Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with CertsForce

The correct answer is C — Impact.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, when evaluating the severity of an incident, the immediate and potential impact on operations, patient care, finances, or reputation is the most critical factor. In this scenario, the interruption to patientcare due to encrypted records signifies a major operational impact, making it the most important consideration.

Threat actors (A) identify who is behind the attack, not the severity. Risk (B) encompasses impact and likelihood but is broader. Likelihood (D) concerns the probability of an event happening, not its current severity.

Reference Extract from Study Guide:

"Impact refers to the actual or potential harm that results from a security incident, including effects on operations, financial loss, or harm to individuals."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Incident Response and Management

=============================================

The correct answer is D — Packet capture.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, packet captures (PCAP files) allow analysts to inspect individual network packets to understand traffic patterns, detect anomalies, and investigate attacks like DDoS. A packet capture provides complete network session data, enabling in-depth analysis of traffic behavior at the packet level.

Web server access logs (A) only capture web activity. Syslog messages (B) primarily record system events but not raw traffic data. Operating system event logs (C) focus on system-level actions, not network flows.

Reference Extract from Study Guide:

"Packet captures record the full network traffic and are essential for investigating network-based attacks such as DDoS incidents by analyzing traffic flows, protocols, and payloads."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Monitoring Concepts

=============================================

The correct answer is C — Implementation of encryption for all data stored in the system.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that encrypting data at rest ensures that even if storage systems are compromised, the data remains confidential and secure.

Password changes (A) help secure user accounts but not stored data. Firewall policies (B) and VPNs (D) protect data in transit and access control but not the storage layer itself.

Reference Extract from Study Guide:

"Encrypting data at rest ensures that stored data remains confidential and protected from unauthorized access, even if storage devices are compromised."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Protection Strategies

=============================================

The correct answer is C — Implementation of secure user authentication protocols.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that secure authentication mechanisms, like strong passwords, multifactor authentication, and session management, prevent unauthorized access and impersonation, thus helping prevent cheating inlearning platforms.

Firewall policies (A) and disabling Bluetooth (B) harden systems but do not directly address authentication. Software updates (D) protect against system vulnerabilities but not user integrity.

Reference Extract from Study Guide:

"Secure authentication protocols ensure that users accessing learning management systems are properly verified, reducing risks of impersonation and cheating."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Access Control and Identity Verification

=============================================

The correct answer is C — Role-based access control (RBAC).

WGU KFO1 / D488 course material emphasizes that RBAC allows administrators to assign permissions based on roles rather than individual users. This method provides granular control and flexibility, allowing the organization to efficiently manage access rights across multiple cloud services while maintaining a strong security posture.

OAuth (A) and SAML (B) are protocols for authentication and authorization, not detailed access control models. Kerberos (D) is used for secure authentication within a network but does not provide the granular delegation capabilities needed for cloud service administration.

Reference Extract from Study Guide:

"Role-based access control (RBAC) provides a scalable and manageable model to assign permissions to users based on their organizational roles, ensuring flexibility and maintaining secure delegation of administrative tasks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The IT role responsible for the installation and maintenance of hardware and software that make up a computer network is the Network Administrator. Their responsibilities include:

Network installation: Setting up and configuring network hardware, such as routers, switches, firewalls, and servers.

Network maintenance: Ensuring the network operates smoothly, performing regular updates, and troubleshooting issues.

Security management: Implementing security measures to protect the network from unauthorized access, attacks, and breaches.

Performance monitoring: Monitoring network performance and making necessary adjustments to optimize speed and reliability.

Therefore, the Network Administrator is the correct role for these responsibilities.

References

William Stallings, "Data and Computer Communications," Pearson.

Andrew S. Tanenbaum and David J. Wetherall, "Computer Networks," Pearson.

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

Data Loss Prevention (DLP)systems are specifically designed todetect, monitor, andpreventunauthorized attempts to access, transmit, or extract sensitive data — including email, removable media, and cloud uploads.

NIST SP 800-207A (Data Protection):

“DLP systems are used to prevent sensitive information from being transmitted outside of a trusted boundary by monitoring and enforcing content-based policies.”

IDS and IPS detect threats but do notfocus on protecting data from being exfiltrated. MFA protects user identities, not data leakage.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Implement DLP controls to protect sensitive data from unauthorized extraction

The SQL statement provided is:

SELECT*FROMCustomersWHEREState ='Arizona';

SELECT *indicates that all columns from the table should be selected.

FROM Customersspecifies the table from which to retrieve the data.

WHERE State = 'Arizona'filters the results to include only those records where the State column has the value 'Arizona'.

Therefore, the statement returns all records from the Customers table that are located in Arizona.

The correct answer is B — Password policies.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that strong password policies, including requirements for complexity, minimum length, expiration, and reuse restrictions, are essential for protecting user credentials from compromise.

Object storage (A) and removable storage (C) deal with data storage, not password management. Hardware key managers (D) manage cryptographic keys, not passwords directly.

Reference Extract from Study Guide:

"Implementing strong password policies enforces secure password practices among users, reducing the risk of credential compromise."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Controls

=============================================