Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with CertsForce

The correct answer is D — Recovery point objective (RPO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RPO defines the maximum amount of data loss that is tolerable in terms of time. It sets the backup frequency to ensure that in the event of a disruption, no more than the specified amount of data is lost.

Continuous data protection (A) is a method but not the term for the metric. BIA (B) identifies impacts but does not define backup timing. DR (C) refers to the overall recovery process, not backup frequency.

Reference Extract from Study Guide:

"Recovery point objective (RPO) defines the maximum age of files that must be recovered from backup storage for normal operations to resume after a failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Recovery Objectives

=============================================

ASecurity Information and Event Management (SIEM)system collects, normalizes, and correlates logs and security events from various devices across both on-premises and cloud environments. It enables centralizedthreat detection,incident response, andcompliance monitoring.

NIST SP 800-137 (Information Security Continuous Monitoring):

“SIEMs are essential for real-time incident detection and response by aggregating and analyzing logs from disparate systems.”

Hybrid cloud environmentsmake log correlation complex, and SIEMs are uniquely suited to bridge cloud and on-prem infrastructure.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Use SIEM for centralized monitoring and event correlation in hybrid architectures

Parallel conversion is a system deployment method where the new system is implemented and runs alongside the old system for a period of time. This method allows for:

Comparison of outputs: Ensuring that the new system produces the same or better results as the old system.

Risk reduction: If there are issues with the new system, the old system can still be used without interrupting business operations.

User adaptation: Users can get accustomed to the new system while still having access to the familiar old system.

Parallel conversion is often used to minimize the risk associated with deploying a new system.

References

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

The correct answer is C — Secure/Multipurpose Internet Mail Extensions (S/MIME).

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), S/MIME provides encryption, integrity, and authentication for email messages by using public key cryptography and digital signatures.

SMTP (A) is used for sending emails but does not secure them. PGP (B) also secures emails but is not a protocol; it is a program and standard. IPsec (D) secures network communications, not email specifically.

Reference Extract from Study Guide:

"Secure/Multipurpose Internet Mail Extensions (S/MIME) is a protocol used to encrypt and digitally sign email communications, ensuring confidentiality, integrity, and authenticity."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Communication Technologies

=============================================

Identity federationallows authentication credentials to be used across multiple systems or domains—includingon-premises and cloud platforms—without duplicating user databases.

NIST SP 800-63C (Federated Identity Guidelines):

“Federation enables users to access multiple, disparate services using a single digital identity that can be shared securely across organizational boundaries.”

This approach is essential in hybrid architectures where cloud VMs and on-prem servers must recognize acentralized identity providerlike Active Directory.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity in hybrid and multi-cloud environments

The correct answer is D — Host-based intrusion detection system (HIDS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a HIDS monitors individual servers or endpoints for suspicious activity and potential breaches. It provides real-time detection of unauthorized access and unusual behaviors on hosts.

HSM (A) protects cryptographic keys. Two-factor authentication (B) strengthens user authentication but does not monitor server activity. Antivirus tools (C) detect malware but are not designed to detect broader suspicious behaviors.

Reference Extract from Study Guide:

"Host-based intrusion detection systems (HIDS) monitor individual servers for unauthorized activities, unauthorized access attempts, and changes to critical system files."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Intrusion Detection Systems

=============================================

The correct answer is A — A process to reassess risks on a defined schedule.

Based on the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, risks must be reassessed periodically because the threat landscape, organizational assets, and business processes evolve over time. Risks identified years ago might have changed in likelihood, impact, or may have been mitigated already. Therefore, it is essential to establish a formal process for periodic risk review and reassessment to maintain accurate and actionable risk profiles.

Availability of risk documents (B), methods of capture (C), and leadership involvement in scoring (D) are important, but they do not directly address the primary issue of outdated risk assessments.

Reference Extract from Study Guide:

"Organizations must implement a periodic review and reassessment process for risks to ensure that risk profiles reflect the current threat environment, organizational changes, and mitigation efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Framework

Security edge devices(such as NGFWs, IDS/IPS, and secure gateways) are deployed at thenetwork perimeterto inspect and filter traffic, providing aninitial layer of defenseagainst external threats before they reach internal systems.

NIST SP 800-41 Rev. 1:

“Edge security devices enforce security policy at network boundaries and act as a first line of defense by preventing unauthorized or malicious traffic from entering the internal network.”

They are not TPMs or SIEMs, though they maygenerate dataconsumed by SIEMs.

????WGU Course Alignment:

Domain:Network Security

Topic:Deploy perimeter defense technologies at network entry points

Aproprietary software licensetypically grants a business or user theright to usethe software.

Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.

The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.

Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.