Cybersecurity Architecture and Engineering
(KFO1/D488) – WGU 2026 Complete Question
Study Guide with Rationale
Section 1: Security Architecture Frameworks and Principles (Questions 1-40)
1. The NIST Cybersecurity Framework (CSF) consists of five core functions.
Which of the following is NOT one of these functions?
A. Identify
B. Protect
C. Detect
D. Audit
E. Respond
F. Recover
Answer: D. Audit
Rationale: The NIST CSF core functions are Identify, Protect, Detect,
Respond, and Recover. Audit is not a core function but rather a control
activity that spans multiple functions. The framework provides a common
language for managing cybersecurity risk .
2. Which NIST Cybersecurity Framework function involves developing and
implementing appropriate safeguards to ensure delivery of critical services?
A. Identify
B. Protect
C. Detect
D. Respond
Answer: B. Protect
Rationale: The Protect function supports the ability to limit or contain the
impact of a potential cybersecurity event. It includes identity management
,and access control, awareness training, data security, and protective
technology .
3. In the SABSA framework, which layer addresses the business requirements
and defines the business drivers?
A. Contextual Architecture
B. Conceptual Architecture
C. Logical Architecture
D. Physical Architecture
Answer: A. Contextual Architecture
Rationale: SABSA (Sherwood Applied Business Security Architecture) uses a
layered approach. The Contextual Architecture layer addresses business
requirements, defining the business context, drivers, and objectives that
drive security architecture decisions .
4. The TOGAF Architecture Development Method (ADM) includes all of the
following phases EXCEPT:
A. Architecture Vision
B. Business Architecture
C. Technology Architecture
D. Security Implementation
Answer: D. Security Implementation
Rationale: TOGAF ADM phases include Architecture Vision, Business
Architecture, Information Systems Architecture, Technology Architecture,
Opportunities and Solutions, Migration Planning, Implementation
Governance, and Change Management. Security is embedded throughout .
5. Which security architecture framework is specifically designed for
information security and is based on a six-layer model?
A. TOGAF
B. Zachman Framework
C. SABSA
D. COBIT
,Answer: C. SABSA
Rationale: SABSA (Sherwood Applied Business Security Architecture) is
specifically designed for information security architecture. It uses a six-layer
model: contextual, conceptual, logical, physical, component, and operational
.
6. The Zachman Framework for Enterprise Architecture is organized by:
A. Six layers of abstraction
B. Five core functions
C. Six interrogatives (what, how, where, who, when, why) and five rows of
perspectives
D. Four domains of architecture
Answer: C. Six interrogatives (what, how, where, who, when, why) and five
rows of perspectives
Rationale: The Zachman Framework uses six interrogatives (what, how,
where, who, when, why) and five rows representing different stakeholder
perspectives (executive, business management, architect, engineer,
technician) .
7. The ISO/IEC 27001 standard focuses on:
A. Information Security Management Systems (ISMS)
B. Cybersecurity Framework implementation
C. Enterprise Architecture
D. IT Service Management
Answer: A. Information Security Management Systems (ISMS)
Rationale: ISO/IEC 27001 is an international standard that specifies
requirements for establishing, implementing, maintaining, and continually
improving an Information Security Management System (ISMS) .
8. Which of the following is a primary principle of Zero Trust Architecture?
A. Trust but verify
B. Perimeter-based security
C. Never trust, always verify
D. Defense in depth
, Answer: C. Never trust, always verify
Rationale: Zero Trust Architecture is based on the principle of "never trust,
always verify." It assumes no implicit trust for any user, device, or network
location, requiring continuous verification for all access requests .
9. In Zero Trust Architecture, the three primary components are:
A. Firewall, IDS, VPN
B. Policy Enforcement Point (PEP), Policy Decision Point (PDP), and Policy
Administrator
C. Perimeter, DMZ, Internal Network
D. Identity, Device, Network
Answer: B. Policy Enforcement Point (PEP), Policy Decision Point (PDP),
and Policy Administrator
Rationale: Zero Trust architecture components include the Policy
Enforcement Point (where access is enforced), the Policy Decision Point
(where access decisions are made), and the Policy Administrator (which
manages policies and communicates decisions) .
10. Which security control is designed to prevent unauthorized access to
resources while allowing authorized access?
A. Deterrent control
B. Preventive control
C. Detective control
D. Corrective control
Answer: B. Preventive control
Rationale: Preventive controls are designed to prevent security incidents
before they occur. Examples include firewalls, access controls, encryption,
and authentication mechanisms .
11. The principle of "defense in depth" refers to:
A. A single, impenetrable security control
B. Multiple layers of security controls throughout the IT system
C. Focusing security efforts on the perimeter
D. Relying on physical security only
(KFO1/D488) – WGU 2026 Complete Question
Study Guide with Rationale
Section 1: Security Architecture Frameworks and Principles (Questions 1-40)
1. The NIST Cybersecurity Framework (CSF) consists of five core functions.
Which of the following is NOT one of these functions?
A. Identify
B. Protect
C. Detect
D. Audit
E. Respond
F. Recover
Answer: D. Audit
Rationale: The NIST CSF core functions are Identify, Protect, Detect,
Respond, and Recover. Audit is not a core function but rather a control
activity that spans multiple functions. The framework provides a common
language for managing cybersecurity risk .
2. Which NIST Cybersecurity Framework function involves developing and
implementing appropriate safeguards to ensure delivery of critical services?
A. Identify
B. Protect
C. Detect
D. Respond
Answer: B. Protect
Rationale: The Protect function supports the ability to limit or contain the
impact of a potential cybersecurity event. It includes identity management
,and access control, awareness training, data security, and protective
technology .
3. In the SABSA framework, which layer addresses the business requirements
and defines the business drivers?
A. Contextual Architecture
B. Conceptual Architecture
C. Logical Architecture
D. Physical Architecture
Answer: A. Contextual Architecture
Rationale: SABSA (Sherwood Applied Business Security Architecture) uses a
layered approach. The Contextual Architecture layer addresses business
requirements, defining the business context, drivers, and objectives that
drive security architecture decisions .
4. The TOGAF Architecture Development Method (ADM) includes all of the
following phases EXCEPT:
A. Architecture Vision
B. Business Architecture
C. Technology Architecture
D. Security Implementation
Answer: D. Security Implementation
Rationale: TOGAF ADM phases include Architecture Vision, Business
Architecture, Information Systems Architecture, Technology Architecture,
Opportunities and Solutions, Migration Planning, Implementation
Governance, and Change Management. Security is embedded throughout .
5. Which security architecture framework is specifically designed for
information security and is based on a six-layer model?
A. TOGAF
B. Zachman Framework
C. SABSA
D. COBIT
,Answer: C. SABSA
Rationale: SABSA (Sherwood Applied Business Security Architecture) is
specifically designed for information security architecture. It uses a six-layer
model: contextual, conceptual, logical, physical, component, and operational
.
6. The Zachman Framework for Enterprise Architecture is organized by:
A. Six layers of abstraction
B. Five core functions
C. Six interrogatives (what, how, where, who, when, why) and five rows of
perspectives
D. Four domains of architecture
Answer: C. Six interrogatives (what, how, where, who, when, why) and five
rows of perspectives
Rationale: The Zachman Framework uses six interrogatives (what, how,
where, who, when, why) and five rows representing different stakeholder
perspectives (executive, business management, architect, engineer,
technician) .
7. The ISO/IEC 27001 standard focuses on:
A. Information Security Management Systems (ISMS)
B. Cybersecurity Framework implementation
C. Enterprise Architecture
D. IT Service Management
Answer: A. Information Security Management Systems (ISMS)
Rationale: ISO/IEC 27001 is an international standard that specifies
requirements for establishing, implementing, maintaining, and continually
improving an Information Security Management System (ISMS) .
8. Which of the following is a primary principle of Zero Trust Architecture?
A. Trust but verify
B. Perimeter-based security
C. Never trust, always verify
D. Defense in depth
, Answer: C. Never trust, always verify
Rationale: Zero Trust Architecture is based on the principle of "never trust,
always verify." It assumes no implicit trust for any user, device, or network
location, requiring continuous verification for all access requests .
9. In Zero Trust Architecture, the three primary components are:
A. Firewall, IDS, VPN
B. Policy Enforcement Point (PEP), Policy Decision Point (PDP), and Policy
Administrator
C. Perimeter, DMZ, Internal Network
D. Identity, Device, Network
Answer: B. Policy Enforcement Point (PEP), Policy Decision Point (PDP),
and Policy Administrator
Rationale: Zero Trust architecture components include the Policy
Enforcement Point (where access is enforced), the Policy Decision Point
(where access decisions are made), and the Policy Administrator (which
manages policies and communicates decisions) .
10. Which security control is designed to prevent unauthorized access to
resources while allowing authorized access?
A. Deterrent control
B. Preventive control
C. Detective control
D. Corrective control
Answer: B. Preventive control
Rationale: Preventive controls are designed to prevent security incidents
before they occur. Examples include firewalls, access controls, encryption,
and authentication mechanisms .
11. The principle of "defense in depth" refers to:
A. A single, impenetrable security control
B. Multiple layers of security controls throughout the IT system
C. Focusing security efforts on the perimeter
D. Relying on physical security only
