Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with CertsForce

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

DNSSEC (Domain Name System Security Extensions)is a security protocol that adds cryptographic validation to DNS responses, making it nearly impossible for attackers to spoof DNS responses or redirect users to malicious sites.

NIST SP 800-81 Rev. 2 (Secure Domain Name System (DNS) Deployment Guide):

“DNSSEC provides data origin authentication and data integrity to DNS responses using digital signatures, effectively mitigating spoofing and cache poisoning attacks.”

While patching and awareness are important, DNSSECdirectly mitigatesthe technical risk described.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement DNS hardening techniques such as DNSSEC

The correct answer is C — Symmetric algorithm.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study material, symmetric encryption uses the same key for both encryption and decryption, offering high speed and lower computational overhead compared to asymmetric algorithms. This makes symmetric encryption ideal when both security and performance are important factors.

Block cipher (A) is a type of symmetric algorithm but not the broader category being asked. Hash functions (B) are for data integrity, not encryption/decryption. Asymmetric algorithms (D) are more secure for key exchange but have higher computational cost.

Reference Extract from Study Guide:

"Symmetric encryption algorithms use a single shared key for encryption and decryption, offering efficient and high-performance protection for sensitive data transmissions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptography Fundamentals

=============================================

Step by Step Comprehensive Detailed Explanation

A compiler is a program that translates source code written in a high-level programming language into machine code.

Definition: A compiler processes the entire source code of a program and translates it into a machine code executable.

Functionality: This process is typically done in several stages, including lexical analysis, syntax analysis, semantic analysis, optimization, and code generation.

Output: The result is an executable file that can be run on a specific operating system.

References

"Compilers: Principles, Techniques, and Tools" by Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman

NISTIR 7860, "C++ Coding Standards"

The correct answer is A — Implementing secure encrypted enclaves and Advanced Micro Devices (AMD) Secure Memory Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that encryption at the memory level (such as AMD SME) and secure enclaves protect data in volatile memory, safeguarding it even if physical attacks occur.

Security training (B), antivirus (C), and password policies (D) improve security generally but do not specifically address data in volatile memory.

Reference Extract from Study Guide:

"Encrypted enclaves and secure memory encryption protect sensitive data in volatile storage, maintaining confidentiality and integrity even during advanced attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Server and Memory Security Controls

=============================================

The correct answer is A — Conducting regular vulnerability assessments and penetration testing.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, performing vulnerability assessments and penetration testing helps identify weaknesses in both hardware and virtual environments. Regular testing ensures that any hardware-related vulnerabilities are discovered and addressed before they can be exploited.

Disabling CPU virtualization support (B) would prevent virtual machines from running, defeating the purpose. A web application firewall (C) monitors traffic at the application layer but does not address hardware risks. Access control policies (D) are important but not directly tied to detecting hardware vulnerabilities.

Reference Extract from Study Guide:

"Regular vulnerability assessments and penetration testing identify weaknesses in hardware and software environments, providing critical insights for maintaining a hardened and secure posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Security Testing and Assessment

=============================================

A Local Area Network (LAN) requires a router to communicate over the Internet.

The router serves as a gateway that connects the LAN to the external network (Internet) and directs data traffic between the LAN and the Internet.

The other options:

Multiplexer combines multiple signals into one.

Repeater amplifies signals to extend the range.

Switch connects devices within the LAN but does not facilitate Internet communication.

Therefore, a router is the necessary device for a LAN to communicate over the Internet.

Organizational culture can support ethical guidelines by establishing clear protocols and policies that promote the security and privacy of data. This includes:

Data protection policies: Guidelines on how data should be handled, stored, and protected.

Ethical behavior: Encouraging employees to adhere to ethical standards and practices.

Training and awareness: Regular training sessions to educate employees on security best practices and ethical behavior.

Incident response: Protocols for responding to data breaches and other security incidents.

A strong organizational culture that prioritizes data security and privacy helps ensure that ethical guidelines are consistently followed.

References

Michael E. Whitman and Herbert J. Mattord, "Principles of Information Security," Cengage Learning.

Rebecca Herold, "Managing an Information Security and Privacy Awareness and Training Program," CRC Press.

Arelational databaseis structured to recognize relations among stored items of information.

Multiple tablesin a relational database can have interrelated fields.

These relationships are often managed throughforeign keys, which reference the primary keys of other tables.

This relational model allows for complex queries and data integrity across the database.

Example:Tables such asCustomers,Orders, andProductsin a sales database, whereOrderstable may reference bothCustomersandProductstables to establish relationships.

BIOS protectioninvolves enabling hardware security features such asfirmware password protection,secure boot, andwrite protection, which prevent unauthorized firmware modifications.

NIST SP 800-147 (BIOS Protection Guidelines):

“Proper BIOS protection mechanisms, including authenticated updates and access control, are critical to maintaining the integrity of the platform’s startup environment.”

This is apreventive control. BIOS monitoring is reactive; backups protect data, not firmware integrity.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply firmware and BIOS security controls to prevent low-level tampering