenseagainst external threats before they reach internal systems.

NIST SP 800-41 Rev. 1:

“Edge security devices enforce security policy at network boundaries and act as a first line of defense by preventing unauthorized or malicious traffic from entering the internal network.”

They are not TPMs or SIEMs, though they maygenerate dataconsumed by SIEMs.

????WGU Course Alignment:

Domain:Network Security

Topic:Deploy perimeter defense technologies at network entry points

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.

OWASP Secure Coding Practices – Error Handling and Logging:

“Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details.”

HTTPS secures transport, but doesn't addressinformation disclosurevia error output.

????WGU Course Alignment:

Domain:Information Systems and Architecture

Topic:Implement secure design practices (e.g., error handling, obfuscation)

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

AES (Advanced Encryption Standard)is a symmetric block cipher approved by NIST for protecting sensitive data, includingelectronic protected health information (ePHI). It is the recommended encryption method underHIPAA compliance guidelines.

NIST FIPS 197 (Advanced Encryption Standard - AES):

“AES is a symmetric cipher used to protect sensitive electronic data and is approved for use in securing government and healthcare systems.”

WEP is outdated, SMTP is a protocol for email, and RSA is better suited for key exchange, not bulk data encryption.

????WGU Course Alignment:

Domain:Cryptography and Compliance

Topic:Use NIST-approved encryption (AES) for healthcare data under HIPAA

End-of-life (EOL) systemspose a significant security risk because they no longer receive patches or security updates. Themost effective and proactive hardening techniquein this case is tocompletely remove those systems from the network.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems no longer supported by vendors must be removed, replaced, or isolated as they pose unacceptable risks.”

Other controls are useful for broader protection, but if a system is inherently vulnerable and cannot be patched,removal is the only surefire solution.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement system hardening strategies and manage legacy systems

The correct answer is B — Access logs.

As outlined in the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, access logs record who accessed which system components, when they did so, and what changes they made. These logs are vital for creating an audit trail that can be reviewed to detect unauthorized changes to applications or systems.

NetFlow logs (A) track network traffic flows but not system or application changes. Packet capture logs (C) deal with network data but are not specialized for auditing application-level events. Router logs (D) capture network device activity, not application access information.

Reference Extract from Study Guide:

"Access logs maintain detailed records of user actions within systems and applications, providing the necessary audit trail for tracking authorized and unauthorized activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Log Management Concepts

=============================================

Application Software:

Application software refers to programs that help end users perform specific tasks. Examples include email clients, word processors, and spreadsheet programs.

These are designed to be used by people to perform tasks such as writing documents, managing data, or communicating.

Operating Systems:

Operating systems (OS) manage the hardware and software resources of a computer system. They provide a platform for application software to run.

Examples include Microsoft Windows, macOS, and Linux. The OS handles system-level tasks like memory management, process scheduling, and hardware interaction.

Key Differences:

Application software (B, C) is user-oriented, aimed at helping users complete tasks.

Operating systems (A, D) manage the computer's hardware and system resources.

Abastion scanneris a tool or hardened system that inspects network traffic and identifies security vulnerabilities, particularly those visible from an external (internet-facing) viewpoint. It plays a key role inpost-development assessment.

OWASP Testing Guide v4.2:

"Use bastion hosts or hardened scanners to perform vulnerability assessments from an attacker’s perspective."

This option is preferable for final validation before system release, especially when looking for exposure from the public internet.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Evaluate hardened systems and scanning tools during release validation

The correct answer is D — Open Authorization (OAuth).

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, OAuth is the standard protocol used for authorizing access to third-party applications without revealing user credentials. It allows users to log in using social identity providers like Google, Facebook, or LinkedIn, which is perfect for external customers and contractors accessing a mobile application. OAuth is designed for modern applications requiring delegated access.

SAML (A) is generally used for enterprise single sign-on (SSO) solutions, primarily for internal enterprise authentication, not social login. Kerberos (B) is used within controlled internalnetwork environments for authentication. LDAP (C) is a directory access protocol, not an authorization protocol for third-party sign-in.

Reference Extract from Study Guide:

"OAuth enables users to grant a third-party application limited access to their resources withoutexposing their credentials, making it ideal for mobile and web applications involving external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Authorization Concepts

=============================================

Aproprietary software licensetypically grants a business or user theright to usethe software.

Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.

The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.

Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.

TheCentral Processing Unit (CPU)is the primary component of a computer that performs most of the processing inside a computer.

Carrying out the instructions of a computer program: The CPU executes program instructions, which are the basic tasks that tell the computer what to do.

Containing an arithmetic logic unit (ALU): The ALU performs all arithmetic and logic operations, such as addition, subtraction, and comparison.

The CPU also manages data flow between the computer's other components.

It fetches instructions from memory, decodes them, and then executes them, which involves performing calculations and making decisions.

Theprinciple of least privilegedictates that backups—especially those containing sensitive or mission-critical data—should havestrict access controlsto prevent unauthorized access.

NIST SP 800-209 (Security Guidelines for Storage Infrastructure):

“Access to storage resources must be tightly controlled through identity management and access control policies to prevent compromise or misuse of sensitive data.”

While vulnerability scanning and auditing are goodfollow-upactions,immediate access restrictionis thefirst-line defense.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Secure cloud data storage and apply access control measures

The correct answer is D — Establish a baseline for normal activity.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.

Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.

Reference Extract from Study Guide:

"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

=============================================

IT infrastructure encompasses all the physical and virtual resources that support the flow,storage, processing, and analysis of data. Networks, which include the internet, intranets, and extranets, are fundamental components of IT infrastructure as they enable communication and data exchange between different hardware and software components.

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================

Encrypting stored (at rest) dataensures that even if the storage is compromised (e.g., stolen or accessed by unauthorized parties), the data remains unintelligible without the encryption keys.

NIST SP 800-111 (Guide to Storage Encryption Technologies):

“Data encryption provides confidentiality of information stored on media or storage systems, preventing unauthorized disclosure of sensitive data.”

Encryption is a core requirement forconfidentiality controls, especially for systems handling documents and records.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply data-at-rest encryption for secure information storage

The correct answer is C — Implementation of secure user authentication protocols.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that secure authentication mechanisms, like strong passwords, multifactor authentication, and session management, prevent unauthorized access and impersonation, thus helping prevent cheating inlearning platforms.

Firewall policies (A) and disabling Bluetooth (B) harden systems but do not directly address authentication. Software updates (D) protect against system vulnerabilities but not user integrity.

Reference Extract from Study Guide:

"Secure authentication protocols ensure that users accessing learning management systems are properly verified, reducing risks of impersonation and cheating."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Access Control and Identity Verification

=============================================

Themost sustainable solutionto eliminate security risks associated with legacy systems is toupgrade themto supported versions that receive security updates and patches.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems running unsupported or outdated software must be prioritized for upgrade to ensure that known vulnerabilities are mitigated.”

While short-term isolation may work temporarily, it does not address theroot causeor meet compliance requirements long-term.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Perform lifecycle management and upgrade legacy systems

The correct answer is A — Conducting regular vulnerability assessments and penetration testing.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, performing vulnerability assessments and penetration testing helps identify weaknesses in both hardware and virtual environments. Regular testing ensures that any hardware-related vulnerabilities are discovered and addressed before they can be exploited.

Disabling CPU virtualization support (B) would prevent virtual machines from running, defeating the purpose. A web application firewall (C) monitors traffic at the application layer but does not address hardware risks. Access control policies (D) are important but not directly tied to detecting hardware vulnerabilities.

Reference Extract from Study Guide:

"Regular vulnerability assessments and penetration testing identify weaknesses in hardware and software environments, providing critical insights for maintaining a hardened and secure posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Security Testing and Assessment

=============================================

The correct answer is D — Weak passwords.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), unauthorized SSH access from an unknown IP address often suggests that the attacker exploited weak or compromised passwords to gain access. Weak passwords are a common vulnerability for services exposed to the internet, especially SSH servers.

Exfiltration (A) refers to data theft after access, not initial unauthorized access. Unpatched software (B) might lead to other vulnerabilities but is not indicated here. Enumeration (C) is gathering information but not gaining login access directly.

Reference Extract from Study Guide:

"Weak or compromised passwords are a primary cause of unauthorized access, particularly for remote management interfaces such as SSH."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication Security BestPractices

=============================================

The SQL statement provided is:

SELECT*FROMCustomersWHEREState ='Arizona';

SELECT *indicates that all columns from the table should be selected.

FROM Customersspecifies the table from which to retrieve the data.

WHERE State = 'Arizona'filters the results to include only those records where the State column has the value 'Arizona'.

Therefore, the statement returns all records from the Customers table that are located in Arizona.

The correct answer is D — Host-based intrusion detection system (HIDS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a HIDS monitors individual servers or endpoints for suspicious activity and potential breaches. It provides real-time detection of unauthorized access and unusual behaviors on hosts.

HSM (A) protects cryptographic keys. Two-factor authentication (B) strengthens user authentication but does not monitor server activity. Antivirus tools (C) detect malware but are not designed to detect broader suspicious behaviors.

Reference Extract from Study Guide:

"Host-based intrusion detection systems (HIDS) monitor individual servers for unauthorized activities, unauthorized access attempts, and changes to critical system files."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Intrusion Detection Systems

=============================================

The correct answer is B — Sixteen characters with at least one letter, one number, and one symbol.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, strong password policies must enforce a minimum length (preferably 12 to 16 characters) and require complexity, including uppercase and lowercase letters, numbers, and special characters. Sixteen-character passwords that include varied character types greatly increase the difficulty for attackers using brute-force or dictionary attacks.

Options A, C, and D either lack complexity or have too few characters, making them vulnerable to attacks.

Reference Extract from Study Guide:

"A strong password should be at least 12–16 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters to maximize resistance to brute-force attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and AccessManagement Concepts

=============================================

The correct answer is D — Encryption to prevent man-in-the-middle and eavesdropping attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that while NFC is inherently short-range, it is still vulnerable to eavesdropping and man-in-the-middle attacks. Applying encryption ensures that even if communication is intercepted, the data remains protected and confidential.

Kerberos (A) is primarily for authentication within internal networks. Bluetooth restrictions (B) are unrelated to NFC. PDM (C) restricts device usage but does not directly protect NFC communication.

Reference Extract from Study Guide:

"Encrypting near-field communication ensures confidentiality and protects against interception and manipulation through man-in-the-middle and eavesdropping attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless and Mobile Security Concepts

The correct answer is A — Virtual private network (VPN).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a VPN creates an encrypted tunnel over public or private networks, ensuring confidentiality, integrity, and authentication of data transmitted between geographically dispersed offices.

SIEM (B) manages security events, not secure communications. PPTP (C) is an outdated and insecure VPN protocol. NAC (D) enforces endpoint security but does not establish secure tunnels.

Reference Extract from Study Guide:

"A virtual private network (VPN) provides a secure, encrypted tunnel between geographically separated networks, enabling confidential communication over untrusted networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Remote Access Technologies

The correct answer is B — Asymmetric encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), asymmetric encryption uses a pair of public and private keys, allowing the sender to encrypt the documents with the recipient’s public key, ensuring that only the recipient’s private key can decrypt them. This guarantees confidentiality even over an unsecured network.

Stream ciphers (A) and block ciphers (C) are types of symmetric encryption, requiring a shared secret key. Hash functions (D) provide integrity, not confidentiality.

Reference Extract from Study Guide:

"Asymmetric encryption enables secure data exchange by allowing encryption with a public key and decryption only with a corresponding private key, ensuring confidentiality over unsecured networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Methods and Key Management

=============================================

The correct answer is C — Constantly scan for known signatures on every machine.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), scanning for known malware signatures is an essential method for detecting infections such as botnets. Signature-based detection compares files and behaviors against databases of known indicators of compromise (IOCs).

Two-factor authentication (A) protects login processes but does not detect malware. Firewall rules (B) help control access but do not detect infections. Configuration management (D) ensures system setup integrity but does not detect botnets.

Reference Extract from Study Guide:

"Signature-based scanning detects malware and botnets by comparing system files and behaviors against databases of known threats and indicators of compromise (IOCs)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Malware Detection and Threat Response

Copyrightsare a common legal method used to protect software.

A copyright gives the creator of the software exclusive rights to use and distribute the software.

It protects against unauthorized copying, modification, and distribution of the software.

Software creators can enforce their copyrights to prevent others from infringing on their intellectual property.

Example:Copyright law is often invoked in cases of software piracy.

To determine an order total, the item unit price is essential because it represents the cost per unit of the item. By multiplying the unit price by the quantity ordered, you can calculate the total cost for each item in the order, and then sum these totals to get the overall order total.

To protect datain use(within memory), the provider must implementhardware-level memory encryptionandtrusted execution environments(secure enclaves), which protect against cold boot attacks, memory scraping, and unauthorized access.

NIST SP 800-207A (Hardware-Enabled Security: Enclaves):

“Trusted execution environments and memory encryption mechanisms help ensure that data remains protected even when systems are compromised at lower levels.”

This is amodern cloud security best practiceespecially useful forconfidential computingenvironments.

????WGU Course Alignment:

Domain:System Security Engineering / Cryptography

Topic:Protect data in use with hardware-based encryption and enclaves

The correct answer is A — Expiration.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), password expiration policies require users to change their passwords after a certain period, ensuring that long-term credential exposure risk is minimized.

Length (B) defines minimum password size. Recovery (C) relates to resetting forgotten passwords. Complexity (D) enforces character requirements, not age.

Reference Extract from Study Guide:

"Password expiration policies require users to update passwords regularly, minimizing the risk of long-term credential exposure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Password Security Best Practices

=============================================

The correct answer is D — Implementation of multifactor authentication for all user accounts.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), multifactor authentication (MFA) strengthens identity verification by requiring multiple forms of credentials, significantly reducing the risk of identity theft.

Firewalls (A) and USB port controls (B) improve system security but do not directly prevent identity theft. Vulnerability scanning and patch management (C) address software weaknesses but not user authentication.

Reference Extract from Study Guide:

"Multifactor authentication (MFA) enhances user account security by requiring multiple verification factors, making it significantly harder for attackers to commit identity theft."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Best Practices

Deploying the SMTP server in aDMZ between two firewallsallows email traffic to be filtered before it ever touches the internal network. The DMZ serves as a security buffer zone—where public-facing services are isolated but still accessible from both internal and external networks, thus reducing the attack surface.

NIST SP 800-41 Rev. 1 (Guidelines on Firewalls and Firewall Policy):

"Organizations often place publicly accessible resources (e.g., SMTP servers) in a demilitarized zone (DMZ) between two firewalls to provide layered protection and isolate internal systems from external threats."

????WGU Course Alignment:

Domain:Network Architecture and Design

Topic:Implement secure DMZ design and segmentation

The correct answer is C — Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) clearly states that encryption protects the confidentiality of transmitted information. In the case of SNMP (especially older versions like SNMPv1 and SNMPv2), communications are unencrypted, making encryption critical to protecting network management information from unauthorized disclosure.

Access controls (A) restrict who can access systems but do not encrypt data. Network segmentation (B) separates systems but does not encrypt traffic. Security monitoring (D) detects threats but does not protect data confidentiality.

Reference Extract from Study Guide:

"Encryption safeguards sensitive data transmitted over the network, ensuring confidentiality in compliance with privacy regulations such as HIPAA."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Data Protection

Homomorphic encryptionallows computation on ciphertexts, producing encrypted results that, when decrypted, match the results of operations performed on plaintext. This enablessecure outsourcing of computationwithout exposing sensitive data.

NIST IR 8105 (Homomorphic Encryption):

“Homomorphic encryption enables computation on encrypted data without decrypting it, preserving data privacy during processing.”

SSL encrypts communication, PIR and SFE are niche protocols not suitable for general-purpose computation over encrypted data.

????WGU Course Alignment:

Domain:Cryptography

Topic:Understand and apply homomorphic encryption for secure computation

The correct answer is C — Host-based firewall.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, a host-based firewall enforces traffic control policies at the endpoint level. It can allow or deny traffic based on application, port, IP address, and protocol rules, restricting access to only approved services and applications on a system.

Antivirus tools (A) detect malware but do not control network traffic. Two-factor authentication (B) secures user access but does not manage network traffic. HSMs (D) handle encryption keys, not network access control.

Reference Extract from Study Guide:

"Host-based firewalls restrict traffic at the system level, permitting only authorized services and applications, enhancing endpoint security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Protection and Firewalls

=============================================

AHost-based Intrusion Detection and Prevention System (HIDPS)can detect unauthorized activity or suspicious changesat the OS level, including those specifically targetingLinux kernel modules, services, or rootkits.

NIST SP 800-94 Rev. 1:

“HIDPS software runs on individual hosts or devices in the network, analyzing inbound and outbound packets and alerting administrators to suspicious activity.”

HIDPS is especially effective in server environments wherekernel-level visibilityis critical.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement and monitor HIDPS on enterprise Linux servers

Google Apps, Dropbox, and GoToMeeting are examples of Software-as-a-Service (SaaS). SaaS provides software applications over the internet as a service. Users can access the softwarethrough a web browser without needing to install and maintain the software on their local devices, making it convenient and cost-effective for both individuals and businesses.

Arelational databaseis structured to recognize relations among stored items of information.

Multiple tablesin a relational database can have interrelated fields.

These relationships are often managed throughforeign keys, which reference the primary keys of other tables.

This relational model allows for complex queries and data integrity across the database.

Example:Tables such asCustomers,Orders, andProductsin a sales database, whereOrderstable may reference bothCustomersandProductstables to establish relationships.

SIEM systemsconsolidate logs and events from across the enterprise and apply behavior analysis and correlation rules to detect suspicious activity, including lateral movement, brute force, and privilege escalation.

NIST SP 800-137 (Information Security Continuous Monitoring for Federal Information Systems and Organizations):

“SIEM solutions provide security teams with insight into potentially malicious activity and enable proactive incident detection and response.”

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Utilize SIEM for real-time user behavior analysis

The correct answer is D — Implementation of licensing technologies in order to restrict unauthorized access to the system.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), using licensing technologies helps prevent software piracy by ensuring that only authorized users with valid licenses can access and operate the system. License management solutions validate user access and reduce unauthorized duplication or usage of proprietary software.

Disabling external devices (A) protects against physical data theft but not piracy. Encrypting patient data (B) protects confidentiality but not against software piracy. Virus scanning (C) detects malware, not unauthorized software copying.

Reference Extract from Study Guide:

"Licensing technologies enforce legal software use and prevent unauthorized access, helping organizations protect intellectual property and defeat piracy efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Software and Intellectual Property Protection

=============================================