D488 Cybersecurity Architecture & Engineering
(WGU) Exam Newest With Complete Questions
And Correct Detailed Answers| Brand New
Version
1. Which principle ensures that users are given the minimum level
of access required to perform their job functions?
A) Separation of duties
B) Defense in depth
C) Least privilege
D) Role-based access control
Rationale: Least privilege limits access to only what is necessary,
reducing the attack surface.
2. What is the main purpose of a demilitarized zone (DMZ) in
network architecture?
A) Encrypt internal traffic
B) Host internal file shares
C) Provide a buffer between the internal network and external
threats
D) Replace firewalls
Rationale: A DMZ isolates publicly accessible services from the
internal network, reducing risk.
3. Which model is primarily used to describe access control based
on security labels and classification levels?
A) DAC
B) MAC
,C) RBAC
D) ABAC
Rationale: Mandatory Access Control (MAC) enforces access based on
labels rather than user discretion.
4. What is a core benefit of network segmentation?
A) Increased bandwidth
B) Limiting the spread of attacks within a network
C) Replacing firewalls
D) Enforcing password policies
Rationale: Segmentation reduces lateral movement by attackers in
case of a breach.
5. In secure software development, which phase focuses on
identifying potential security vulnerabilities before deployment?
A) Implementation
B) Maintenance
C) Design and threat modeling
D) Testing
Rationale: Early threat modeling helps identify security risks
proactively.
6. Which encryption algorithm is symmetric?
A) RSA
B) ECC
C) AES
D) Diffie-Hellman
,Rationale: AES uses the same key for encryption and decryption,
making it symmetric.
7. Which of the following is a characteristic of a stateful firewall?
A) Filters only by IP address
B) Tracks active connections to make filtering decisions
C) Does not inspect traffic payloads
D) Works only at the application layer
Rationale: Stateful firewalls maintain session information to improve
filtering accuracy.
8. What is the primary purpose of hashing in cybersecurity?
A) Encrypt data
B) Verify data integrity
C) Authenticate users
D) Generate keys
Rationale: Hashing produces a fixed-size digest for integrity checking;
it is one-way.
9. Which type of control is a security awareness training program?
A) Technical
B) Physical
C) Administrative
D) Detective
Rationale: Administrative controls include policies, procedures, and
training to manage security risks.
, 10. Which protocol is commonly used to securely manage network
devices remotely?
A) HTTP
B) Telnet
C) SSH
D) FTP
Rationale: SSH encrypts remote administrative sessions, protecting
credentials and data.
11. What does the CIA triad stand for?
A) Compliance, Integrity, Audit
B) Confidentiality, Integrity, Availability
C) Control, Information, Access
D) Cryptography, Identification, Authentication
Rationale: CIA triad is the foundation of cybersecurity principles.
12. Which type of attack intercepts and potentially alters
communication between two parties?
A) Denial-of-Service
B) Man-in-the-middle
C) Phishing
D) SQL Injection
Rationale: MITM attacks intercept traffic to eavesdrop or modify
data.
13. What is the primary function of a Security Information and
Event Management (SIEM) system?
(WGU) Exam Newest With Complete Questions
And Correct Detailed Answers| Brand New
Version
1. Which principle ensures that users are given the minimum level
of access required to perform their job functions?
A) Separation of duties
B) Defense in depth
C) Least privilege
D) Role-based access control
Rationale: Least privilege limits access to only what is necessary,
reducing the attack surface.
2. What is the main purpose of a demilitarized zone (DMZ) in
network architecture?
A) Encrypt internal traffic
B) Host internal file shares
C) Provide a buffer between the internal network and external
threats
D) Replace firewalls
Rationale: A DMZ isolates publicly accessible services from the
internal network, reducing risk.
3. Which model is primarily used to describe access control based
on security labels and classification levels?
A) DAC
B) MAC
,C) RBAC
D) ABAC
Rationale: Mandatory Access Control (MAC) enforces access based on
labels rather than user discretion.
4. What is a core benefit of network segmentation?
A) Increased bandwidth
B) Limiting the spread of attacks within a network
C) Replacing firewalls
D) Enforcing password policies
Rationale: Segmentation reduces lateral movement by attackers in
case of a breach.
5. In secure software development, which phase focuses on
identifying potential security vulnerabilities before deployment?
A) Implementation
B) Maintenance
C) Design and threat modeling
D) Testing
Rationale: Early threat modeling helps identify security risks
proactively.
6. Which encryption algorithm is symmetric?
A) RSA
B) ECC
C) AES
D) Diffie-Hellman
,Rationale: AES uses the same key for encryption and decryption,
making it symmetric.
7. Which of the following is a characteristic of a stateful firewall?
A) Filters only by IP address
B) Tracks active connections to make filtering decisions
C) Does not inspect traffic payloads
D) Works only at the application layer
Rationale: Stateful firewalls maintain session information to improve
filtering accuracy.
8. What is the primary purpose of hashing in cybersecurity?
A) Encrypt data
B) Verify data integrity
C) Authenticate users
D) Generate keys
Rationale: Hashing produces a fixed-size digest for integrity checking;
it is one-way.
9. Which type of control is a security awareness training program?
A) Technical
B) Physical
C) Administrative
D) Detective
Rationale: Administrative controls include policies, procedures, and
training to manage security risks.
, 10. Which protocol is commonly used to securely manage network
devices remotely?
A) HTTP
B) Telnet
C) SSH
D) FTP
Rationale: SSH encrypts remote administrative sessions, protecting
credentials and data.
11. What does the CIA triad stand for?
A) Compliance, Integrity, Audit
B) Confidentiality, Integrity, Availability
C) Control, Information, Access
D) Cryptography, Identification, Authentication
Rationale: CIA triad is the foundation of cybersecurity principles.
12. Which type of attack intercepts and potentially alters
communication between two parties?
A) Denial-of-Service
B) Man-in-the-middle
C) Phishing
D) SQL Injection
Rationale: MITM attacks intercept traffic to eavesdrop or modify
data.
13. What is the primary function of a Security Information and
Event Management (SIEM) system?
