Free and Premium WGU Cybersecurity-Architecture-and-Engineering Dumps Questions Answers

The correct answer is C — Reverse proxy.

As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, a reverse proxy server acts on behalf of web servers by caching static content (such as images, scripts, and HTML files), significantly reducing server load. It also provides an additional layer of protection by hiding the backend servers from direct exposure to clients and enabling centralized application of security policies such as SSL termination and Web Application Firewall (WAF) integration.

Firewall rule changes (A) manage access control but do not handle caching or reduce load. An IDS (B) monitors for intrusions but doesn’t offload traffic or cache content. NAT (D) translates IP addresses but doesn't cache content or add a protection layer.

Reference Extract from Study Guide:

"A reverse proxy server provides caching capabilities for static content and acts as a protective intermediary between client requests and backend servers, thus reducing server load and enhancing security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Network Design Concepts

=============================================

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

The correct answer is B — Password policies.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that strong password policies, including requirements for complexity, minimum length, expiration, and reuse restrictions, are essential for protecting user credentials from compromise.

Object storage (A) and removable storage (C) deal with data storage, not password management. Hardware key managers (D) manage cryptographic keys, not passwords directly.

Reference Extract from Study Guide:

"Implementing strong password policies enforces secure password practices among users, reducing the risk of credential compromise."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Controls

=============================================

IT infrastructure encompasses all the physical and virtual resources that support the flow,storage, processing, and analysis of data. Networks, which include the internet, intranets, and extranets, are fundamental components of IT infrastructure as they enable communication and data exchange between different hardware and software components.

The correct answer is D — Open Authorization (OAuth).

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, OAuth is the standard protocol used for authorizing access to third-party applications without revealing user credentials. It allows users to log in using social identity providers like Google, Facebook, or LinkedIn, which is perfect for external customers and contractors accessing a mobile application. OAuth is designed for modern applications requiring delegated access.

SAML (A) is generally used for enterprise single sign-on (SSO) solutions, primarily for internal enterprise authentication, not social login. Kerberos (B) is used within controlled internalnetwork environments for authentication. LDAP (C) is a directory access protocol, not an authorization protocol for third-party sign-in.

Reference Extract from Study Guide:

"OAuth enables users to grant a third-party application limited access to their resources withoutexposing their credentials, making it ideal for mobile and web applications involving external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Authorization Concepts

=============================================

The correct answer is C — Tampering.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials explain that tampering refers to unauthorized modifications of systems or data. In this case, the website being altered to redirect users to a malicious landing page indicates that an attacker has tampered with the legitimate website code or its DNS settings.

Exfiltration (A) refers to stealing data. Phishing (B) involves tricking users but not modifying a website. Ransomware (D) encrypts systems for ransom, not cause redirection.

Reference Extract from Study Guide:

"Tampering involves the unauthorized modification of a system or its resources, often to redirect users to malicious destinations or to alter functionality in harmful ways."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Categories and Impacts

=============================================

AnEnd User License Agreement (EULA)is a legal contract between the software manufacturer and the user.

The primary purpose of a EULA is togrant the user the right to use the software.

It outlines the terms and conditions under which the software can be used.

This can include restrictions on installation, distribution, and modification.

The EULA helps protect the intellectual property rights of the software creator.

The correct answer is C — Implementing local drive encryption on employee laptops.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that encryption protects sensitive data at rest, ensuring that if a laptop is lost or stolen, the data remains unreadable without the decryption key. This control directly addresses the protection of sensitive customer data.

Restricting software installation (A) is a good security practice but does not specifically protect stored sensitive data. Biometric authentication (B) strengthens authentication but does not encrypt data. Awareness training (D) helps users behave securely but does not technically protect the data itself.

Reference Extract from Study Guide:

"Local drive encryption protects sensitive data stored on mobile devices such as laptops, ensuring confidentiality even if the device is lost or stolen."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Security and Device Hardening

=============================================

A programming language is a formal language comprising a set of instructions that produce various kinds of output. Programming languages are used in computer programming to implement algorithms and manipulate data. They provide the vocabulary and grammatical rules for instructing a computer to perform specific tasks, allowing developers to write software programs that can be executed by a computer.

The correct answer is B — Internet Protocol Security (IPsec).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), IPsec provides secure communication over IP networks by encrypting and authenticating IP packets. It is widely used for site-to-site VPNs and ensures confidentiality, integrity, and authentication between different cloud environments like Azure and AWS.

TCP (A) is a transport layer protocol ensuring reliable delivery but not encryption. FTP (C) is used for file transfer and is insecure unless secured with extensions. SSH (D) secures remote terminal sessions but is not primarily used for network-wide secure communication.

Reference Extract from Study Guide:

"IPsec provides a secure method of communication across IP networks, ensuring data confidentiality, integrity, and authentication for VPN connections and hybrid cloud communications."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols for Hybrid Environments

=============================================

The correct answer is B — Sixteen characters with at least one letter, one number, and one symbol.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, strong password policies must enforce a minimum length (preferably 12 to 16 characters) and require complexity, including uppercase and lowercase letters, numbers, and special characters. Sixteen-character passwords that include varied character types greatly increase the difficulty for attackers using brute-force or dictionary attacks.

Options A, C, and D either lack complexity or have too few characters, making them vulnerable to attacks.

Reference Extract from Study Guide:

"A strong password should be at least 12–16 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters to maximize resistance to brute-force attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and AccessManagement Concepts

=============================================

The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical systems and establishing a disaster recovery plan ensures business continuity and system availability even after incidents like hardware failures, cyberattacks, or data corruption.

While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, backups and disaster recovery specifically ensure availability.

Reference Extract from Study Guide:

"Data backups and disaster recovery planning are essential controls to ensure system availability during and after a security incident or technical failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery

=============================================

Aproprietary software licensetypically grants a business or user theright to usethe software.

Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.

The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.

Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.

The correct answer is C — HTTP interceptor.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), an HTTP interceptor is a tool or method used to capture, inspect, and manipulate HTTP/S traffic between aclient and server. It allows testers to identify security vulnerabilities such as improper input validation, session management flaws, and exposure of sensitive data.

A Bastion scanner (A) is not a standard tool for traffic inspection. Port scanners (B) check for open ports but do not inspect HTTP traffic content. Domain interceptors (D) are not a recognized testing tool in this context.

Reference Extract from Study Guide:

"HTTP interceptors allow for the inspection and manipulation of web traffic, helping to identify application vulnerabilities prior to deployment."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security Testing

=============================================

The correct answer is A — Unsecured wireless access points.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that unauthorized logins to a WLAN often indicate poorly secured wireless access points, such as those lacking strong encryption (e.g., WPA2/WPA3), not using strong passwords, or having open accesswithout authentication. This vulnerability can allow attackers to access internal systems and sensitive data.

Up-to-date anti-malware software (B), a strong password policy (C), and regular security training (D) are good security practices but do not directly explain unauthorized WLAN access.

Reference Extract from Study Guide:

"Unauthorized wireless access often results from unsecured wireless configurations, including weak encryption, open networks, or default credentials, posing significant risks to organizational assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security Concepts

=============================================

Proprietary softwareis a type of software that is owned by an individual or a company.

It is usually sold commercially and comes with acommercial software license.

This type of license typically restricts the ways in which the software can be used, modified, and distributed.

Users must agree to the terms of the license, which often include restrictions on copying, sharing, and modifying the software.

Example:Microsoft Windows and Adobe Photoshop are proprietary software products.

The correct answer is C — Intrusion prevention system.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that an Intrusion Prevention System (IPS) actively monitors network traffic and can block malicious activity in real-time. It can enforce rules like blocking an IP address after multiple failed SSH login attempts, stopping brute force attacks.

DLP (A) focuses on preventing sensitive data loss. A firewall (B) controls network traffic but generally does not automatically block based on login attempts unless highly customized. File integrity monitoring (D) watches file changes, not login attempts.

Reference Extract from Study Guide:

"An intrusion prevention system (IPS) monitors network traffic for malicious activities and can automatically block connections that meet predefined suspicious criteria."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Intrusion Detection and Prevention Systems

=============================================

The goal in this scenario is tosecure the application against malware and advanced persistent threats (APTs). According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course materials:

Firewall policiesare critical forcontrolling accessto applications and network resources.

By implementing astrict firewall policy, you limit access to only trusted and necessary sources, greatly reducing the attack surface available to malware or APT actors.

While antivirus software (Option C) can help detect malware,APT actors often use sophisticated methodsthat bypass traditional antivirus tools.

Encryption (Option A) protectsdata confidentialitybutdoes not preventmalware or APTs from attacking the application.

Strong password policies (Option B) helpwith account securitybutdo not directly addressmalware or APT threats.

Key extract from the WGU D488 Study Guide:

"A strict firewall policy is essential for preventing unauthorized access and mitigating advanced persistent threats. Limiting exposure through segmentation, access control lists, and traffic filtering protects critical assets from external and internal threats."

The correct answer is B — Access logs.

As outlined in the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, access logs record who accessed which system components, when they did so, and what changes they made. These logs are vital for creating an audit trail that can be reviewed to detect unauthorized changes to applications or systems.

NetFlow logs (A) track network traffic flows but not system or application changes. Packet capture logs (C) deal with network data but are not specialized for auditing application-level events. Router logs (D) capture network device activity, not application access information.

Reference Extract from Study Guide:

"Access logs maintain detailed records of user actions within systems and applications, providing the necessary audit trail for tracking authorized and unauthorized activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Log Management Concepts

=============================================

The correct answer is B — Log analysis.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) curriculum, log analysis is critical for retrospective threat hunting — reviewing system, network, and application logs to identify signs of compromise or unauthorized activities that might have gone unnoticed in real-time. This technique helps uncover attacks that have already occurred in hybrid or cloud environments.

Honeypots (A) are proactive traps to detect future attacks. Social engineering (C) involves manipulating people, not hunting threats. Penetration testing (D) is used to find vulnerabilities, not to review past incidents.

Reference Extract from Study Guide:

"Threat hunting through log analysis involves systematically reviewing collected logs to uncover evidence of past or ongoing compromises, enabling organizations to identify and respond to threats that may have bypassed preventive controls."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection and Hunting Concepts

Of course!

Here are the verified and properly formatted answers for your next set of questions, strictly following your instructions and the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official course materials:

=============================================

The correct answer is D — Federated authentication.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that federated authentication allows two or more organizations to share identity information securely withoutneeding to maintain separate user accounts for external users. It supports cross-organizational access based on trusted identity providers.

Cloud identity providers (A) offer centralized authentication but don't address federation directly. SSO (B) simplifies authentication within an organization. MFA (C) adds security but does not enable cross-organization authentication.

Reference Extract from Study Guide:

"Federated authentication enables organizations to share identity information and trust external credentials without the need to manage separate accounts for external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity Federation and Single Sign-On Concepts

=============================================

The correct answer is D — Measured boot.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that Measured Boot, often implemented with Trusted Platform Modules (TPMs), ensures that each component of theboot process is verified for integrity. It provides cryptographic evidence that the system's startup sequence has not been tampered with.

Two-factor authentication (A) secures user logins but does not verify boot integrity. IDS (B) monitors network or host behavior but does not protect the boot process. HSM (C) secures cryptographic operations, not the system boot.

Reference Extract from Study Guide:

"Measured Boot verifies the integrity of the boot process, providing assurance that the system has not been compromised during startup."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System Hardening and Trusted Computing

=============================================

The correct answer is C — Competitor.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), competitors often attempt to steal intellectual property to gain a business advantage. Given the theft of valuable business assets (e-books and videos), the most likely actor is a competitor motivated by financial or market advantage, not ideology or random hacking.

An APT (A) is usually nation-state-sponsored and targets critical infrastructure. A novice hacker (B) might deface or cause damage but is less likely focused on IP theft. Hacktivists (D) are politically motivated, not financially.

Reference Extract from Study Guide:

"Competitors may engage in cyber espionage to steal intellectual property and gain market advantage, representing a significant threat to business assets."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Actor Categories

The correct answer is A — Mandatory access control (MAC).

Per WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, MAC is a strict access control model where access to resources is based on information labels (such as classified, secret, top secret) and user clearances. Only administrators define and control the policy rules, and users cannot alter access settings, making it ideal for environments where classification labels determine access rights, such as government systems.

ABAC (B) focuses on attributes but is more dynamic rather than based purely on rigid classifications. DAC (C) gives data owners control over access permissions, unsuitable for classified government environments. RBAC (D) assigns permissions based on roles, but not necessarily aligned with security labels.

Reference Extract from Study Guide:

"Mandatory access control (MAC) enforces access policies based on fixed labels and security classifications, making it the preferred model for high-security environments like government agencies handling classified data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is C — Implementation of role-based access controls and encryption of all sensitive data.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the combination of role-based access control (RBAC) and encryption protects sensitive health data by ensuring only authorized users can access necessary information, while encryption ensures the data remains secure both at rest and in transit.

Disabling USB ports (A) prevents data exfiltration but does not fulfill broad privacy requirements. Encrypting network traffic (B) protects in-transit data only. Firewalls (D) protect against unauthorized access but do not manage user roles or internal data privacy.

Reference Extract from Study Guide:

"Protecting sensitive health data requires a combination of access control models such as RBAC and encryption, ensuring both authorization and confidentiality."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Privacy and Data Protection Strategies

The second generation of computers (1956-1963) saw the introduction of transistors, which replaced vacuum tubes used in the first generation. Transistors allowed computers to be smaller, faster, more reliable, and more energy-efficient compared to their predecessors.

Organizational culture can support ethical guidelines by establishing clear protocols and policies that promote the security and privacy of data. This includes:

Data protection policies: Guidelines on how data should be handled, stored, and protected.

Ethical behavior: Encouraging employees to adhere to ethical standards and practices.

Training and awareness: Regular training sessions to educate employees on security best practices and ethical behavior.

Incident response: Protocols for responding to data breaches and other security incidents.

A strong organizational culture that prioritizes data security and privacy helps ensure that ethical guidelines are consistently followed.

References

Michael E. Whitman and Herbert J. Mattord, "Principles of Information Security," Cengage Learning.

Rebecca Herold, "Managing an Information Security and Privacy Awareness and Training Program," CRC Press.

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

Scope creep refers to the phenomenon where the scope of a project gradually increases over time due to small, incremental changes that were not initially planned or approved. This can happen when:

New featuresor requirements are added without proper evaluation or approval.

Stakeholderscontinuously request small changes or additions.

Lack of a clear scope definitionand change control process.

These small changes can accumulate, leading to significant deviations from the original project plan, affecting the project's schedule, budget, and overall success.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

Short-term storage of data on a motherboard is managed by Random Access Memory (RAM).

RAM is volatile memory, meaning it temporarily stores data that is actively being used or processed by the CPU.

The other options:

The hard drive is used for long-term storage.

BIOS (Basic Input/Output System) is firmware for hardware initialization.

Read Only Memory (ROM) is used for permanent data storage that doesn't change.

Thus, RAM is the correct answer for short-term data storage.

The correct answer is D — Removing all end-of-life devices from the network.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), end-of-life systems pose significant risks because they no longer receive patches or updates. The besthardening technique in this situation is to decommission and remove these devices, eliminating their vulnerabilities altogether.

Access control (A), vulnerability scanning (B), and IDPS (C) are helpful practices but do not eliminate vulnerabilities of unsupported devices.

Reference Extract from Study Guide:

"Removing end-of-life or unsupported assets is essential for maintaining a secure infrastructure, as these devices are highly vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System and Device Hardening

=============================================

The System Development Life Cycle (SDLC) is a process used for planning, creating, testing, and deploying an information system. It involves several stages, including requirements gathering, system design, implementation, testing, deployment, and maintenance. The SDLC ensures that the system meets the needs of users and is developed in a structuredand efficient manner.

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

The correct answer is D — Establish a baseline for normal activity.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.

Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.

Reference Extract from Study Guide:

"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

=============================================

The correct answer is C — Impact.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, when evaluating the severity of an incident, the immediate and potential impact on operations, patient care, finances, or reputation is the most critical factor. In this scenario, the interruption to patientcare due to encrypted records signifies a major operational impact, making it the most important consideration.

Threat actors (A) identify who is behind the attack, not the severity. Risk (B) encompasses impact and likelihood but is broader. Likelihood (D) concerns the probability of an event happening, not its current severity.

Reference Extract from Study Guide:

"Impact refers to the actual or potential harm that results from a security incident, including effects on operations, financial loss, or harm to individuals."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Incident Response and Management

=============================================

Anoperating system (OS)is a system software that manages computer hardware and software resources and provides common services for computer programs.

It serves as an intermediary between users and the computer hardware.

Key functionsof an OS include:

Managinghardware resourceslike the CPU, memory, and I/O devices.

Providing auser interface(UI) for interaction with the system.

File managementand handling file operations.

Process managementand multitasking.

Securityand access control.

Examples include Windows, Linux, and macOS.

Machine-level languages, also known as assembly languages, are low-level programming languages that are closely related to machine code.

Definition: Machine-level languages consist of instructions that are directly executed by a computer's CPU.

Assemblers: An assembler is a tool that translates assembly language code into machine code.

Characteristics: Assembly languages are specific to a computer architecture and provide a way to write programs that can be executed by the hardware directly.

References

"Structured Computer Organization" by Andrew S. Tanenbaum

"Computer Systems: A Programmer's Perspective" by Randal E. Bryant and David R. O'Hallaron

The correct answer is D — By providing over-the-air updates.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that over-the-air(OTA) updates allow organizations to remotely deploy patches and updates to mobile devices without requiring users to manually visit a central location. This method is essential for maintaining security for a geographically dispersed workforce.

Remote module updates (A), tokenized container updates (B), and mobile station updates (C) are not standard or widely recognized terms for mobile device update practices in this context.

Reference Extract from Study Guide:

"Over-the-air (OTA) updates ensure that security patches and software updates can be remotely deployed to mobile devices, supporting business continuity and device security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Management and Security

=============================================

The correct answer is D — Block ciphers.

Per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, block ciphers encrypt fixed-size blocks of data at a time, providing strong security suitable for data at rest, such as databases. Though they may be less performance-efficient compared to stream ciphers, their strength makes them ideal for securing stored sensitive information.

Stream ciphers (A) are optimized for real-time encryption, not stored data. Asymmetric encryption (B) is slower and more suited for key exchange rather than large data encryption. Hash functions (C) provide integrity verification, not encryption.

Reference Extract from Study Guide:

"Block ciphers encrypt fixed-length blocks of data, providing robust security ideal for protecting data at rest, such as sensitive database information."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

=============================================

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================

Parallel conversion is a system deployment method where the new system is implemented and runs alongside the old system for a period of time. This method allows for:

Comparison of outputs: Ensuring that the new system produces the same or better results as the old system.

Risk reduction: If there are issues with the new system, the old system can still be used without interrupting business operations.

User adaptation: Users can get accustomed to the new system while still having access to the familiar old system.

Parallel conversion is often used to minimize the risk associated with deploying a new system.

References

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

The correct answer is A — Electronic codebook (ECB).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), ECB mode is the simplest and most basic mode of operation for block ciphers. It encrypts each block of plaintext independently with the same key, but identical plaintext blocks produce identical ciphertext blocks, providing no additional confidentiality beyond the block cipher itself and making patterns visible.

CBC (B), CTR (C), and OFB (D) are more secure and avoid patterns.

Reference Extract from Study Guide:

"Electronic Codebook (ECB) mode encrypts each block independently and is simple but reveals patterns when identical plaintext blocks occur, thus offering minimal confidentiality beyond the underlying cipher."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Block Cipher Modes of Operation

=============================================

Intranet Application Software:

Intranet applications are designed to be used within an organization’s internal network. They are not accessible from outside the organization unless through a secure connection like a VPN.

Characteristics:

Internal Hosting: These applications are hosted on servers within the business network, ensuring that only authorized internal users can access them.

Security: Since they are hosted internally, they can be secured with internal security measures like firewalls and access controls.

Incorrect Options:

A: Describes applications hosted by external providers.

C: Describes applications hosted by third-party web portals.

D: Describes standalone applications on individual computers.

To determine an order total, the item unit price is essential because it represents the cost per unit of the item. By multiplying the unit price by the quantity ordered, you can calculate the total cost for each item in the order, and then sum these totals to get the overall order total.

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

In a star network topology, each network device is connected to a central device like a hub or a switch.

This central device acts as a repeater for data flow.

The other options:

Bus topology uses a single central cable.

Mesh topology involves each device being connected to every other device.

Ring topology connects devices in a circular fashion.

Therefore, the star topology correctly describes a network where devices connect to a central hub or switch.

ADatabase Administrator (DBA)is responsible for managing the database infrastructure.

Primary responsibilitiesinclude:

Installing and configuringnew databases and database servers.

Ensuring databases run efficiently and are properly maintained.

Performingbackup and recoveryoperations to prevent data loss.

Monitoring performanceand tuning databases for optimal performance.

Implementingsecurity measuresto protect the database against unauthorized access.

The correct answer is C — Obfuscating error messages on the site or within the uniform resource locator (URL).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that minimizing the information revealed through error messages and URLs prevents attackers from gathering reconnaissance information that could be used to exploit vulnerabilities.

HTTPS (A and B) protects data in transit but does not conceal server details. PCI-DSS certification (D) improves overall security but is not focused specifically on information disclosure during a redesign.

Reference Extract from Study Guide:

"Obfuscating detailed error messages and removing revealing information in URLs help prevent attackers from gaining reconnaissance data that could be used in targeted attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security

=============================================

Information Technology (IT) has revolutionized the way businesses operate, enabling them to reach global markets and audiences. IT facilitates communication, data exchange, and operational efficiency across borders, allowing companies to manage global operations and engage with international customers seamlessly. This global reach is a critical aspect of modern business strategies, driven by advancements in IT infrastructure and services.

The correct order of project phases according to the Project Management Institute (PMI) and other standard project management methodologies is:

Initiation: This phase involves defining the project at a high level and getting approval to start.

Planning: In this phase, detailed planning is done to set the project's scope, objectives, and procedures.

Executing: This phase is where the project plan is put into action and the project deliverables are created.

Monitoring and Controlling: This phase involves tracking, reviewing, and regulating the project’s progress and performance, ensuring that everything aligns with the project plan.

Closing: This is the final phase, where the project is formally closed, and final deliverables are handed over.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

The correct answer is C — Common Vulnerabilities and Exposures (CVE).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) highlights that the CVE database provides information about publicly disclosed cybersecurity vulnerabilities in software, including open-source libraries. By consulting the CVE list, the security team can assess whether the open-source libraries have known vulnerabilities before approving their use.

Agile (A) and Waterfall (B) are software development methodologies, not vulnerability databases. Continuous delivery (D) refers to automated software deployment and not vulnerability assessment.

Reference Extract from Study Guide:

"The Common Vulnerabilities and Exposures (CVE) database provides standardized information on publicly known cybersecurity vulnerabilities, enabling risk assessment of software components."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management Concepts

=============================================

Data is considered information when it has been processed and organized in a meaningful way. Raw data in its unprocessed state is not useful until it undergoes processing to become interpretable and actionable information. Processing can involve sorting, aggregating, and analyzing data to extract valuable insights.

The correct answer is B — Inherent risk.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines inherent risk as the level of risk that exists before any controls or mitigation strategies are implemented. When evaluating expansion into new regions, the corporation must first understand the baseline level of risk (political, regulatory, cyber threats, etc.) inherent to the new environment.

Impact (A) refers to consequences but doesn't capture the natural risk level. Threat of attack (C) and likelihood (D) are specific aspects, but inherent risk (B) provides a comprehensive starting point for evaluating all potential dangers.

Reference Extract from Study Guide:

"Inherent risk is the natural level of risk present in a business activity or environment before applying controls, critical for evaluating new ventures or expansions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Enterprise Risk Management

=============================================

The correct answer is C — Restrict access to the backups.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in protecting sensitive data such as cloud backups is enforcing access controls to limit who can access the data. Restricting access immediately mitigates the risk of unauthorized exposure or tampering.

Auditing access logs (A) provides insight but does not actively protect. Running vulnerability scans (B) identifies issues but does not protect immediately. Disabling repositories (D) is not practical for maintaining backup availability.

Reference Extract from Study Guide:

"Access control is the first line of defense for sensitive data repositories, ensuring that only authorized users can access backup data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Access Control

=============================================

The correct answer is A — Virtual network peering.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, virtual network peering enables direct communication between two or more virtual networks without the need for gateways, VPNs, or additional configurations. It allows seamless interconnectivity with minimal administrative overhead. Peered networks can communicate as if they were part of the same network, which meets the organization's request for the least administrative effort.

Other options like Virtual LANs (B) operate within the same network and don't span multiple virtual networks. Remote Desktop Protocol (C) is used for remote access, not network interconnection. Domain Name System (D) resolves names to IP addresses but does not establish communication pathways between networks.

Reference Extract from Study Guide:

"Virtual network peering provides a low-latency, high-bandwidth connection between virtual networks with minimal administrative setup. It is the recommended solution for direct communication across cloud-based virtual networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Architectures Module

=============================================

The correct answer is A — Risk appetite.

As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, risk appetite defines the amount and type of risk an organization is willing to accept in pursuit of its objectives. It is a strategic-level metric used by executive leadership and boards to determine if the current level of risk exceeds what the organization is comfortable handling.

Risk evaluation plans (B) outline how risks are assessed, treatment plans (C) describe mitigation actions, and risk tolerance (D) is more operational, defining acceptable variation from the appetite but not the overall strategic limit.

Reference Extract from Study Guide:

"Risk appetite represents the amount of risk an organization is willing to pursue or retain and is established by senior leadership as part of governance activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Concepts

=============================================

The correct answer is B — Elliptic Curve Diffie-Hellman (ECDH).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) material highlights that ECDH is an enhanced, more efficient form of the traditional Diffie-Hellman key exchange, using elliptic curve cryptography (ECC). It provides similar security with much smaller key sizes, improving performance and efficiency.

DH (A) is the traditional method but is less efficient. RSA (C) is primarily used for encryption and digital signatures. DSA (D) is used for digital signatures, not for key exchange.

Reference Extract from Study Guide:

"Elliptic Curve Diffie-Hellman (ECDH) enhances traditional key exchange by utilizing elliptic curve cryptography, offering higher security with smaller key sizes and improved efficiency."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Key Management