Cybersecurity Architecture and
Engineering (KFO1/D488) – WGU
2026 Complete Question Stud,
Exams of Cybercrime,
Cybersecurity and Data Privacy
What is the best solution? A - Identity and access management (IAM) B -
Password policies C - Privileged access management (PAM) D - Password
complexity - ANSWER//C - Privileged access management (PAM) A global
manufacturing company is moving its applications to the cloud. The security
team has been tasked with hardening the access controls for a corporate web
application that was recently migrated. End users should be granted access to
different features based on their locations and departments. Which access
control solution should be implemented? A - Kerberos B - Mandatory access
control (MAC) C - Attribute-based access control (ABAC) D - Privileged
access management (PAM) - ANSWER//C - Attribute-based access control
(ABAC) A team of developers is building a new corporate web application.
The security team has stated that the application must authenticate users
through two separate channels of communication. Which type of
authentication method should the developers include when building the
application? A - In-band authentication B - Kerberos C - Out-of-band
authentication D - Challenge-Handshake Authentication Protocol (CHAP) -
ANSWER//C - Out-of-band authentication An IT organization is implementing
a hybrid cloud deployment. Users should be able to sign in to all corporate
resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud. Which
solution meets this requirement? A - JSON Web Token (JWT) B - Trusted
Platform Module (TPM) C - Single sign-on (SSO) D - Internet Protocol
Security (IPsec) - ANSWER//C - Single sign-on (SSO) The security team has
been tasked with implementing a secure authorization protocol for its web
applications. Which of the following protocols provides the best method for
securely authenticating users and granting access? A - Simple network
management protocol (SNMP) B - Extensible Authentication Protocol (EAP) C
- Open Authentication (OAuth) D - Secure Sockets Layer (SSL) - ANSWER//C
- Open Authentication (OAuth) An IT team is preparing the network for a
hybrid cloud deployment. A security analyst recently discovered that the
firmware of a router in the core data center has been compromised. According
to the analyst, the attack occurred over a year ago without being detected.
Which type of threat actor is the most likely cause of the attack? A -
Competitor B - Hacktivist C - Advanced persistent threat D - Novice hacker -
ANSWER//C - Advanced persistent threat The security operations center
(SOC) team just received a notification that multiple vulnerabilities are present
in the codebase of a corporate application. Which threat type is most likely in
,this scenario? A - Advanced persistent threat B - Insider threat C - Supply
chain D - Organized crime - ANSWER//C - Supply chain The security
operations center (SOC) team for a global company is planning an initiative to
defend against security breaches. Leadership wants the team to monitor for
threats against the organization's data, credentials, and brand reputation by
scanning networks that can not be accessed via search engines. Which type
of network should be scanned based on the requirements? A - Wireless
fidelity B - Intranet C - Deep web D - Supervisory control and data acquisition
- ANSWER//C - Deep web An electric power and water utility company has
recently added a cybersecurity division. The security operations center (SOC)
team has been tasked with leveraging an investigative framework that can
accurately assess the motives, means, and opportunities associated with
common security attacks. Which framework should be implemented? A -
National Institute of Standards and Technology (NIST) B - Diamond Model of
Intrusion Analysis C - Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) for industrial control systems (ICS) D - Cyber kill chain
- ANSWER//C - Adversarial Tactics, Techniques, and Common Knowledge
(ATT&CK) for industrial control systems (ICS) A company operates a
customer service call center with over one hundred agents taking inbound
sales calls. After a recent security breach, the security team believes that one
or more agents have been stealing customer credit card details. Which
solution will defend against this issue? A - Security information and event
management (SIEM) B - File integrity monitoring (FIM) C - Data loss
prevention (DLP) D - Intrusion detection system (IDS) - ANSWER//C - Data
loss prevention (DLP) The security team has noticed that several endpoints
on the network have been infected with malware. Leadership has tasked the
security team with identifying these attacks in the future. Which solution will
notify the team automatically in the event of future malware variants invading
the network? A - Security information and event management (SIEM) alerts B
- Data loss prevention (DLP) alerts C - Antivirus alerts D - Syslog alerts -
ANSWER//C - Antivirus alerts An engineer has noticed a degradation in
system performance and alerts regarding high central processing unit (CPU)
usage on multiple virtual machines in the environment. Further investigation
shows that several unknown processes are running on the affected systems.
What is the explanation for the degradation in system performance and alerts
regarding high central processing unit (CPU) usage? A -Misconfigured firewall
B - Overly permissive web application firewall (WAF) rules C - Outdated anti-
malware signatures D - Incorrect file permissions - ANSWER//C - Outdated
anti-malware signatures A financial services company has experienced
several incidents of data breaches in recent months. The company has
analyzed the indicators of compromise and determined that the data breaches
were caused by insider threats. The company has decided to implement
hardening techniques and endpoint security controls to mitigate the risk. What
should be used to prevent data breaches caused by insider threats based on
the indicators of compromise? A - Network monitoring B - Intrusion detection
systems (IDS) C - Data loss prevention (DLP) D - Access control systems
(ACS) - ANSWER//C - Data loss prevention (DLP) The cybersecurity analyst
at a software company conducted a vulnerability assessment to identify
potential security risks to the organization and discovered multiple
vulnerabilities on the company's webpage. The analyst then provided the
,results to the chief information security officer (CISO), who then decided not
to fix the discrepancies due to the vulnerabilities being outside of the
organization's resources. Which risk mitigation strategy is demonstrated in
this scenario? A - Accept B - Mitigate C - Avoid D - Transfer - ANSWER//A -
Accept A company wants to implement a policy to reduce the risk of
unauthorized access to sensitive information. Which policy should be
implemented? A - Least privilege B - Separation of duties C - Job rotation D -
Data encryption - ANSWER//A - Least privilege A company is developing a
cybersecurity risk management program and wants to establish metrics to
measure the program's effectiveness. What should the company consider? A
- Key performance indicators (KPIs) B - Key risk indicators (KRIs) C - Risk
appetite D - Risk tolerance - ANSWER//A - Key performance indicators (KPIs)
A manufacturing company recently conducted a cybersecurity assessment
which identified several vulnerabilities, including unsecured wireless networks
and a lack of knowledge of cybersecurity best practices by employees. Which
risk mitigation process should the company use to address these
vulnerabilities? A - Implement wireless network encryption and enforce
regular employee security training B - Install intrusion detection systems and
segment production networks C - Enforce strict password policies and
conduct regular vulnerability scans D - Encrypt sensitive production data and
conduct regular security audits - ANSWER//A - Implement wireless network
encryption and enforce regular employee security training A company has
discovered a vulnerability in its Kubernetes deployment that allows attackers
to execute commands on the Kubernetes cluster's nodes. The company has
decided to implement risk mitigation processes to address this vulnerability.
Which risk mitigation process is the most effective in mitigating the
vulnerability associated with the Kubernetes deployment? A - Implementing
network segmentation to isolate the Kubernetes nodes from the rest of the
network B - Implementing a web application firewall (WAF) to inspect all
incoming and outgoing traffic C - Implementing a security information and
event management (SIEM) solution to detect and respond to potential attacks
D - Implementing multifactor authentication (MFA) for all users accessing the
Kubernetes cluster - ANSWER//A - Implementing network segmentation to
isolate the Kubernetes nodes from the rest of the network An organization has
recently signed a contract with a new vendor to provide a critical service. The
service will involve the vendor having access to sensitive customer data. The
organization's management is concerned about the risks
The security team recently enabled public access to a web application hosted
on a server inside the corporate network. The developers of the application
report that the server has received several structured query language (SQL)
injection attacks in the past several days. The team needs to deploy a solution
that will block the SQL injection attacks. Which solution fulfills these
requirements? A - Virtual private network (VPN) B - Security information and
event management (SIEM) C - Web application firewall (WAF) D - Secure
Socket Shell (SSH) - ANSWER//C - Web application firewall (WAF) An IT
security team has been notified that external contractors are using their
personal laptops to gain access to the corporate network. The team needs to
recommend a solution that will prevent unapproved devices from accessing
the network. Which solution fulfills these requirements? A - Implementing a
demilitarized zone (DMZ) B - Installing a hardware security module C -
, Implementing port security D - Deploying a software firewall - ANSWER//C -
Implementing port security The chief technology officer for a small publishing
company has been tasked with improving the company's security posture. As
part of a network upgrade, the company has decided to implement intrusion
detection, spam filtering, content filtering, and antivirus controls. The project
needs to be completed using the least amount of infrastructure while meeting
all requirements. Which solution fulfills these requirements? A - Deploying an
anti-spam gateway B - Deploying a proxy server C - Deploying a unified threat
management (UTM) appliance D - Deploying a web application firewall (WAF)
- ANSWER//C - Deploying a unified threat management (UTM) appliance The
security team plans to deploy an intrusion detection system (IDS) solution to
alert engineers about inbound threats. The team already has a database of
signatures that they want the IDS solution to validate. Which detection
technique meets the requirements? A - Intrusion detection B - Deep packet
inspection C - Signature-based detection D - Intrusion prevention -
ANSWER//C - Signature-based detection An IT organization had a security
breach after deploying an update to its production web servers. The
application currently goes through a manual update process a few times per
year. The security team needs to recommend a failback option for future
deployments. Which solution fulfills these requirements? A - Implementing a
code scanner B - Implementing code signing C - Implementing versioning D -
Implementing a security requirements traceability matrix (SRTM) -
ANSWER//C - Implementing versioning A software development team is
working on a new mobile application that will be used by customers. The
security team must ensure that builds of the application will be trusted by a
variety of mobile devices. Which solution fulfills these requirements? A - Code
scanning B - Regression testing C - Code signing D - Continuous delivery -
ANSWER//C - Code signing An IT organization recently suffered a data leak
incident. Management has asked the security team to implement a print
blocking mechanism for all documents stored on a corporate file share. Which
solution fulfills these requirements? A - Virtual desktop infrastructure (VDI) B -
Remote Desktop Protocol (RDP) C - Digital rights management (DRM) D -
Watermarking - ANSWER//C - Digital rights management (DRM) A company
has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the
security team to prevent these types of violations in the future. Which solution
fulfills these requirements? A - Virtual desktop infrastructure (VDI) B - Secure
Socket Shell (SSH) C - Digital rights management (DRM) D - Remote
Desktop Protocol (RDP) - ANSWER//C - Digital rights management (DRM) A
security team has been tasked with performing regular vulnerability scans for
a cloud-based infrastructure. How should these vulnerability scans be
conducted when implementing zero trust security? A - Manually B - Annually
C - Automatically D - As needed - ANSWER//C - Automatically A healthcare
company needs to ensure that medical researchers cannot inadvertently
share protected health information (PHI) data from medical records. What is
the best solution? A - Encryption B - Metadata C - Anonymization D -
Obfuscation - ANSWER//C - Anonymization A security team has been tasked
with mitigating the risk of stolen credentials after a recent breach. The solution
must isolate the use of privileged accounts. In the future, administrators must
request access to mission-critical services before they can perform their tasks.
Engineering (KFO1/D488) – WGU
2026 Complete Question Stud,
Exams of Cybercrime,
Cybersecurity and Data Privacy
What is the best solution? A - Identity and access management (IAM) B -
Password policies C - Privileged access management (PAM) D - Password
complexity - ANSWER//C - Privileged access management (PAM) A global
manufacturing company is moving its applications to the cloud. The security
team has been tasked with hardening the access controls for a corporate web
application that was recently migrated. End users should be granted access to
different features based on their locations and departments. Which access
control solution should be implemented? A - Kerberos B - Mandatory access
control (MAC) C - Attribute-based access control (ABAC) D - Privileged
access management (PAM) - ANSWER//C - Attribute-based access control
(ABAC) A team of developers is building a new corporate web application.
The security team has stated that the application must authenticate users
through two separate channels of communication. Which type of
authentication method should the developers include when building the
application? A - In-band authentication B - Kerberos C - Out-of-band
authentication D - Challenge-Handshake Authentication Protocol (CHAP) -
ANSWER//C - Out-of-band authentication An IT organization is implementing
a hybrid cloud deployment. Users should be able to sign in to all corporate
resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud. Which
solution meets this requirement? A - JSON Web Token (JWT) B - Trusted
Platform Module (TPM) C - Single sign-on (SSO) D - Internet Protocol
Security (IPsec) - ANSWER//C - Single sign-on (SSO) The security team has
been tasked with implementing a secure authorization protocol for its web
applications. Which of the following protocols provides the best method for
securely authenticating users and granting access? A - Simple network
management protocol (SNMP) B - Extensible Authentication Protocol (EAP) C
- Open Authentication (OAuth) D - Secure Sockets Layer (SSL) - ANSWER//C
- Open Authentication (OAuth) An IT team is preparing the network for a
hybrid cloud deployment. A security analyst recently discovered that the
firmware of a router in the core data center has been compromised. According
to the analyst, the attack occurred over a year ago without being detected.
Which type of threat actor is the most likely cause of the attack? A -
Competitor B - Hacktivist C - Advanced persistent threat D - Novice hacker -
ANSWER//C - Advanced persistent threat The security operations center
(SOC) team just received a notification that multiple vulnerabilities are present
in the codebase of a corporate application. Which threat type is most likely in
,this scenario? A - Advanced persistent threat B - Insider threat C - Supply
chain D - Organized crime - ANSWER//C - Supply chain The security
operations center (SOC) team for a global company is planning an initiative to
defend against security breaches. Leadership wants the team to monitor for
threats against the organization's data, credentials, and brand reputation by
scanning networks that can not be accessed via search engines. Which type
of network should be scanned based on the requirements? A - Wireless
fidelity B - Intranet C - Deep web D - Supervisory control and data acquisition
- ANSWER//C - Deep web An electric power and water utility company has
recently added a cybersecurity division. The security operations center (SOC)
team has been tasked with leveraging an investigative framework that can
accurately assess the motives, means, and opportunities associated with
common security attacks. Which framework should be implemented? A -
National Institute of Standards and Technology (NIST) B - Diamond Model of
Intrusion Analysis C - Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) for industrial control systems (ICS) D - Cyber kill chain
- ANSWER//C - Adversarial Tactics, Techniques, and Common Knowledge
(ATT&CK) for industrial control systems (ICS) A company operates a
customer service call center with over one hundred agents taking inbound
sales calls. After a recent security breach, the security team believes that one
or more agents have been stealing customer credit card details. Which
solution will defend against this issue? A - Security information and event
management (SIEM) B - File integrity monitoring (FIM) C - Data loss
prevention (DLP) D - Intrusion detection system (IDS) - ANSWER//C - Data
loss prevention (DLP) The security team has noticed that several endpoints
on the network have been infected with malware. Leadership has tasked the
security team with identifying these attacks in the future. Which solution will
notify the team automatically in the event of future malware variants invading
the network? A - Security information and event management (SIEM) alerts B
- Data loss prevention (DLP) alerts C - Antivirus alerts D - Syslog alerts -
ANSWER//C - Antivirus alerts An engineer has noticed a degradation in
system performance and alerts regarding high central processing unit (CPU)
usage on multiple virtual machines in the environment. Further investigation
shows that several unknown processes are running on the affected systems.
What is the explanation for the degradation in system performance and alerts
regarding high central processing unit (CPU) usage? A -Misconfigured firewall
B - Overly permissive web application firewall (WAF) rules C - Outdated anti-
malware signatures D - Incorrect file permissions - ANSWER//C - Outdated
anti-malware signatures A financial services company has experienced
several incidents of data breaches in recent months. The company has
analyzed the indicators of compromise and determined that the data breaches
were caused by insider threats. The company has decided to implement
hardening techniques and endpoint security controls to mitigate the risk. What
should be used to prevent data breaches caused by insider threats based on
the indicators of compromise? A - Network monitoring B - Intrusion detection
systems (IDS) C - Data loss prevention (DLP) D - Access control systems
(ACS) - ANSWER//C - Data loss prevention (DLP) The cybersecurity analyst
at a software company conducted a vulnerability assessment to identify
potential security risks to the organization and discovered multiple
vulnerabilities on the company's webpage. The analyst then provided the
,results to the chief information security officer (CISO), who then decided not
to fix the discrepancies due to the vulnerabilities being outside of the
organization's resources. Which risk mitigation strategy is demonstrated in
this scenario? A - Accept B - Mitigate C - Avoid D - Transfer - ANSWER//A -
Accept A company wants to implement a policy to reduce the risk of
unauthorized access to sensitive information. Which policy should be
implemented? A - Least privilege B - Separation of duties C - Job rotation D -
Data encryption - ANSWER//A - Least privilege A company is developing a
cybersecurity risk management program and wants to establish metrics to
measure the program's effectiveness. What should the company consider? A
- Key performance indicators (KPIs) B - Key risk indicators (KRIs) C - Risk
appetite D - Risk tolerance - ANSWER//A - Key performance indicators (KPIs)
A manufacturing company recently conducted a cybersecurity assessment
which identified several vulnerabilities, including unsecured wireless networks
and a lack of knowledge of cybersecurity best practices by employees. Which
risk mitigation process should the company use to address these
vulnerabilities? A - Implement wireless network encryption and enforce
regular employee security training B - Install intrusion detection systems and
segment production networks C - Enforce strict password policies and
conduct regular vulnerability scans D - Encrypt sensitive production data and
conduct regular security audits - ANSWER//A - Implement wireless network
encryption and enforce regular employee security training A company has
discovered a vulnerability in its Kubernetes deployment that allows attackers
to execute commands on the Kubernetes cluster's nodes. The company has
decided to implement risk mitigation processes to address this vulnerability.
Which risk mitigation process is the most effective in mitigating the
vulnerability associated with the Kubernetes deployment? A - Implementing
network segmentation to isolate the Kubernetes nodes from the rest of the
network B - Implementing a web application firewall (WAF) to inspect all
incoming and outgoing traffic C - Implementing a security information and
event management (SIEM) solution to detect and respond to potential attacks
D - Implementing multifactor authentication (MFA) for all users accessing the
Kubernetes cluster - ANSWER//A - Implementing network segmentation to
isolate the Kubernetes nodes from the rest of the network An organization has
recently signed a contract with a new vendor to provide a critical service. The
service will involve the vendor having access to sensitive customer data. The
organization's management is concerned about the risks
The security team recently enabled public access to a web application hosted
on a server inside the corporate network. The developers of the application
report that the server has received several structured query language (SQL)
injection attacks in the past several days. The team needs to deploy a solution
that will block the SQL injection attacks. Which solution fulfills these
requirements? A - Virtual private network (VPN) B - Security information and
event management (SIEM) C - Web application firewall (WAF) D - Secure
Socket Shell (SSH) - ANSWER//C - Web application firewall (WAF) An IT
security team has been notified that external contractors are using their
personal laptops to gain access to the corporate network. The team needs to
recommend a solution that will prevent unapproved devices from accessing
the network. Which solution fulfills these requirements? A - Implementing a
demilitarized zone (DMZ) B - Installing a hardware security module C -
, Implementing port security D - Deploying a software firewall - ANSWER//C -
Implementing port security The chief technology officer for a small publishing
company has been tasked with improving the company's security posture. As
part of a network upgrade, the company has decided to implement intrusion
detection, spam filtering, content filtering, and antivirus controls. The project
needs to be completed using the least amount of infrastructure while meeting
all requirements. Which solution fulfills these requirements? A - Deploying an
anti-spam gateway B - Deploying a proxy server C - Deploying a unified threat
management (UTM) appliance D - Deploying a web application firewall (WAF)
- ANSWER//C - Deploying a unified threat management (UTM) appliance The
security team plans to deploy an intrusion detection system (IDS) solution to
alert engineers about inbound threats. The team already has a database of
signatures that they want the IDS solution to validate. Which detection
technique meets the requirements? A - Intrusion detection B - Deep packet
inspection C - Signature-based detection D - Intrusion prevention -
ANSWER//C - Signature-based detection An IT organization had a security
breach after deploying an update to its production web servers. The
application currently goes through a manual update process a few times per
year. The security team needs to recommend a failback option for future
deployments. Which solution fulfills these requirements? A - Implementing a
code scanner B - Implementing code signing C - Implementing versioning D -
Implementing a security requirements traceability matrix (SRTM) -
ANSWER//C - Implementing versioning A software development team is
working on a new mobile application that will be used by customers. The
security team must ensure that builds of the application will be trusted by a
variety of mobile devices. Which solution fulfills these requirements? A - Code
scanning B - Regression testing C - Code signing D - Continuous delivery -
ANSWER//C - Code signing An IT organization recently suffered a data leak
incident. Management has asked the security team to implement a print
blocking mechanism for all documents stored on a corporate file share. Which
solution fulfills these requirements? A - Virtual desktop infrastructure (VDI) B -
Remote Desktop Protocol (RDP) C - Digital rights management (DRM) D -
Watermarking - ANSWER//C - Digital rights management (DRM) A company
has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the
security team to prevent these types of violations in the future. Which solution
fulfills these requirements? A - Virtual desktop infrastructure (VDI) B - Secure
Socket Shell (SSH) C - Digital rights management (DRM) D - Remote
Desktop Protocol (RDP) - ANSWER//C - Digital rights management (DRM) A
security team has been tasked with performing regular vulnerability scans for
a cloud-based infrastructure. How should these vulnerability scans be
conducted when implementing zero trust security? A - Manually B - Annually
C - Automatically D - As needed - ANSWER//C - Automatically A healthcare
company needs to ensure that medical researchers cannot inadvertently
share protected health information (PHI) data from medical records. What is
the best solution? A - Encryption B - Metadata C - Anonymization D -
Obfuscation - ANSWER//C - Anonymization A security team has been tasked
with mitigating the risk of stolen credentials after a recent breach. The solution
must isolate the use of privileged accounts. In the future, administrators must
request access to mission-critical services before they can perform their tasks.
