WGU (KFO1/D488) Cybersecurity Architecture and Engineering Exam Questions Instant Access

Question 1

Which risk management strategy will ensure that data stored on an Enterprise Resource Planning (ERP) system is secure from exploitation in the event of a data breach?

AImplementation of data encryption

BEnforcement of a strict firewall policy to restrict access to the ERP system's server

CImplementation of regular backup and disaster recovery planning

DConfiguration of the ERP system to disable all printing services on all workstations

Answer : A

Data encryptionprotects sensitive ERP system information by rendering the data unreadable to unauthorized users, even if the system is compromised. This is the most effective method to preserve confidentiality in a breach.

NIST SP 800-111 (Guide to Storage Encryption Technologies):

''Encryption ensures that even if data is exfiltrated or accessed by unauthorized individuals, it cannot be understood without the appropriate decryption keys.''

Backups and firewalls are important, butencryption directly protects data at restfrom unauthorized viewing.

WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement encryption controls for stored business data

Question 2

What is scope creep?

ARealization that the organization staffing is inadequate

BThe extent of the project that lacks needed requirements

CSmall changes in a project that lead to bigger changes

DWhen the project is completed in less than the required time

Answer : C

Scope creep refers to the phenomenon where the scope of a project gradually increases over time due to small, incremental changes that were not initially planned or approved. This can happen when:

New featuresor requirements are added without proper evaluation or approval.

Stakeholderscontinuously request small changes or additions.

Lack of a clear scope definitionand change control process.

These small changes can accumulate, leading to significant deviations from the original project plan, affecting the project's schedule, budget, and overall success.

Reference

Project Management Institute, 'A Guide to the Project Management Body of Knowledge (PMBOK Guide),' PMI.

Kathy Schwalbe, 'Information Technology Project Management,' Cengage Learning.

Question 3

A software development company is required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which sets requirements for the protection of cardholder data. The company uses Secure Shell (SSH) to connect to its cloud-based development environment, which contains cardholder data.

Which security control will meet the needs of the company?

APatch management

BNetwork segmentation

CStrong authentication

DVulnerability analysis

Answer : C

The correct answer is C --- Strong authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, PCI DSS compliance requires strong access controls, including strong authentication mechanisms, especially when accessing environments containing cardholder data. SSH access must be protected with methods such as multi-factor authentication or strong, complex credentials to ensure that only authorized users gain access.

Patch management (A) maintains system security but is not specifically about authentication. Network segmentation (B) limits data exposure but does not directly relate to authentication. Vulnerability analysis (D) identifies weaknesses but does not address the need for strong authentication when connecting to sensitive environments.

Reference Extract from Study Guide:

'Strong authentication mechanisms are crucial to protect access to environments that store, process, or transmit cardholder data, in compliance with PCI DSS standards.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Regulatory Compliance and Access Control

=============================================

Question 4

A small online retailer stores customer information, product inventory, and financial data on its local servers.

What are the necessary components of a business continuity and disaster recovery plan for this company?

AA detailed evacuation plan, frequent data backups, and regular cybersecurity training for employees

BRedundant backups, a communication plan, and a designated off-site location for data storage and recovery

CA comprehensive insurance policy, a list of emergency contacts, and a system for continuous monitoring of network activity

DRoutine maintenance of servers, an emergency generator, and a policy for employees to work remotely in case of a disaster

Answer : B

The correct answer is B --- Redundant backups, a communication plan, and a designated off-site location for data storage and recovery.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that for effective business continuity and disaster recovery, companies must maintain redundant backups, establish a communication strategy for emergencies, and store critical backups in off-site or cloud locations to recover operations quickly.

While evacuation plans (A) and insurance policies (C) are important, they are not the core technical components for IT disaster recovery. Routine maintenance and remote work (D) are helpful but secondary.

Reference Extract from Study Guide:

'Redundant backups, off-site data storage, and an effective communication plan are key components of business continuity and disaster recovery strategies.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

Question 5

A small start-up is setting up its first network, and it needs to ensure that its network security is adequate. The start-up is aware of the latest cybersecurity threats and the need for strong security measures. In addition to network security, the start-up wants to ensure that it has a disaster recovery plan in place in case of any unexpected events.

Which approach will meet the needs of the start-up?

AIntrusion detection system (IDS)

BPacket filtering

CBootstrapping

DVirtual private network (VPN)

Answer : A

The correct answer is A --- Intrusion detection system (IDS).

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), an IDS helps monitor network traffic for suspicious activities and security threats, making it a fundamental component of securing a network for a start-up. It enables early detection of attacks, contributing both to cybersecurity defense and incident response efforts.

Packet filtering (B) is a limited firewall technique and not as comprehensive. Bootstrapping (C) is a startup or initialization process, not a security measure. VPN (D) secures remote access but does not inherently monitor for threats.

Reference Extract from Study Guide:

'An intrusion detection system (IDS) monitors network traffic for suspicious activity and potential threats, enhancing a network's security posture and supporting incident detection.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Monitoring and Defense

Here are your fully verified and properly formatted answers for this final batch, based on WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official materials:

=============================================

Question 6

A company has recently completed its disaster recovery plan and is preparing to test it. The company's IT team has identified the need to simulate a disaster scenario to evaluate the effectiveness of the plan. The team has considered a few options, including a full interruption test, a walk-through, tabletop exercises, and checklists. They want to choose a testing method that will allow them to evaluate the plan in a controlled environment while minimizing the impact on the company's operations.

Which testing method will meet the needs of the company?

AWalk-through

BTabletop exercises

CChecklists

DFull interruption test

Answer : B

The correct answer is B --- Tabletop exercises.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a tabletop exercise as a controlled simulation where participants discuss their roles during a simulated disaster scenario. It allows the evaluation of the plan without causing real disruption to operations.

Walk-throughs (A) review plans but are less interactive. Checklists (C) are passive validation. Full interruption tests (D) would disrupt operations, which the company wants to avoid.

Reference Extract from Study Guide:

'Tabletop exercises allow teams to simulate disaster scenarios in a controlled, discussion-based format, helping validate plans without impacting real-world operations.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Methods

=============================================

Question 7

The DevSecOps team for an organization manages a continuous integration and continuous deployment (CI/CD) pipeline for a three-tier web application. Management has asked the team toperform a series of comprehensive post-deployment tests to make sure that all of the components of the application can interact and function properly.

What should the team recommend?

AStatic code analysis

BDynamic code analysis

CIntegration testing

DPackage scanning

Answer : C

The correct answer is C --- Integration testing.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), integration testing verifies that different modules or components of an application work together as intended. This type of testing is essential after deployment to ensure the overall system functions correctly across all tiers (e.g., web, application, and database layers).

Static code analysis (A) examines source code without execution. Dynamic code analysis (B) tests running code for vulnerabilities but not necessarily component interaction. Package scanning (D) reviews third-party libraries for vulnerabilities but does not test integration.

Reference Extract from Study Guide:

'Integration testing verifies that multiple components of an application function correctly when combined, ensuring end-to-end system reliability post-deployment.'

--- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Software Development and Testing

WGU Cybersecurity Architecture and Engineering (KFO1/D488) WGU (KFO1/D488) Cybersecurity Architecture and Engineering Exam Questions