Page |1
WGU D488 Cybersecurity Architecture &
Engineering OA Final Exam Prep (2025–2026):
230 Practice Questions with Verified Answers
& Detailed Explanations
Section 1: Cryptography & Encryption (Questions 1-50)
1. A company is looking to protect sensitive data stored on its storage devices and
ensure that this data is secure from unauthorized access. The company is looking
for a solution that provides a high level of security and protection for its data.
Which security technology will protect sensitive data stored on the company's
storage devices by automatically initiating security procedures as they are written
to the device?
A - Self-encrypting drives
B - Hardware security module (HSM)
C - Two-factor authentication
D - Measured boot
- ANSWER>>>- A - Self-encrypting drives
2. A company is concerned about advanced persistent threats and targeted
attacks on its computer systems. The company wants to implement a security
solution that can detect and respond to any suspicious activity on its systems.
Which security technology meets the needs of this company?
A - Endpoint detection and response (EDR) software
B - Hardware security module (HSM)
C - Two-factor authentication
D - Antivirus tools
- ANSWER>>>- A - Endpoint detection and response (EDR) software
3. An enterprise is deploying a new software application that requires a
cryptographic protocol to secure data transmission. The application will be used
to process sensitive customer information, and the company wants to ensure that
the data is protected during transmission. Which cryptographic protocol meets
, Page |2
the needs of the enterprise?
A - Transport Layer Security (TLS) with Advanced Encryption Standard (AES)
B - Secure Sockets Layer (SSL) with Data Encryption Standard (DES)
C - Point-to-Point Tunneling Protocol (PPTP) with Triple Data Encryption Standard
(3DES)
D - Hypertext Transfer Protocol Secure (HTTPS) with Rivest-Shamir-Adleman (RSA)
- ANSWER>>>- A - Transport Layer Security (TLS) with Advanced Encryption
Standard (AES)
4. Which emerging technology has the potential to significantly impact the
security of current encryption methods by making it possible to quickly solve
mathematical problems that are currently considered difficult or impossible to
solve?
A - Quantum computing
B - Blockchain
C - Artificial intelligence (AI)
D - Augmented reality (AR)
- ANSWER>>>- A - Quantum computing
5. Which public-key cryptosystem uses prime factorization as the basis for its
security?
A - Rivest-Shamir-Adleman (RSA)
B - Digital Signature Algorithm (DSA)
C - Elliptic Curve Digital Signature Algorithm (ECDSA)
D - Diffie-Hellman (DH)
- ANSWER>>>- A - Rivest-Shamir-Adleman (RSA)
6. A security architect is designing a system that requires non-repudiation for
electronic transactions. Which cryptographic mechanism provides non-
repudiation?
A - Symmetric encryption
B - Hash function
C - Digital signature
D - One-time pad
- ANSWER>>>- C - Digital signature
, Page |3
7. Which encryption algorithm is considered a stream cipher?
A - AES
B - RC4
C - 3DES
D – Two fish
- ANSWER>>>- B - RC4
8. A company wants to ensure the integrity of software updates downloaded
from its website. Which cryptographic technique should be used?
A - Encryption
B - Hashing
C - Steganography
D - Tokenization
- ANSWER>>>- B - Hashing
9. What is the primary weakness of symmetric encryption compared to
asymmetric encryption?
A - Slower processing speed
B - Larger key sizes required
C - Key distribution challenge
D - Weaker mathematical foundation
- ANSWER>>>- C - Key distribution challenge
10. Which hashing algorithm produces a 256-bit output and is widely used in
modern security applications?
A - MD5
B - SHA-1
C - SHA-256
D - RIPEMD-160
- ANSWER>>>- C - SHA-256
11. A security analyst is reviewing a digital certificate. Which component of the
certificate binds the public key to the identity of the certificate holder?
A - Certificate authority signature
B - Serial number
C - Validity period
, Page |4
D - Subject name
- ANSWER>>>- D - Subject name
12. Which protocol is used to obtain and revoke digital certificates?
A - S/MIME
B - PKCS #12
C - Certificate Management Protocol (CMP)
D - X.509
- ANSWER>>>- C - Certificate Management Protocol (CMP)
13. A company is implementing a PKI. Which component is responsible for issuing
and managing digital certificates?
A - Registration authority (RA)
B - Certificate authority (CA)
C - Certificate revocation list (CRL)
D - Key escrow
- ANSWER>>>- B - Certificate authority (CA)
14. Which key size is considered the minimum for RSA to be secure against
current attacks?
A - 512 bits
B - 1024 bits
C - 2048 bits
D - 4096 bits
- ANSWER>>>- C - 2048 bits
15. What is the primary purpose of a hardware security module (HSM)?
A - Store and manage cryptographic keys in a tamper-resistant device
B - Provide network firewall protection
C - Perform antivirus scanning
D - Authenticate users with biometrics
- ANSWER>>>- A - Store and manage cryptographic keys in a tamper-resistant
device
16. Which cryptographic mode of operation turns a block cipher into a stream
cipher and requires a unique initialization vector?
A - ECB
WGU D488 Cybersecurity Architecture &
Engineering OA Final Exam Prep (2025–2026):
230 Practice Questions with Verified Answers
& Detailed Explanations
Section 1: Cryptography & Encryption (Questions 1-50)
1. A company is looking to protect sensitive data stored on its storage devices and
ensure that this data is secure from unauthorized access. The company is looking
for a solution that provides a high level of security and protection for its data.
Which security technology will protect sensitive data stored on the company's
storage devices by automatically initiating security procedures as they are written
to the device?
A - Self-encrypting drives
B - Hardware security module (HSM)
C - Two-factor authentication
D - Measured boot
- ANSWER>>>- A - Self-encrypting drives
2. A company is concerned about advanced persistent threats and targeted
attacks on its computer systems. The company wants to implement a security
solution that can detect and respond to any suspicious activity on its systems.
Which security technology meets the needs of this company?
A - Endpoint detection and response (EDR) software
B - Hardware security module (HSM)
C - Two-factor authentication
D - Antivirus tools
- ANSWER>>>- A - Endpoint detection and response (EDR) software
3. An enterprise is deploying a new software application that requires a
cryptographic protocol to secure data transmission. The application will be used
to process sensitive customer information, and the company wants to ensure that
the data is protected during transmission. Which cryptographic protocol meets
, Page |2
the needs of the enterprise?
A - Transport Layer Security (TLS) with Advanced Encryption Standard (AES)
B - Secure Sockets Layer (SSL) with Data Encryption Standard (DES)
C - Point-to-Point Tunneling Protocol (PPTP) with Triple Data Encryption Standard
(3DES)
D - Hypertext Transfer Protocol Secure (HTTPS) with Rivest-Shamir-Adleman (RSA)
- ANSWER>>>- A - Transport Layer Security (TLS) with Advanced Encryption
Standard (AES)
4. Which emerging technology has the potential to significantly impact the
security of current encryption methods by making it possible to quickly solve
mathematical problems that are currently considered difficult or impossible to
solve?
A - Quantum computing
B - Blockchain
C - Artificial intelligence (AI)
D - Augmented reality (AR)
- ANSWER>>>- A - Quantum computing
5. Which public-key cryptosystem uses prime factorization as the basis for its
security?
A - Rivest-Shamir-Adleman (RSA)
B - Digital Signature Algorithm (DSA)
C - Elliptic Curve Digital Signature Algorithm (ECDSA)
D - Diffie-Hellman (DH)
- ANSWER>>>- A - Rivest-Shamir-Adleman (RSA)
6. A security architect is designing a system that requires non-repudiation for
electronic transactions. Which cryptographic mechanism provides non-
repudiation?
A - Symmetric encryption
B - Hash function
C - Digital signature
D - One-time pad
- ANSWER>>>- C - Digital signature
, Page |3
7. Which encryption algorithm is considered a stream cipher?
A - AES
B - RC4
C - 3DES
D – Two fish
- ANSWER>>>- B - RC4
8. A company wants to ensure the integrity of software updates downloaded
from its website. Which cryptographic technique should be used?
A - Encryption
B - Hashing
C - Steganography
D - Tokenization
- ANSWER>>>- B - Hashing
9. What is the primary weakness of symmetric encryption compared to
asymmetric encryption?
A - Slower processing speed
B - Larger key sizes required
C - Key distribution challenge
D - Weaker mathematical foundation
- ANSWER>>>- C - Key distribution challenge
10. Which hashing algorithm produces a 256-bit output and is widely used in
modern security applications?
A - MD5
B - SHA-1
C - SHA-256
D - RIPEMD-160
- ANSWER>>>- C - SHA-256
11. A security analyst is reviewing a digital certificate. Which component of the
certificate binds the public key to the identity of the certificate holder?
A - Certificate authority signature
B - Serial number
C - Validity period
, Page |4
D - Subject name
- ANSWER>>>- D - Subject name
12. Which protocol is used to obtain and revoke digital certificates?
A - S/MIME
B - PKCS #12
C - Certificate Management Protocol (CMP)
D - X.509
- ANSWER>>>- C - Certificate Management Protocol (CMP)
13. A company is implementing a PKI. Which component is responsible for issuing
and managing digital certificates?
A - Registration authority (RA)
B - Certificate authority (CA)
C - Certificate revocation list (CRL)
D - Key escrow
- ANSWER>>>- B - Certificate authority (CA)
14. Which key size is considered the minimum for RSA to be secure against
current attacks?
A - 512 bits
B - 1024 bits
C - 2048 bits
D - 4096 bits
- ANSWER>>>- C - 2048 bits
15. What is the primary purpose of a hardware security module (HSM)?
A - Store and manage cryptographic keys in a tamper-resistant device
B - Provide network firewall protection
C - Perform antivirus scanning
D - Authenticate users with biometrics
- ANSWER>>>- A - Store and manage cryptographic keys in a tamper-resistant
device
16. Which cryptographic mode of operation turns a block cipher into a stream
cipher and requires a unique initialization vector?
A - ECB
