WGU D488 Cybersecurity Architecture & Engineering
FINAL EXAM / OBJECTIVE ASSESSMENT (OA) PRACTICE TEST
BANK 100 QUESTIONS WITH ANSWERS AND RATIONALES
1. A company wants to provide laptops to its employees so they can work
remotely. What should be implemented to ensure only work applications can
be installed on company laptops?
A. Containerization
B. Token-based access
C. Patch repository
D. Whitelisting
ANSWER: D. Whitelisting
Rationale: Application whitelisting is a security technique that only allows pre-
approved software to execute on a system. This prevents users from installing or
running unauthorized or malicious applications, ensuring endpoints remain
compliant with company policy .
2. A network technician is asked by their manager to update security to block
several known bad actor IP addresses. Which type of rule should the technician
create?
A. Signature rules
B. Firewall rules
C. Behavior rules
D. Data loss prevention (DLP) rules
ANSWER: B. Firewall rules
Rationale: Firewalls operate by enforcing a set of rules that control incoming and
outgoing network traffic. Creating a rule to deny all traffic from specific, known
malicious IP addresses is a fundamental and direct use of firewall functionality .
,3. A company is looking to protect sensitive data stored on its storage devices.
Which security technology will protect this data by automatically initiating
security procedures as it is written to the device?
A. Self-encrypting drives
B. Hardware security module (HSM)
C. Two-factor authentication
D. Measured boot
ANSWER: A. Self-encrypting drives
Rationale: Self-encrypting drives (SEDs) have built-in hardware-based encryption that
automatically encrypts data as it is written to the disk and decrypts it as it is read,
without any user intervention or performance degradation. This protects data at rest
from unauthorized access if the drive is physically removed.
4. A company is concerned about advanced persistent threats and targeted
attacks. Which security technology can detect and respond to suspicious activity
on its systems?
A. Endpoint detection and response (EDR) software
B. Hardware security module (HSM)
C. Two-factor authentication
D. Antivirus tools
ANSWER: A. Endpoint detection and response (EDR) software
Rationale: EDR solutions go beyond traditional antivirus by continuously monitoring
endpoint activities to detect suspicious behavior indicative of advanced threats like
APTs. They provide capabilities for investigation, threat hunting, and automated
response to contain incidents.
5. An enterprise is deploying a new application that requires a cryptographic
protocol to secure data transmission. Which protocol meets this need?
A. Point-to-Point Tunneling Protocol (PPTP) with 3DES
B. Secure Sockets Layer (SSL) with DES
C. Transport Layer Security (TLS) with Advanced Encryption Standard (AES)
,D. Hypertext Transfer Protocol Secure (HTTPS) with RSA
ANSWER: C. Transport Layer Security (TLS) with Advanced Encryption Standard
(AES)
Rationale: TLS is the modern, secure successor to SSL and is the standard protocol for
encrypting data in transit. AES is a strong, widely adopted symmetric encryption
algorithm. The combination of TLS and AES represents a current and secure method for
protecting sensitive customer information during transmission.
6. Which emerging technology has the potential to significantly impact the
security of current encryption methods by making it possible to quickly solve
difficult mathematical problems?
A. Blockchain
B. Quantum computing
C. Artificial intelligence (AI)
D. Augmented reality (AR)
ANSWER: B. Quantum computing
Rationale: Quantum computing leverages the principles of quantum mechanics to
perform calculations at speeds unattainable by classical computers. This power could
potentially break many of the public-key cryptography algorithms (like RSA and ECC)
that currently secure the internet.
7. Which public-key cryptosystem uses prime factorization as the basis for its
security?
A. Rivest-Shamir-Adleman (RSA)
B. Digital Signature Algorithm (DSA)
C. Elliptic Curve Digital Signature Algorithm (ECDSA)
D. Diffie-Hellman (DH)
ANSWER: A. Rivest-Shamir-Adleman (RSA)
Rationale: The security of RSA relies on the practical difficulty of factoring the product of
two large prime numbers. While factoring a small number is easy, factoring a number
, that is hundreds of digits long is computationally infeasible with current technology,
forming the basis of the algorithm's security.
8. Which key exchange algorithm is used to establish a shared secret key between
two parties without the need for a pre-shared secret?
A. Diffie-Hellman (DH)
B. Rivest-Shamir-Adleman (RSA)
C. Digital Signature Algorithm (DSA)
D. Elliptic Curve Diffie-Hellman (ECDH)
ANSWER: A. Diffie-Hellman (DH)
Rationale: The Diffie-Hellman key exchange protocol allows two parties, each having a
public-private key pair, to establish a shared secret key over an insecure
communications channel. This shared secret can then be used to encrypt subsequent
communications using a symmetric cipher.
9. A company plans to deploy a cryptographic system for digital signatures based
on the equation y^2 = x^3 + ax + b. Which cryptosystem does this describe?
A. Digital Signature Algorithm (DSA)
B. Rivest-Shamir-Adleman (RSA)
C. Elliptic Curve Digital Signature Algorithm (ECDSA)
D. Diffie-Hellman (DH)
ANSWER: C. Elliptic Curve Digital Signature Algorithm (ECDSA)
Rationale: The equation provided is the general form of an elliptic curve. ECDSA is a
variant of the Digital Signature Algorithm (DSA) that uses elliptic curve cryptography,
which can provide the same level of security as RSA but with smaller key sizes, making it
more efficient.
10. A company operates a call center and suspects agents are stealing customer
credit card details. Which solution will defend against this?
A. Security information and event management (SIEM)
B. File integrity monitoring (FIM)
C. Data loss prevention (DLP)
FINAL EXAM / OBJECTIVE ASSESSMENT (OA) PRACTICE TEST
BANK 100 QUESTIONS WITH ANSWERS AND RATIONALES
1. A company wants to provide laptops to its employees so they can work
remotely. What should be implemented to ensure only work applications can
be installed on company laptops?
A. Containerization
B. Token-based access
C. Patch repository
D. Whitelisting
ANSWER: D. Whitelisting
Rationale: Application whitelisting is a security technique that only allows pre-
approved software to execute on a system. This prevents users from installing or
running unauthorized or malicious applications, ensuring endpoints remain
compliant with company policy .
2. A network technician is asked by their manager to update security to block
several known bad actor IP addresses. Which type of rule should the technician
create?
A. Signature rules
B. Firewall rules
C. Behavior rules
D. Data loss prevention (DLP) rules
ANSWER: B. Firewall rules
Rationale: Firewalls operate by enforcing a set of rules that control incoming and
outgoing network traffic. Creating a rule to deny all traffic from specific, known
malicious IP addresses is a fundamental and direct use of firewall functionality .
,3. A company is looking to protect sensitive data stored on its storage devices.
Which security technology will protect this data by automatically initiating
security procedures as it is written to the device?
A. Self-encrypting drives
B. Hardware security module (HSM)
C. Two-factor authentication
D. Measured boot
ANSWER: A. Self-encrypting drives
Rationale: Self-encrypting drives (SEDs) have built-in hardware-based encryption that
automatically encrypts data as it is written to the disk and decrypts it as it is read,
without any user intervention or performance degradation. This protects data at rest
from unauthorized access if the drive is physically removed.
4. A company is concerned about advanced persistent threats and targeted
attacks. Which security technology can detect and respond to suspicious activity
on its systems?
A. Endpoint detection and response (EDR) software
B. Hardware security module (HSM)
C. Two-factor authentication
D. Antivirus tools
ANSWER: A. Endpoint detection and response (EDR) software
Rationale: EDR solutions go beyond traditional antivirus by continuously monitoring
endpoint activities to detect suspicious behavior indicative of advanced threats like
APTs. They provide capabilities for investigation, threat hunting, and automated
response to contain incidents.
5. An enterprise is deploying a new application that requires a cryptographic
protocol to secure data transmission. Which protocol meets this need?
A. Point-to-Point Tunneling Protocol (PPTP) with 3DES
B. Secure Sockets Layer (SSL) with DES
C. Transport Layer Security (TLS) with Advanced Encryption Standard (AES)
,D. Hypertext Transfer Protocol Secure (HTTPS) with RSA
ANSWER: C. Transport Layer Security (TLS) with Advanced Encryption Standard
(AES)
Rationale: TLS is the modern, secure successor to SSL and is the standard protocol for
encrypting data in transit. AES is a strong, widely adopted symmetric encryption
algorithm. The combination of TLS and AES represents a current and secure method for
protecting sensitive customer information during transmission.
6. Which emerging technology has the potential to significantly impact the
security of current encryption methods by making it possible to quickly solve
difficult mathematical problems?
A. Blockchain
B. Quantum computing
C. Artificial intelligence (AI)
D. Augmented reality (AR)
ANSWER: B. Quantum computing
Rationale: Quantum computing leverages the principles of quantum mechanics to
perform calculations at speeds unattainable by classical computers. This power could
potentially break many of the public-key cryptography algorithms (like RSA and ECC)
that currently secure the internet.
7. Which public-key cryptosystem uses prime factorization as the basis for its
security?
A. Rivest-Shamir-Adleman (RSA)
B. Digital Signature Algorithm (DSA)
C. Elliptic Curve Digital Signature Algorithm (ECDSA)
D. Diffie-Hellman (DH)
ANSWER: A. Rivest-Shamir-Adleman (RSA)
Rationale: The security of RSA relies on the practical difficulty of factoring the product of
two large prime numbers. While factoring a small number is easy, factoring a number
, that is hundreds of digits long is computationally infeasible with current technology,
forming the basis of the algorithm's security.
8. Which key exchange algorithm is used to establish a shared secret key between
two parties without the need for a pre-shared secret?
A. Diffie-Hellman (DH)
B. Rivest-Shamir-Adleman (RSA)
C. Digital Signature Algorithm (DSA)
D. Elliptic Curve Diffie-Hellman (ECDH)
ANSWER: A. Diffie-Hellman (DH)
Rationale: The Diffie-Hellman key exchange protocol allows two parties, each having a
public-private key pair, to establish a shared secret key over an insecure
communications channel. This shared secret can then be used to encrypt subsequent
communications using a symmetric cipher.
9. A company plans to deploy a cryptographic system for digital signatures based
on the equation y^2 = x^3 + ax + b. Which cryptosystem does this describe?
A. Digital Signature Algorithm (DSA)
B. Rivest-Shamir-Adleman (RSA)
C. Elliptic Curve Digital Signature Algorithm (ECDSA)
D. Diffie-Hellman (DH)
ANSWER: C. Elliptic Curve Digital Signature Algorithm (ECDSA)
Rationale: The equation provided is the general form of an elliptic curve. ECDSA is a
variant of the Digital Signature Algorithm (DSA) that uses elliptic curve cryptography,
which can provide the same level of security as RSA but with smaller key sizes, making it
more efficient.
10. A company operates a call center and suspects agents are stealing customer
credit card details. Which solution will defend against this?
A. Security information and event management (SIEM)
B. File integrity monitoring (FIM)
C. Data loss prevention (DLP)
