Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with CertsForce

Federated authenticationallows two or more organizations to share access credentials based ontrusted identity providers. This enables users from one domain to access systems in another without creating separate accounts.

NIST SP 800-63C (Digital Identity Guidelines – Federation):

“Federated identity allows users to access multiple services across security domains using a single identity, reducing the administrative burden of account duplication.”

This is essential in B2B or inter-organizational environments likehealthcare information exchange.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity systems for cross-organizational access

The correct answer is D — Implementation of data encryption.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), encrypting data at rest ensures that even if attackers breach the system and obtain files, the data remains protected because it cannot be easily read without decryption keys.

Firewall enforcement (A) restricts access but does not protect data if stolen. Disabling printing services (B) limits data leakage but not core data protection. Backups (C) help with recovery, not immediate breach protection.

Reference Extract from Study Guide:

"Encrypting sensitive data ensures confidentiality even in the event of a security breach, protecting information from unauthorized exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Encryption Practices

=============================================

AnEnd User License Agreement (EULA)is a legal contract between the software manufacturer and the user.

The primary purpose of a EULA is togrant the user the right to use the software.

It outlines the terms and conditions under which the software can be used.

This can include restrictions on installation, distribution, and modification.

The EULA helps protect the intellectual property rights of the software creator.

To protect datain use(within memory), the provider must implementhardware-level memory encryptionandtrusted execution environments(secure enclaves), which protect against cold boot attacks, memory scraping, and unauthorized access.

NIST SP 800-207A (Hardware-Enabled Security: Enclaves):

“Trusted execution environments and memory encryption mechanisms help ensure that data remains protected even when systems are compromised at lower levels.”

This is amodern cloud security best practiceespecially useful forconfidential computingenvironments.

????WGU Course Alignment:

Domain:System Security Engineering / Cryptography

Topic:Protect data in use with hardware-based encryption and enclaves

Regularlyreviewing and updatingthe Disaster Recovery Plan ensures it remains effective astechnology, processes, and risks evolve. It ensures that the DRP reflects current infrastructure, contacts, and business requirements.

NIST SP 800-34 Rev. 1:

“Plans should be reviewed and updated regularly to ensure accuracy and relevance. Failure to do so may result in ineffective or outdated procedures.”

Testing is important, butregular updates ensure long-term plan viability.

????WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Maintain and periodically revise DRPs to reflect current risks and systems

Themost sustainable solutionto eliminate security risks associated with legacy systems is toupgrade themto supported versions that receive security updates and patches.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems running unsupported or outdated software must be prioritized for upgrade to ensure that known vulnerabilities are mitigated.”

While short-term isolation may work temporarily, it does not address theroot causeor meet compliance requirements long-term.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Perform lifecycle management and upgrade legacy systems

The correct answer is C — Strong authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, PCI DSS compliance requires strong access controls, including strong authentication mechanisms, especially when accessing environments containing cardholder data. SSH access must be protected with methods such as multi-factor authentication or strong, complex credentials to ensure that only authorized users gain access.

Patch management (A) maintains system security but is not specifically about authentication. Network segmentation (B) limits data exposure but does not directly relate to authentication. Vulnerability analysis (D) identifies weaknesses but does not address the need for strong authentication when connecting to sensitive environments.

Reference Extract from Study Guide:

"Strong authentication mechanisms are crucial to protect access to environments that store, process, or transmit cardholder data, in compliance with PCI DSS standards."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Regulatory Compliance and Access Control

=============================================

The correct answer is B — Implementing security patches and updates on a regular basis and using hybrid cloud topology.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that timely application of security patches is critical to addressing vulnerabilities like outdated software. A hybrid cloud topology offers the flexibility and scalability needed by financial institutions while keeping sensitive data protected in more controlled environments.

Strong password policies (A) help, but public cloud alone may not be best for sensitive banking systems. Antivirus (C) addresses only part of the threat. Private cloud (D) improves security but may not offer the scalability benefits of a hybrid approach.

Reference Extract from Study Guide:

"Timely application of security patches mitigates vulnerabilities, and hybrid cloud models balance the need for scalability and sensitive data protection in financial institutions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Mitigation Strategies and Cloud Topologies

=============================================

The correct answer is D — Likelihood.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that when evaluating the chance of future incidents, the focus should be on likelihood — the probability that a threat will exploit a vulnerability again. Given that a breach has already occurred, it is important to assess how likely another breach could happen without additional security measures.

Impact (A) measures consequences, not probability. Risk (B) is a combination of impact and likelihood, but to specifically focus on future potential, likelihood (D) is primary. Threat actors (C) describe adversaries, not probabilities.

Reference Extract from Study Guide:

"Likelihood refers to the probability that a specific threat will successfully exploit a vulnerability, and is a key consideration in predicting future incidents."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Assessment Concepts

=============================================

The statement refers to the different types of media that can be used for data backup. Backup media encompasses various storage devices and methods used to store copies of data. Examples include:

CDs and DVDs: Optical storage media used for smaller-scale backups.

Hard drives: Mechanical or solid-state drives used for local and external backups.

Cloud storage: Online services providing remote storage and access to backups.

Choosing the appropriate backup media is crucial for ensuring data availability and recovery in case of data loss.

References

David M. Kroenke and Randall J. Boyle, "Using MIS," Pearson.

Curtis Preston, "Backup & Recovery: Inexpensive Backup Solutions for Open Systems," O'Reilly Media.