WGU D488 OA Final Exam Test
Bank/WGU D488 Cybersecurity
Architecture & Engineering Newest
2025/2026 Complete All 230 Questions
And Correct Detailed Answers |Already
Graded A+||Already Graded A+
,The security team recently enabled public access to a web application hosted on a
server inside the corporate network. The developers of the application report that the
server has received several structured query language (SQL) injection attacks in the
past several days. The team needs to deploy a solution that will block the SQL injection
attacks. Which solution fulfills these requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - CORRECT ANSWERSC - Web application firewall
(WAF)
An IT security team has been notified that external contractors are using their personal
laptops to gain access to the corporate network. The team needs to recommend a
solution that will prevent unapproved devices from accessing the network. Which
solution fulfills these requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall - CORRECT ANSWERSC - Implementing port security
The chief technology officer for a small publishing company has been tasked with
improving the company's security posture. As part of a network upgrade, the company
has decided to implement intrusion detection, spam filtering, content filtering, and
antivirus controls. The project needs to be completed using the least amount of
infrastructure while meeting all requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) - CORRECT ANSWERSC - Deploying a
unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that
they want the IDS solution to validate. Which detection technique meets the
requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention - CORRECT ANSWERSC - Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times
per year. The security team needs to recommend a failback option for future
deployments. Which solution fulfills these requirements?
A - Implementing a code scanner
B - Implementing code signing
,C - Implementing versioning
D - Implementing a security requirements traceability matrix (SRTM) - CORRECT
ANSWERSC - Implementing versioning
A software development team is working on a new mobile application that will be used
by customers. The security team must ensure that builds of the application will be
trusted by a variety of mobile devices. Which solution fulfills these requirements?
A - Code scanning
B - Regression testing
C - Code signing
D - Continuous delivery - CORRECT ANSWERSC - Code signing
An IT organization recently suffered a data leak incident. Management has asked the
security team to implement a print blocking mechanism for all documents stored on a
corporate file share. Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Remote Desktop Protocol (RDP)
C - Digital rights management (DRM)
D - Watermarking - CORRECT ANSWERSC - Digital rights management (DRM)
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to
prevent these types of violations in the future. Which solution fulfills these
requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP) - CORRECT ANSWERSC - Digital rights
management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure. How should these vulnerability scans be conducted when
implementing zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed - CORRECT ANSWERSC - Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently
share protected health information (PHI) data from medical records. What is the best
solution?
A - Encryption
B - Metadata
C - Anonymization
D - Obfuscation - CORRECT ANSWERSC - Anonymization
, A security team has been tasked with mitigating the risk of stolen credentials after a
recent breach. The solution must isolate the use of privileged accounts. In the future,
administrators must request access to mission-critical services before they can perform
their tasks. What is the best solution?
A - Identity and access management (IAM)
B - Password policies
C - Privileged access management (PAM)
D - Password complexity - CORRECT ANSWERSC - Privileged access management
(PAM)
A global manufacturing company is moving its applications to the cloud. The security
team has been tasked with hardening the access controls for a corporate web
application that was recently migrated. End users should be granted access to different
features based on their locations and departments. Which access control solution
should be implemented?
A - Kerberos
B - Mandatory access control (MAC)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) - CORRECT ANSWERSC - Attribute-based
access control (ABAC)
A team of developers is building a new corporate web application. The security team
has stated that the application must authenticate users through two separate channels
of communication. Which type of authentication method should the developers include
when building the application?
A - In-band authentication
B - Kerberos
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) - CORRECT ANSWERSC -
Out-of-band authentication
An IT organization is implementing a hybrid cloud deployment. Users should be able to
sign in to all corporate resources using their email addresses as their usernames,
regardless of whether they are accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A - JSON Web Token (JWT)
B - Trusted Platform Module (TPM)
C - Single sign-on (SSO)
D - Internet Protocol Security (IPsec) - CORRECT ANSWERSC - Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol
for its web applications. Which of the following protocols provides the best method for
securely authenticating users and granting access?
A - Simple network management protocol (SNMP)
B - Extensible Authentication Protocol (EAP)
C - Open Authentication (OAuth)
Bank/WGU D488 Cybersecurity
Architecture & Engineering Newest
2025/2026 Complete All 230 Questions
And Correct Detailed Answers |Already
Graded A+||Already Graded A+
,The security team recently enabled public access to a web application hosted on a
server inside the corporate network. The developers of the application report that the
server has received several structured query language (SQL) injection attacks in the
past several days. The team needs to deploy a solution that will block the SQL injection
attacks. Which solution fulfills these requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - CORRECT ANSWERSC - Web application firewall
(WAF)
An IT security team has been notified that external contractors are using their personal
laptops to gain access to the corporate network. The team needs to recommend a
solution that will prevent unapproved devices from accessing the network. Which
solution fulfills these requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall - CORRECT ANSWERSC - Implementing port security
The chief technology officer for a small publishing company has been tasked with
improving the company's security posture. As part of a network upgrade, the company
has decided to implement intrusion detection, spam filtering, content filtering, and
antivirus controls. The project needs to be completed using the least amount of
infrastructure while meeting all requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) - CORRECT ANSWERSC - Deploying a
unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that
they want the IDS solution to validate. Which detection technique meets the
requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention - CORRECT ANSWERSC - Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times
per year. The security team needs to recommend a failback option for future
deployments. Which solution fulfills these requirements?
A - Implementing a code scanner
B - Implementing code signing
,C - Implementing versioning
D - Implementing a security requirements traceability matrix (SRTM) - CORRECT
ANSWERSC - Implementing versioning
A software development team is working on a new mobile application that will be used
by customers. The security team must ensure that builds of the application will be
trusted by a variety of mobile devices. Which solution fulfills these requirements?
A - Code scanning
B - Regression testing
C - Code signing
D - Continuous delivery - CORRECT ANSWERSC - Code signing
An IT organization recently suffered a data leak incident. Management has asked the
security team to implement a print blocking mechanism for all documents stored on a
corporate file share. Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Remote Desktop Protocol (RDP)
C - Digital rights management (DRM)
D - Watermarking - CORRECT ANSWERSC - Digital rights management (DRM)
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to
prevent these types of violations in the future. Which solution fulfills these
requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP) - CORRECT ANSWERSC - Digital rights
management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure. How should these vulnerability scans be conducted when
implementing zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed - CORRECT ANSWERSC - Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently
share protected health information (PHI) data from medical records. What is the best
solution?
A - Encryption
B - Metadata
C - Anonymization
D - Obfuscation - CORRECT ANSWERSC - Anonymization
, A security team has been tasked with mitigating the risk of stolen credentials after a
recent breach. The solution must isolate the use of privileged accounts. In the future,
administrators must request access to mission-critical services before they can perform
their tasks. What is the best solution?
A - Identity and access management (IAM)
B - Password policies
C - Privileged access management (PAM)
D - Password complexity - CORRECT ANSWERSC - Privileged access management
(PAM)
A global manufacturing company is moving its applications to the cloud. The security
team has been tasked with hardening the access controls for a corporate web
application that was recently migrated. End users should be granted access to different
features based on their locations and departments. Which access control solution
should be implemented?
A - Kerberos
B - Mandatory access control (MAC)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) - CORRECT ANSWERSC - Attribute-based
access control (ABAC)
A team of developers is building a new corporate web application. The security team
has stated that the application must authenticate users through two separate channels
of communication. Which type of authentication method should the developers include
when building the application?
A - In-band authentication
B - Kerberos
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) - CORRECT ANSWERSC -
Out-of-band authentication
An IT organization is implementing a hybrid cloud deployment. Users should be able to
sign in to all corporate resources using their email addresses as their usernames,
regardless of whether they are accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A - JSON Web Token (JWT)
B - Trusted Platform Module (TPM)
C - Single sign-on (SSO)
D - Internet Protocol Security (IPsec) - CORRECT ANSWERSC - Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol
for its web applications. Which of the following protocols provides the best method for
securely authenticating users and granting access?
A - Simple network management protocol (SNMP)
B - Extensible Authentication Protocol (EAP)
C - Open Authentication (OAuth)
