Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with CertsForce

The correct answer is A — Tactical.

Based on WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study material, tactical threat intelligence provides technical details such as indicators of compromise (IOCs), IP addresses, file hashes, domain names, and other evidence needed to detect and respond to threats immediately. This type of intelligence is used by security teams to perform real-time monitoring and incident response.

Operational intelligence (C) addresses campaigns or actor behavior but is not immediately actionable. Strategic intelligence (D) provides high-level, long-term threat trends. Commodity malware (B) refers to low-level malware types, not intelligence classifications.

Reference Extract from Study Guide:

"Tactical threat intelligence focuses on technical indicators of compromise (IOCs) and immediate actionable information that responders use to detect and contain active threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Intelligence Concepts

=============================================

The correct answer is A — User and entity behavior analytics (UEBA).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that UEBA tools analyze patterns of user and entity behavior to detect anomalies that could indicate insider threats, compromised accounts, or advanced persistent threats (APTs). UEBA focuses on deviations from normal activity patterns to identify risks that traditional signature-based systems might miss.

HSMs (B) protect cryptographic keys but do not monitor behavior. Antivirus tools (C) detect known malware but do not perform behavioral analytics. Two-factor authentication (D) secures access but does not detect unusual behavior patterns.

Reference Extract from Study Guide:

"User and entity behavior analytics (UEBA) identifies potential security threats by analyzing deviations from typical user and system activity patterns."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection Technologies

Alpha testing is a type of system testing that involves having end users test the system with simulated data and the help of the developer. This phase is crucial because:

Early feedback: Users provide early feedback on the usability and functionality of the system.

Bug identification: Developers can identify and fix bugs before the system is released for beta testing or production.

Simulated environment: The testing is done in a controlled, simulated environment, often within the development organization.

Alpha testing is followed by beta testing, where the system is tested in a real-world environment by end users without the developers' direct involvement.

References

Ron Patton, "Software Testing," Sams Publishing.

Glenford J. Myers, "The Art of Software Testing," Wiley.

The correct answer is D — BIOS protection.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) recommends enabling BIOS protection features such as BIOS passwords, secure boot, and firmware write protection to prevent unauthorized changes to BIOS firmware. BIOS protection locks the firmware settings to prevent tampering.

BIOS monitoring (A) detects changes but does not prevent them. IDS (B) detects network attacks, not firmware changes. Backups (C) protect data but not BIOS integrity.

Reference Extract from Study Guide:

"BIOS protection involves securing firmware with authentication methods and write protections to prevent unauthorized modifications at the hardware level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Hardware and Firmware Security

=============================================

The correct answer is C — Encrypting data.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that encryption is the best defense against man-in-the-middle attacks because even if traffic is intercepted, the data remains unreadable without the appropriate decryption keys.

Disabling Wi-Fi (A) is not practical and does not eliminate MITM threats entirely. Password policies (B and D) strengthen account security but do not protect data transmission.

Reference Extract from Study Guide:

"Encryption ensures the confidentiality of data in transit, preventing unauthorized parties from accessing the content even during man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Transmission Security

=============================================

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The correct answer is A — By looking for extra and unexpected symbols and characters in certain queries.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), SQL injection attacks often include malicious SQL code in input fields, with unusual symbols such as semicolons, apostrophes, or comments (', --, ;). Analysts detect these attacks by monitoring for unexpected or abnormal input patterns in database queries.

Changes to primary keys (B) and repeated login failures (C) are unrelated to SQLi detection. Administrative commands (D) relate more to privilege escalation.

Reference Extract from Study Guide:

"SQL injection attacks typically involve abnormal input that includes special SQL characters or commands; monitoring for such anomalies can reveal attempted injections."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application and Database Security Threats

=============================================

The employee needs to execute a program from the command line, which requires inputting commands into the computer.

The primary device for inputting commands is the keyboard.

Other options like the hard drive, speaker, and printer are not used for inputting commands.

The hard drive is used for data storage.

The speaker outputs sound.

The printer outputs documents.

Therefore, the correct peripheral device for this task is the keyboard.

IPsecis anend-to-end encryption protocol suitethat operates at thenetwork layer, providingauthentication, integrity, and confidentialitybetween virtual networks—even across different cloud environments like Azure and AWS.

NIST SP 800-77 Rev. 1 (Guide to IPsec VPNs):

“IPsec provides network-layer protection through authentication headers (AH) and encapsulating security payloads (ESP), suitable for securing traffic across untrusted environments.”

FTP is insecure, and SSH is more suitable for command-line access or remote sessions—not secure VPC-to-VPC tunnels.

????WGU Course Alignment:

Domain:Cryptography

Topic:Use encryption protocols like IPsec for secure data transmission between networks

The correct answer is B — Advanced Encryption Standard (AES).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient for encrypting stored or transmitted healthcare data.

WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an asymmetric encryption method typically used for key exchanges, not bulk data encryption.

Reference Extract from Study Guide:

"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing strong protection for confidentiality and integrity in HIPAA-regulated environments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory Compliance

=============================================