WESTERN GOVERNOR UNIVERSITY (WGU) / COMPTIA ADVANCED SECURITY
PRACTICES STYLE
D488 – CYBERSECURITY ARCHITECTURE AND ENGINEERING (CASP+)
EXAMINATION
FINAL PROFESSIONAL CERTIFICATION ASSESSMENT – 2025/2026
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network.
Which solution fulfills these requirements?
A) Implementing a demilitarized zone (DMZ)
B) Installing a hardware security module
C) Implementing port security
D) Deploying a software firewall
C) Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements.
Which solution fulfills these requirements?
1|Page
,A) Deploying an anti-spam gateway
B) Deploying a proxy server
C) Deploying a unified threat management (UTM) appliance
D) Deploying a web application firewall (WAF)
C) Deploying a unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert engineers
about inbound threats. The team already has a database of signatures that they want the IDS
solution to validate.
Which detection technique meets the requirements?
A) Intrusion detection
B) Deep packet inspection
C) Signature-based detection
D) Intrusion prevention
C) Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times per year.
The security team needs to recommend a failback option for future deployments.
Which solution fulfills these requirements?
A) Implementing a code scanner
2|Page
,B) Implementing code signing
C) Implementing versioning
D) Implementing a security requirements traceability matrix (SRTM)
C) Implementing versioning
A software development team is working on a new mobile application that will be used by
customers. The security team must ensure that builds of the application will be trusted by a
variety of mobile devices.
Which solution fulfills these requirements?
A) Code scanning
B) Regression testing
C) Code signing
D) Continuous delivery
C) Code signing
An IT organization recently suffered a data leak incident. Management has asked the security
team to implement a print blocking mechanism for all documents stored on a corporate file
share.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Remote Desktop Protocol (RDP)
3|Page
, C) Digital rights management (DRM)
D) Watermarking
C) Digital rights management (DRM)
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to prevent
these types of violations in the future.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Secure Socket Shell (SSH)
C) Digital rights management (DRM)
D) Remote Desktop Protocol (RDP)
C) Digital rights management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed
4|Page
PRACTICES STYLE
D488 – CYBERSECURITY ARCHITECTURE AND ENGINEERING (CASP+)
EXAMINATION
FINAL PROFESSIONAL CERTIFICATION ASSESSMENT – 2025/2026
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network.
Which solution fulfills these requirements?
A) Implementing a demilitarized zone (DMZ)
B) Installing a hardware security module
C) Implementing port security
D) Deploying a software firewall
C) Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements.
Which solution fulfills these requirements?
1|Page
,A) Deploying an anti-spam gateway
B) Deploying a proxy server
C) Deploying a unified threat management (UTM) appliance
D) Deploying a web application firewall (WAF)
C) Deploying a unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert engineers
about inbound threats. The team already has a database of signatures that they want the IDS
solution to validate.
Which detection technique meets the requirements?
A) Intrusion detection
B) Deep packet inspection
C) Signature-based detection
D) Intrusion prevention
C) Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times per year.
The security team needs to recommend a failback option for future deployments.
Which solution fulfills these requirements?
A) Implementing a code scanner
2|Page
,B) Implementing code signing
C) Implementing versioning
D) Implementing a security requirements traceability matrix (SRTM)
C) Implementing versioning
A software development team is working on a new mobile application that will be used by
customers. The security team must ensure that builds of the application will be trusted by a
variety of mobile devices.
Which solution fulfills these requirements?
A) Code scanning
B) Regression testing
C) Code signing
D) Continuous delivery
C) Code signing
An IT organization recently suffered a data leak incident. Management has asked the security
team to implement a print blocking mechanism for all documents stored on a corporate file
share.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Remote Desktop Protocol (RDP)
3|Page
, C) Digital rights management (DRM)
D) Watermarking
C) Digital rights management (DRM)
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to prevent
these types of violations in the future.
Which solution fulfills these requirements?
A) Virtual desktop infrastructure (VDI)
B) Secure Socket Shell (SSH)
C) Digital rights management (DRM)
D) Remote Desktop Protocol (RDP)
C) Digital rights management (DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed
4|Page
