Free Practice Questions for WGU Cybersecurity-Architecture-and-Engineering Exam

Data support an organization's business goals by providing crucial information that aids in making informed decisions. Analyzing data helps identify trends, measure performance, and uncover insights that drive strategic planning and operational improvements. This informed decision-making process is vital for achieving business goals and staying competitive in the market.

The correct answer is C — Data Protection Impact Assessment (DPIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a DPIA is conducted to assess how personal data is collected, stored, and processed, evaluating potential privacy impacts and defining measures to mitigate risks. This is essential for compliance with privacy laws and regulations, especially in systems handling sensitive customer information.

DR (A) and BCP (B) are about operational recovery, not data privacy. Risk management (D) is broader and not focused solely on privacy impact.

Reference Extract from Study Guide:

"A Data Protection Impact Assessment (DPIA) evaluates the effects of processing activities on the privacy of individuals and develops strategies to mitigate privacy risks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Privacy and Protection Strategies

=============================================

The correct answer is C — Secure/Multipurpose Internet Mail Extensions (S/MIME).

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), S/MIME provides encryption, integrity, and authentication for email messages by using public key cryptography and digital signatures.

SMTP (A) is used for sending emails but does not secure them. PGP (B) also secures emails but is not a protocol; it is a program and standard. IPsec (D) secures network communications, not email specifically.

Reference Extract from Study Guide:

"Secure/Multipurpose Internet Mail Extensions (S/MIME) is a protocol used to encrypt and digitally sign email communications, ensuring confidentiality, integrity, and authenticity."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Communication Technologies

=============================================

The correct answer is C — Integration testing.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), integration testing verifies that different modules or components of an application work together as intended.This type of testing is essential after deployment to ensure the overall system functions correctly across all tiers (e.g., web, application, and database layers).

Static code analysis (A) examines source code without execution. Dynamic code analysis (B) tests running code for vulnerabilities but not necessarily component interaction. Package scanning (D) reviews third-party libraries for vulnerabilities but does not test integration.

Reference Extract from Study Guide:

"Integration testing verifies that multiple components of an application function correctly when combined, ensuring end-to-end system reliability post-deployment."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Software Development and Testing

The correct answer is C — Device hardening.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that device hardening involves reducing vulnerabilities by disabling unnecessary services, ports, and features. Closing unneeded network ports minimizes the attack surface and strengthens device security.

An intrusion prevention system (A) monitors and blocks threats but does not close ports directly. A web application firewall (B) protects web apps, not device configurations. An intrusion detection system (D) only alerts but does not proactively secure devices.

Reference Extract from Study Guide:

"Device hardening minimizes vulnerabilities by disabling unnecessary services and ports, securing the system against network-based attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Device Hardening and Secure Configuration

=============================================

The correct answer is D — Identity federation.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) details that identity federation enables users to authenticate using the same credentials across multiple systems and platforms, including hybrid cloud and on-premises environments. Federation facilitates Single Sign-On (SSO) and seamless authentication.

Two-step verification (A) improves authentication strength but does not federate identities. CHAP (B) is an old protocol for PPP connections. Privileged identity management (C) manages high-privilege accounts, not general user access across domains.

Reference Extract from Study Guide:

"Identity federation allows for seamless authentication across on-premises and cloud environments by trusting external identity providers, supporting Single Sign-On (SSO) and hybrid deployments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Federation and Identity Management Concepts

The correct answer is B — Implementing security patches and updates on a regular basis and using hybrid cloud topology.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that timely application of security patches is critical to addressing vulnerabilities like outdated software. A hybrid cloud topology offers the flexibility and scalability needed by financial institutions while keeping sensitive data protected in more controlled environments.

Strong password policies (A) help, but public cloud alone may not be best for sensitive banking systems. Antivirus (C) addresses only part of the threat. Private cloud (D) improves security but may not offer the scalability benefits of a hybrid approach.

Reference Extract from Study Guide:

"Timely application of security patches mitigates vulnerabilities, and hybrid cloud models balance the need for scalability and sensitive data protection in financial institutions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Mitigation Strategies and Cloud Topologies

=============================================

The correct answer is B — A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

IT infrastructure encompasses all the physical and virtual resources that support the flow,storage, processing, and analysis of data. Networks, which include the internet, intranets, and extranets, are fundamental components of IT infrastructure as they enable communication and data exchange between different hardware and software components.