Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Questions and Answers

The correct answer is D — BIOS protection.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) recommends enabling BIOS protection features such as BIOS passwords, secure boot, and firmware write protection to prevent unauthorized changes to BIOS firmware. BIOS protection locks the firmware settings to prevent tampering.

BIOS monitoring (A) detects changes but does not prevent them. IDS (B) detects network attacks, not firmware changes. Backups (C) protect data but not BIOS integrity.

Reference Extract from Study Guide:

"BIOS protection involves securing firmware with authentication methods and write protections to prevent unauthorized modifications at the hardware level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Hardware and Firmware Security

=============================================

The correct answer is C — Integration testing.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), integration testing verifies that different modules or components of an application work together as intended.This type of testing is essential after deployment to ensure the overall system functions correctly across all tiers (e.g., web, application, and database layers).

Static code analysis (A) examines source code without execution. Dynamic code analysis (B) tests running code for vulnerabilities but not necessarily component interaction. Package scanning (D) reviews third-party libraries for vulnerabilities but does not test integration.

Reference Extract from Study Guide:

"Integration testing verifies that multiple components of an application function correctly when combined, ensuring end-to-end system reliability post-deployment."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Software Development and Testing

The correct answer is D — Secure Shell (SSH).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials state that SSH provides strong encryption and authentication for remote access over unsecured networks. SSH ensures that sessions are confidential and that only authorized users can access remote systems.

HTTP (A) and FTP (B) transmit data in plaintext and do not provide encryption. Telnet (C) also transmits data in plaintext and is insecure for remote access.

Reference Extract from Study Guide:

"Secure Shell (SSH) is used for secure remote management, offering encrypted communications and authentication mechanisms to protect against unauthorized access and eavesdropping."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Communications

=============================================

The correct answer is D — Packet capture.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, packet captures (PCAP files) allow analysts to inspect individual network packets to understand traffic patterns, detect anomalies, and investigate attacks like DDoS. A packet capture provides complete network session data, enabling in-depth analysis of traffic behavior at the packet level.

Web server access logs (A) only capture web activity. Syslog messages (B) primarily record system events but not raw traffic data. Operating system event logs (C) focus on system-level actions, not network flows.

Reference Extract from Study Guide:

"Packet captures record the full network traffic and are essential for investigating network-based attacks such as DDoS incidents by analyzing traffic flows, protocols, and payloads."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Monitoring Concepts

=============================================

Processing is the operation that converts raw data into meaningful information. Input data is collected and then processed through various means such as calculations, comparisons, or formatting to produce output that can be interpreted and used by humans or other systems.

The correct answer is B — Advanced Encryption Standard (AES).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient for encrypting stored or transmitted healthcare data.

WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an asymmetric encryption method typically used for key exchanges, not bulk data encryption.

Reference Extract from Study Guide:

"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing strong protection for confidentiality and integrity in HIPAA-regulated environments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory Compliance

=============================================

The correct answer is B — Wireless intrusion prevention system (WIPS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a WIPS actively monitors wireless networks for unauthorized access points and malicious activity, such as man-in-the-middle (MITM) attacks. It can automatically detect, alert, and prevent wireless threats in real time, which is exactly what the organization requires to counteract MITM attacks on the wireless network.

A SIEM (A) collects logs and generates alerts but does not prevent wireless attacks. An inline encryptor (C) encrypts data but does not prevent wireless attacks. A Layer 3 switch (D) operates at the network layer and does not prevent wireless-specific threats.

Reference Extract from Study Guide:

"A wireless intrusion prevention system (WIPS) detects and prevents unauthorized access points and malicious wireless activity, including man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security and Threat Prevention

=============================================

The correct answer is C — Implementation of role-based access controls and encryption of all sensitive data.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the combination of role-based access control (RBAC) and encryption protects sensitive health data by ensuring only authorized users can access necessary information, while encryption ensures the data remains secure both at rest and in transit.

Disabling USB ports (A) prevents data exfiltration but does not fulfill broad privacy requirements. Encrypting network traffic (B) protects in-transit data only. Firewalls (D) protect against unauthorized access but do not manage user roles or internal data privacy.

Reference Extract from Study Guide:

"Protecting sensitive health data requires a combination of access control models such as RBAC and encryption, ensuring both authorization and confidentiality."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Privacy and Data Protection Strategies

Operating Systems:

Operating systems are software that manage computer hardware and software resources, providing common services for computer programs.

Commonly Used Operating Systems:

Mac OS: Developed by Apple Inc., used on Apple computers.

Linux: An open-source operating system used on a wide variety of devices from servers to personal computers.

Microsoft Windows: Developed by Microsoft, it is one of the most widely used operating systems for personal and business computers.

Not Operating Systems:

Microsoft Outlook: An email client, part of the Microsoft Office suite.

MySQL: A relational database management system.

Mozilla Firefox: A web browser.

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The correct answer is C — Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) clearly states that encryption protects the confidentiality of transmitted information. In the case of SNMP (especially older versions like SNMPv1 and SNMPv2), communications are unencrypted, making encryption critical to protecting network management information from unauthorized disclosure.

Access controls (A) restrict who can access systems but do not encrypt data. Network segmentation (B) separates systems but does not encrypt traffic. Security monitoring (D) detects threats but does not protect data confidentiality.

Reference Extract from Study Guide:

"Encryption safeguards sensitive data transmitted over the network, ensuring confidentiality in compliance with privacy regulations such as HIPAA."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Data Protection

The correct answer is D — Identify.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in risk management is identifying potential risks. Only once risks are identified can they be assessed, controlled, and reviewed. In this case, identifying potential data breaches, outages, and cost issues is the starting point.

Assess (A) happens after identification. Control (B) involves implementing responses. Review (C) happens later to check effectiveness.

Reference Extract from Study Guide:

"The first phase of risk management is risk identification, where potential threats and vulnerabilities are recognized and documented."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

An algorithm is a defined set of step-by-step procedures or a set of rules to be followed to perform a specific task or solve a problem. Here are the characteristics that describe an algorithm:

Unambiguous rules: Each step of an algorithm must be clearly defined and unambiguous. There should be no confusion in interpreting the instructions.

Definiteness: The algorithm should have a clear starting and stopping point, leading to a precise output after a finite number of steps.

Finiteness: Algorithms must terminate after a finite number of steps. They cannot run indefinitely.

Input and Output: An algorithm should take zero or more inputs and produce at least one output.

Therefore, the correct answer is "Unambiguous rules," as it directly reflects the essential characteristic of an algorithm being precise and clear in its steps.

References

Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, "Introduction to Algorithms," MIT Press.

Donald E. Knuth, "The Art of Computer Programming," Addison-Wesley.

The correct answer is B — Implementing security patches and updates on a regular basis and using hybrid cloud topology.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that timely application of security patches is critical to addressing vulnerabilities like outdated software. A hybrid cloud topology offers the flexibility and scalability needed by financial institutions while keeping sensitive data protected in more controlled environments.

Strong password policies (A) help, but public cloud alone may not be best for sensitive banking systems. Antivirus (C) addresses only part of the threat. Private cloud (D) improves security but may not offer the scalability benefits of a hybrid approach.

Reference Extract from Study Guide:

"Timely application of security patches mitigates vulnerabilities, and hybrid cloud models balance the need for scalability and sensitive data protection in financial institutions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Mitigation Strategies and Cloud Topologies

=============================================

A system administrator is responsible for managing, installing, and maintaining an organization's computer systems and networks. This role involves configuring new hardware, setting up user accounts, troubleshooting system and network issues, and ensuring the systems run efficiently.

The correct answer is B — Asymmetric encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), asymmetric encryption uses a pair of public and private keys, allowing the sender to encrypt the documents with the recipient’s public key, ensuring that only the recipient’s private key can decrypt them. This guarantees confidentiality even over an unsecured network.

Stream ciphers (A) and block ciphers (C) are types of symmetric encryption, requiring a shared secret key. Hash functions (D) provide integrity, not confidentiality.

Reference Extract from Study Guide:

"Asymmetric encryption enables secure data exchange by allowing encryption with a public key and decryption only with a corresponding private key, ensuring confidentiality over unsecured networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Methods and Key Management

=============================================

The correct order of project phases according to the Project Management Institute (PMI) and other standard project management methodologies is:

Initiation: This phase involves defining the project at a high level and getting approval to start.

Planning: In this phase, detailed planning is done to set the project's scope, objectives, and procedures.

Executing: This phase is where the project plan is put into action and the project deliverables are created.

Monitoring and Controlling: This phase involves tracking, reviewing, and regulating the project’s progress and performance, ensuring that everything aligns with the project plan.

Closing: This is the final phase, where the project is formally closed, and final deliverables are handed over.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

A system requirement that involves preventing unauthorized access to data is aSecurityrequirement. Security requirements ensure that the system:

Protects data integrity: Ensuring data is accurate and unchanged by unauthorized users.

Maintains confidentiality: Preventing unauthorized access to sensitive information.

Ensures availability: Making sure that data and resources are available to authorized users when needed.

Security requirements are critical for safeguarding the system against threats and vulnerabilities.

References

Dieter Gollmann, "Computer Security," Wiley.

Ross Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems," Wiley.

The correct answer is C — Least privilege.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course material, the principle of least privilege ensures that users are granted only the minimum level of access required to perform their job functions. In this case, if the insider only had access to resources necessary for their user role, they would not have been able to access sensitive administrative information.

Password complexity (A) strengthens account security but does not prevent excessive access. Separation of duties (B) divides critical tasks but is not solely about limiting access. Job rotation (D) moves employees between roles but is not an access control measure.

Reference Extract from Study Guide:

"The principle of least privilege requires limiting user access rights to the minimum necessary to perform their tasks, reducing the risk of insider threats and unauthorized access to sensitive information."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Principles

=============================================

The operating system (OS) is the primary software that manages all the hardware and other software on a computer. It acts as an intermediary between users and the computer hardware. The OS handles basic tasks such as controlling and allocating memory, prioritizing system requests, controlling input and output devices, facilitating networking, and managing files. Examples include Windows, macOS, and Linux.

In a star network topology, each network device is connected to a central device like a hub or a switch.

This central device acts as a repeater for data flow.

The other options:

Bus topology uses a single central cable.

Mesh topology involves each device being connected to every other device.

Ring topology connects devices in a circular fashion.

Therefore, the star topology correctly describes a network where devices connect to a central hub or switch.

The correct answer is B — Secure Hash Algorithm 256 (SHA-256).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) outlines that SHA-256 is a cryptographic hash function used to verify data integrity. It generates a fixed-size hash value based on input data, and any alteration to the data results in a different hash, signaling tampering.

DES (A) and AES (C) are encryption algorithms for confidentiality. RSA (D) is used for encryption and digital signatures, not solely for ensuring integrity via hashing.

Reference Extract from Study Guide:

"SHA-256 is a widely adopted cryptographic hash function used to verify the integrity of digital data and detect unauthorized modifications."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Hash Functions and Data Integrity

=============================================

The correct answer is D — Federated authentication.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that federated authentication allows two or more organizations to share identity information securely withoutneeding to maintain separate user accounts for external users. It supports cross-organizational access based on trusted identity providers.

Cloud identity providers (A) offer centralized authentication but don't address federation directly. SSO (B) simplifies authentication within an organization. MFA (C) adds security but does not enable cross-organization authentication.

Reference Extract from Study Guide:

"Federated authentication enables organizations to share identity information and trust external credentials without the need to manage separate accounts for external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity Federation and Single Sign-On Concepts

=============================================

The correct answer is A — User and entity behavior analytics (UEBA).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that UEBA tools analyze patterns of user and entity behavior to detect anomalies that could indicate insider threats, compromised accounts, or advanced persistent threats (APTs). UEBA focuses on deviations from normal activity patterns to identify risks that traditional signature-based systems might miss.

HSMs (B) protect cryptographic keys but do not monitor behavior. Antivirus tools (C) detect known malware but do not perform behavioral analytics. Two-factor authentication (D) secures access but does not detect unusual behavior patterns.

Reference Extract from Study Guide:

"User and entity behavior analytics (UEBA) identifies potential security threats by analyzing deviations from typical user and system activity patterns."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection Technologies

The correct answer is C — Constantly scan for known signatures on every machine.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), scanning for known malware signatures is an essential method for detecting infections such as botnets. Signature-based detection compares files and behaviors against databases of known indicators of compromise (IOCs).

Two-factor authentication (A) protects login processes but does not detect malware. Firewall rules (B) help control access but do not detect infections. Configuration management (D) ensures system setup integrity but does not detect botnets.

Reference Extract from Study Guide:

"Signature-based scanning detects malware and botnets by comparing system files and behaviors against databases of known threats and indicators of compromise (IOCs)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Malware Detection and Threat Response

The correct answer is C — Data loss prevention (DLP).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), DLP technologies monitor and control the transfer of sensitive information outside of the corporate network, preventing unauthorized data exfiltration whether by internal misuse or external threats.

MFA (A) strengthens authentication but does not monitor data transfer. IDS (B) detects intrusions but does not prevent data loss. IPS (D) blocks network attacks but is not specifically designed for preventing exfiltration of sensitive data.

Reference Extract from Study Guide:

"Data loss prevention (DLP) solutions protect sensitive data by monitoring, detecting, and blocking potential data exfiltration attempts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Protection Technologies

=============================================

The correct answer is C — Reverse proxy.

As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, a reverse proxy server acts on behalf of web servers by caching static content (such as images, scripts, and HTML files), significantly reducing server load. It also provides an additional layer of protection by hiding the backend servers from direct exposure to clients and enabling centralized application of security policies such as SSL termination and Web Application Firewall (WAF) integration.

Firewall rule changes (A) manage access control but do not handle caching or reduce load. An IDS (B) monitors for intrusions but doesn’t offload traffic or cache content. NAT (D) translates IP addresses but doesn't cache content or add a protection layer.

Reference Extract from Study Guide:

"A reverse proxy server provides caching capabilities for static content and acts as a protective intermediary between client requests and backend servers, thus reducing server load and enhancing security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Network Design Concepts

=============================================

The goal of an IT department that directly supports business goals is to develop technological solutions that enable and enhance the company's business operations. Developing an online shopping cart for company products directly supports the business goal of facilitating online sales. This involves:

E-commerce functionality: Enabling customers to browse, select, and purchase products online.

User experience: Creating a seamless and user-friendly shopping experience to drive sales.

Integration: Ensuring the shopping cart integrates with backend systems like inventory and order management.

This development aligns with business goals by enabling revenue generation through online sales.

References

Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.

Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.

Computer networks provide several benefits for businesses, including:

Lower IT operations costs: Networking allows businesses to share resources, such as printers and storage, reducing the need for individual equipment for each user and lowering overall IT costs.

Increased business efficiency: Networks enable faster communication and data sharing between employees, departments, and locations, leading to more efficient business operations and improved collaboration.

TheCentral Processing Unit (CPU)is the primary component of a computer that performs most of the processing inside a computer.

Carrying out the instructions of a computer program: The CPU executes program instructions, which are the basic tasks that tell the computer what to do.

Containing an arithmetic logic unit (ALU): The ALU performs all arithmetic and logic operations, such as addition, subtraction, and comparison.

The CPU also manages data flow between the computer's other components.

It fetches instructions from memory, decodes them, and then executes them, which involves performing calculations and making decisions.

The correct answer is C — ChaCha.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, ChaCha is a stream cipher developed as a variant of Salsa20. It offers enhanced security, improved performance, and resistance to cryptographic attacks. It is often combined with Poly1305 forauthenticated encryption, commonly used in modern secure communications.

CTR (A) and CBC (B) are block cipher modes, not stream ciphers. ECB (D) is a block cipher mode and is insecure due to its lack of diffusion properties.

Reference Extract from Study Guide:

"ChaCha is a modern stream cipher, evolved from Salsa20, designed for speed and security, and often used alongside Poly1305 for authenticated encryption."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

=============================================

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

Intranet Application Software:

Intranet applications are designed to be used within an organization’s internal network. They are not accessible from outside the organization unless through a secure connection like a VPN.

Characteristics:

Internal Hosting: These applications are hosted on servers within the business network, ensuring that only authorized internal users can access them.

Security: Since they are hosted internally, they can be secured with internal security measures like firewalls and access controls.

Incorrect Options:

A: Describes applications hosted by external providers.

C: Describes applications hosted by third-party web portals.

D: Describes standalone applications on individual computers.

The correct answer is D — Open Authorization (OAuth).

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, OAuth is the standard protocol used for authorizing access to third-party applications without revealing user credentials. It allows users to log in using social identity providers like Google, Facebook, or LinkedIn, which is perfect for external customers and contractors accessing a mobile application. OAuth is designed for modern applications requiring delegated access.

SAML (A) is generally used for enterprise single sign-on (SSO) solutions, primarily for internal enterprise authentication, not social login. Kerberos (B) is used within controlled internalnetwork environments for authentication. LDAP (C) is a directory access protocol, not an authorization protocol for third-party sign-in.

Reference Extract from Study Guide:

"OAuth enables users to grant a third-party application limited access to their resources withoutexposing their credentials, making it ideal for mobile and web applications involving external users."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Authorization Concepts

=============================================

The correct answer is A — By looking for extra and unexpected symbols and characters in certain queries.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), SQL injection attacks often include malicious SQL code in input fields, with unusual symbols such as semicolons, apostrophes, or comments (', --, ;). Analysts detect these attacks by monitoring for unexpected or abnormal input patterns in database queries.

Changes to primary keys (B) and repeated login failures (C) are unrelated to SQLi detection. Administrative commands (D) relate more to privilege escalation.

Reference Extract from Study Guide:

"SQL injection attacks typically involve abnormal input that includes special SQL characters or commands; monitoring for such anomalies can reveal attempted injections."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application and Database Security Threats

=============================================

ADatabase Administrator (DBA)is responsible for managing the database infrastructure.

Primary responsibilitiesinclude:

Installing and configuringnew databases and database servers.

Ensuring databases run efficiently and are properly maintained.

Performingbackup and recoveryoperations to prevent data loss.

Monitoring performanceand tuning databases for optimal performance.

Implementingsecurity measuresto protect the database against unauthorized access.

Desktops typically have more memory (RAM) and internal storage (hard drives or SSDs) compared to handheld computers. This allows desktops to handle more intensive computingtasks and store larger amounts of data. Handheld devices, on the other hand, prioritize portability and battery life over high storage and memory capacity.

The correct answer is C — Host-based firewall.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, a host-based firewall enforces traffic control policies at the endpoint level. It can allow or deny traffic based on application, port, IP address, and protocol rules, restricting access to only approved services and applications on a system.

Antivirus tools (A) detect malware but do not control network traffic. Two-factor authentication (B) secures user access but does not manage network traffic. HSMs (D) handle encryption keys, not network access control.

Reference Extract from Study Guide:

"Host-based firewalls restrict traffic at the system level, permitting only authorized services and applications, enhancing endpoint security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Protection and Firewalls

=============================================

The correct answer is C — Role-based access control (RBAC).

WGU KFO1 / D488 course material emphasizes that RBAC allows administrators to assign permissions based on roles rather than individual users. This method provides granular control and flexibility, allowing the organization to efficiently manage access rights across multiple cloud services while maintaining a strong security posture.

OAuth (A) and SAML (B) are protocols for authentication and authorization, not detailed access control models. Kerberos (D) is used for secure authentication within a network but does not provide the granular delegation capabilities needed for cloud service administration.

Reference Extract from Study Guide:

"Role-based access control (RBAC) provides a scalable and manageable model to assign permissions to users based on their organizational roles, ensuring flexibility and maintaining secure delegation of administrative tasks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is B — Internet Protocol Security (IPsec).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), IPsec provides secure communication over IP networks by encrypting and authenticating IP packets. It is widely used for site-to-site VPNs and ensures confidentiality, integrity, and authentication between different cloud environments like Azure and AWS.

TCP (A) is a transport layer protocol ensuring reliable delivery but not encryption. FTP (C) is used for file transfer and is insecure unless secured with extensions. SSH (D) secures remote terminal sessions but is not primarily used for network-wide secure communication.

Reference Extract from Study Guide:

"IPsec provides a secure method of communication across IP networks, ensuring data confidentiality, integrity, and authentication for VPN connections and hybrid cloud communications."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols for Hybrid Environments

=============================================

The correct answer is B — Redundant backups, a communication plan, and a designated off-site location for data storage and recovery.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that for effective business continuity and disaster recovery, companies must maintain redundant backups, establish a communication strategy for emergencies, and store critical backups in off-site or cloud locations to recover operations quickly.

While evacuation plans (A) and insurance policies (C) are important, they are not the core technical components for IT disaster recovery. Routine maintenance and remote work (D) are helpful but secondary.

Reference Extract from Study Guide:

"Redundant backups, off-site data storage, and an effective communication plan are key components of business continuity and disaster recovery strategies."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

Business continuity planning (BCP) is essential because it ensures that an organization can quickly resume its critical functions after a disruption. The key aspects include:

Minimizing downtime: Strategies to restore business operations as quickly as possible.

Risk management: Identifying potential threats and creating plans to mitigate their impact.

Data recovery: Ensuring that data can be restored quickly in the event of a loss.

Communication plans: Establishing protocols for communicating with employees, customers, and stakeholders during and after a disruption.

The primary goal of BCP is to ensure the quickest return to business operations, maintaining service levels and minimizing financial losses.

References

Andrew Hiles, "The Definitive Handbook of Business Continuity Management," Wiley.

Michael Wallace and Lawrence Webber, "The Disaster Recovery Handbook," AMACOM.

The development of scope creep is often signaled by the addition of many unplanned features to the original project. This indicates that the project scope is expanding beyond its initial boundaries. Key indicators include:

Uncontrolled changesto the project scope.

Continuous new requestsfrom stakeholders that were not part of the original requirements.

Increased project complexityand difficulty in managing the project timeline and resources.

Scope creep can lead to delays, budget overruns, and project failure if not managed properly.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

Application Software:

Application software refers to programs that help end users perform specific tasks. Examples include email clients, word processors, and spreadsheet programs.

These are designed to be used by people to perform tasks such as writing documents, managing data, or communicating.

Operating Systems:

Operating systems (OS) manage the hardware and software resources of a computer system. They provide a platform for application software to run.

Examples include Microsoft Windows, macOS, and Linux. The OS handles system-level tasks like memory management, process scheduling, and hardware interaction.

Key Differences:

Application software (B, C) is user-oriented, aimed at helping users complete tasks.

Operating systems (A, D) manage the computer's hardware and system resources.

The correct answer is A — Virtual private network (VPN).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a VPN creates an encrypted tunnel over public or private networks, ensuring confidentiality, integrity, and authentication of data transmitted between geographically dispersed offices.

SIEM (B) manages security events, not secure communications. PPTP (C) is an outdated and insecure VPN protocol. NAC (D) enforces endpoint security but does not establish secure tunnels.

Reference Extract from Study Guide:

"A virtual private network (VPN) provides a secure, encrypted tunnel between geographically separated networks, enabling confidential communication over untrusted networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Remote Access Technologies

AnEnd User License Agreement (EULA)is a legal contract between the software manufacturer and the user.

The primary purpose of a EULA is togrant the user the right to use the software.

It outlines the terms and conditions under which the software can be used.

This can include restrictions on installation, distribution, and modification.

The EULA helps protect the intellectual property rights of the software creator.

Aproprietary software licensetypically grants a business or user theright to usethe software.

Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.

The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.

Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.

The correct answer is A — They act as an initial defense layer for potential threats.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), security edge devices such as firewalls, secure web gateways, and intrusion prevention systems (IPS) are placed at the network perimeter to serve as the first layer of defense against external threats.

DDoS protection (B) may be part of a broader security solution but is not the main role of general edge devices. SIEM modules (C) collect and correlate logs, not defend at the perimeter. TPM devices (D) are hardware-based cryptographic modules, not network edge defenses.

Reference Extract from Study Guide:

"Security edge devices provide the first line of defense against external threats by monitoring, filtering, and blocking malicious traffic entering the corporate network."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Perimeter Defense

The correct answer is B — Public key infrastructure (PKI).

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, PKI is the framework that enables the issuance and management of digital certificates used for device authentication. By using certificates, devices can securely authenticate themselves to access corporate resources without relying solely on passwords.

VPNs (A) secure network connections but do not authenticate devices themselves. Certificate signing (C) is a part of PKI but not the complete infrastructure. Endpoint passwords (D) authenticate users, not necessarily the devices.

Reference Extract from Study Guide:

"Public key infrastructure (PKI) enables the issuance of digital certificates used for authenticating users, systems, and devices, ensuring secure access control."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptography and PKI Concepts

=============================================

Professional associations are vital for IT professionals because they:

Provide up-to-date training: Offering courses, certifications, and workshops to keep members current with the latest technologies, practices, and industry standards.

Networking opportunities: Facilitating connections with other professionals in the field, which can lead to job opportunities and collaborations.

Professional development: Offering resources and support for career growth and development.

Industry standards and best practices: Providing guidelines and frameworks to ensure high-quality work and ethical practices.

Staying engaged with professional associations helps IT professionals remain knowledgeable and competent in their field.

References

CompTIA, "Advancing the Global IT Industry."

ISACA, "Building a Better Digital World."