Free Practice Questions for WGU Cybersecurity-Architecture-and-Engineering Exam

The correct answer is D — Containerization.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) material states that containerization provides isolated environments (containers) where applications can be developed, tested, and deployed securely. This isolation minimizes the risk of vulnerabilities affecting the host system or other applications, improving the overall security of the development process.

DLP (A) prevents data leakage but does not isolate applications. VPNs (B) secure network traffic but do not create isolated development environments. Firewalls (C) control network traffic but do not manage application-level isolation.

Reference Extract from Study Guide:

"Containerization secures application development and deployment by isolating applications in lightweight, standalone environments, reducing risk and improving manageability."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application Security Concepts

=============================================

The correct answer is D — Likelihood.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that when evaluating the chance of future incidents, the focus should be on likelihood — the probability that a threat will exploit a vulnerability again. Given that a breach has already occurred, it is important to assess how likely another breach could happen without additional security measures.

Impact (A) measures consequences, not probability. Risk (B) is a combination of impact and likelihood, but to specifically focus on future potential, likelihood (D) is primary. Threat actors (C) describe adversaries, not probabilities.

Reference Extract from Study Guide:

"Likelihood refers to the probability that a specific threat will successfully exploit a vulnerability, and is a key consideration in predicting future incidents."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Assessment Concepts

=============================================

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The correct answer is D — Encryption to prevent man-in-the-middle and eavesdropping attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that while NFC is inherently short-range, it is still vulnerable to eavesdropping and man-in-the-middle attacks. Applying encryption ensures that even if communication is intercepted, the data remains protected and confidential.

Kerberos (A) is primarily for authentication within internal networks. Bluetooth restrictions (B) are unrelated to NFC. PDM (C) restricts device usage but does not directly protect NFC communication.

Reference Extract from Study Guide:

"Encrypting near-field communication ensures confidentiality and protects against interception and manipulation through man-in-the-middle and eavesdropping attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless and Mobile Security Concepts

The correct answer is C — Implementation of role-based access controls and encryption of all sensitive data.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the combination of role-based access control (RBAC) and encryption protects sensitive health data by ensuring only authorized users can access necessary information, while encryption ensures the data remains secure both at rest and in transit.

Disabling USB ports (A) prevents data exfiltration but does not fulfill broad privacy requirements. Encrypting network traffic (B) protects in-transit data only. Firewalls (D) protect against unauthorized access but do not manage user roles or internal data privacy.

Reference Extract from Study Guide:

"Protecting sensitive health data requires a combination of access control models such as RBAC and encryption, ensuring both authorization and confidentiality."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Privacy and Data Protection Strategies

An algorithm is a defined set of step-by-step procedures or a set of rules to be followed to perform a specific task or solve a problem. Here are the characteristics that describe an algorithm:

Unambiguous rules: Each step of an algorithm must be clearly defined and unambiguous. There should be no confusion in interpreting the instructions.

Definiteness: The algorithm should have a clear starting and stopping point, leading to a precise output after a finite number of steps.

Finiteness: Algorithms must terminate after a finite number of steps. They cannot run indefinitely.

Input and Output: An algorithm should take zero or more inputs and produce at least one output.

Therefore, the correct answer is "Unambiguous rules," as it directly reflects the essential characteristic of an algorithm being precise and clear in its steps.

References

Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, "Introduction to Algorithms," MIT Press.

Donald E. Knuth, "The Art of Computer Programming," Addison-Wesley.

The correct answer is C — Structured Query Language (SQL) injection attacks.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a Web Application Firewall (WAF) protects web applications by filtering and monitoring HTTP traffic. It isspecifically effective against attacks such as SQL injection, cross-site scripting (XSS), and other application-layer vulnerabilities.

Phishing (A) and social engineering (D) involve human deception, not web application vulnerabilities. Brute force attacks (B) typically target authentication but are not the primary focus of a WAF.

Reference Extract from Study Guide:

"A web application firewall (WAF) detects and prevents attacks against web applications, including SQL injection and cross-site scripting (XSS)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Firewall and Threat Protection

=============================================

The correct answer is C — Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) clearly states that encryption protects the confidentiality of transmitted information. In the case of SNMP (especially older versions like SNMPv1 and SNMPv2), communications are unencrypted, making encryption critical to protecting network management information from unauthorized disclosure.

Access controls (A) restrict who can access systems but do not encrypt data. Network segmentation (B) separates systems but does not encrypt traffic. Security monitoring (D) detects threats but does not protect data confidentiality.

Reference Extract from Study Guide:

"Encryption safeguards sensitive data transmitted over the network, ensuring confidentiality in compliance with privacy regulations such as HIPAA."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Data Protection

The correct answer is A — Virtual network peering.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, virtual network peering enables direct communication between two or more virtual networks without the need for gateways, VPNs, or additional configurations. It allows seamless interconnectivity with minimal administrative overhead. Peered networks can communicate as if they were part of the same network, which meets the organization's request for the least administrative effort.

Other options like Virtual LANs (B) operate within the same network and don't span multiple virtual networks. Remote Desktop Protocol (C) is used for remote access, not network interconnection. Domain Name System (D) resolves names to IP addresses but does not establish communication pathways between networks.

Reference Extract from Study Guide:

"Virtual network peering provides a low-latency, high-bandwidth connection between virtual networks with minimal administrative setup. It is the recommended solution for direct communication across cloud-based virtual networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Architectures Module

=============================================

The correct answer is C — Constantly scan for known signatures on every machine.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), scanning for known malware signatures is an essential method for detecting infections such as botnets. Signature-based detection compares files and behaviors against databases of known indicators of compromise (IOCs).

Two-factor authentication (A) protects login processes but does not detect malware. Firewall rules (B) help control access but do not detect infections. Configuration management (D) ensures system setup integrity but does not detect botnets.

Reference Extract from Study Guide:

"Signature-based scanning detects malware and botnets by comparing system files and behaviors against databases of known threats and indicators of compromise (IOCs)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Malware Detection and Threat Response