WGU (KFO1/D488) Cybersecurity Architecture and Engineering Exam Practice Test Instant Access

Question 1

Which operation converts raw data into information?

AInput

BOutput

CStorage

DProcessing

Answer : D

Processing is the operation that converts raw data into meaningful information. Input data is collected and then processed through various means such as calculations, comparisons, or formatting to produce output that can be interpreted and used by humans or other systems.

Question 2

An organization wants to ensure that its website is free of certain vulnerabilities before the final handoff to the client. What testing method should the organization use to inspect traffic and detect potential issues?

AHTTP interceptor

BPort scanner

CBastion scanner

Answer : C

Abastion scanneris a tool or hardened system that inspects network traffic and identifies security vulnerabilities, particularly those visible from an external (internet-facing) viewpoint. It plays a key role inpost-development assessment.

OWASP Testing Guide v4.2:

'Use bastion hosts or hardened scanners to perform vulnerability assessments from an attacker's perspective.'

This option is preferable for final validation before system release, especially when looking for exposure from the public internet.

WGU Course Alignment:

Domain:System Security Engineering

Topic:Evaluate hardened systems and scanning tools during release validation

Question 3

A government agency needs to deploy a secure network connection between its offices in Chicago and New York.

What should be used to facilitate this connection?

AVirtual private network (VPN)

BSecurity information and event management (SIEM)

CPoint-to-Point Tunneling Protocol (PPTP)

DNetwork access control (NAC)

Answer : A

The correct answer is A --- Virtual private network (VPN).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a VPN creates an encrypted tunnel over public or private networks, ensuring confidentiality, integrity, and authentication of data transmitted between geographically dispersed offices.

SIEM (B) manages security events, not secure communications. PPTP (C) is an outdated and insecure VPN protocol. NAC (D) enforces endpoint security but does not establish secure tunnels.

Reference Extract from Study Guide:

'A virtual private network (VPN) provides a secure, encrypted tunnel between geographically separated networks, enabling confidential communication over untrusted networks.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Remote Access Technologies

Question 4

Which risk management strategy will help defeat piracy efforts on a new patient management system?

AConfiguration of the patient management system to disable all external device connections on all workstations

BIncorporation of end-to-end encryption for all patient data

CImplementation of regular virus scanning for all workstations

DImplementation of licensing technologies in order to restrict unauthorized access to the system

Answer : D

The correct answer is D --- Implementation of licensing technologies in order to restrict unauthorized access to the system.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), using licensing technologies helps prevent software piracy by ensuring that only authorized users with valid licenses can access and operate the system. License management solutions validate user access and reduce unauthorized duplication or usage of proprietary software.

Disabling external devices (A) protects against physical data theft but not piracy. Encrypting patient data (B) protects confidentiality but not against software piracy. Virus scanning (C) detects malware, not unauthorized software copying.

Reference Extract from Study Guide:

'Licensing technologies enforce legal software use and prevent unauthorized access, helping organizations protect intellectual property and defeat piracy efforts.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Software and Intellectual Property Protection

=============================================

Question 5

Which statement best describes the purpose of a business intelligence (Bl) system?

AA Bl system allows access to raw data.

BA Bl system uses only proprietary data to maximize quality.

CA Bl system integrates all departments in an organization.

DA Bl system helps the strategic decision-making process.

Answer : D

A Business Intelligence (BI) system is designed to analyze and present data in a way that supports decision-making processes. It helps organizations make informed, strategic decisions by providing insights through data analysis, visualization, and reporting. BI systems aggregate data from various sources, enabling a comprehensive view of the business that informs planning and strategy.

Question 6

An IT organization has recently implemented a hybrid cloud deployment. The server team is deploying a new set of domain-joined Windows servers on cloud-based virtual machines. Users must be able to use their Active Directory credentials to sign in to applications regardless of whether they are running on Windows servers in the cloud or on-premises.

Which solution should be implemented to meet the requirements?

ATwo-step verification

BChallenge-Handshake Authentication Protocol (CHAP)

CPrivileged identity management

DIdentity federation

Answer : D

The correct answer is D --- Identity federation.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) details that identity federation enables users to authenticate using the same credentials across multiple systems and platforms, including hybrid cloud and on-premises environments. Federation facilitates Single Sign-On (SSO) and seamless authentication.

Two-step verification (A) improves authentication strength but does not federate identities. CHAP (B) is an old protocol for PPP connections. Privileged identity management (C) manages high-privilege accounts, not general user access across domains.

Reference Extract from Study Guide:

'Identity federation allows for seamless authentication across on-premises and cloud environments by trusting external identity providers, supporting Single Sign-On (SSO) and hybrid deployments.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Federation and Identity Management Concepts

Question 7

A large multinational corporation maintains a complex network of data centers across the world.

Which type of disaster recovery site will ensure business continuity in case of a disaster?

AA mobile data center that can be deployed to the disaster zone

BA fully equipped hot site with up-to-date hardware and software

CA secondary location with basic backup hardware and software

DA remote location with cloud-based backups

Answer : B

The correct answer is B --- A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

'Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

WGU Cybersecurity Architecture and Engineering (KFO1/D488) WGU (KFO1/D488) Cybersecurity Architecture and Engineering Exam Practice Test