Courses and Certificates Cybersecurity-Architecture-and-Engineering Reddit Questions

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

The correct answer is D — Establish a baseline for normal activity.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.

Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.

Reference Extract from Study Guide:

"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

=============================================

The correct answer is C — Impact.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, when evaluating the severity of an incident, the immediate and potential impact on operations, patient care, finances, or reputation is the most critical factor. In this scenario, the interruption to patientcare due to encrypted records signifies a major operational impact, making it the most important consideration.

Threat actors (A) identify who is behind the attack, not the severity. Risk (B) encompasses impact and likelihood but is broader. Likelihood (D) concerns the probability of an event happening, not its current severity.

Reference Extract from Study Guide:

"Impact refers to the actual or potential harm that results from a security incident, including effects on operations, financial loss, or harm to individuals."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Incident Response and Management

=============================================