Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

D488 | D488 Cybersecurity Architecture and Engineering Exam 3 | Questions with Correct Answers and Expert Explanation for Each Question | WGU

Rating
-
Sold
-
Pages
39
Grade
A+
Uploaded on
29-04-2026
Written in
2025/2026

D488 | D488 Cybersecurity Architecture and Engineering Exam 3 | Questions with Correct Answers and Expert Explanation for Each Question | WGU

Institution
Course

Content preview

D488 | D488 Cybersecurity Architecture and
Engineering Exam 3 Version 3 Questions with
Correct Answers and Expert Explanation for Each
Question
1. Which component of a SIEM system is responsible for converting log data from

various formats into a common format for analysis?

A. Storage Layer


B. Normalization Engine


C. Correlation Engine


D. Reporting Dashboard


Correct Answer: B


Expert Explanation: The correct answer is B because normalization ensures that

log data from disparate sources can be compared and analyzed effectively. This

process converts logs into a standardized format, allowing the SIEM to recognize

specific events across the environment. Without normalization, the correlation

engine would struggle to identify patterns across different vendor formats. This step

is critical for building efficient search queries and automated alerts within the

security operations center. Standardizing data facilitates better compliance

reporting and incident investigation speed.

,2. In the NIST Incident Response lifecycle, which phase involves the actual removal of

the threat from the environment?

A. Eradication


B. Containment


C. Preparation


D. Recovery


Correct Answer: A


Expert Explanation: Eradication is the correct phase because it focuses on

eliminating the root cause of the incident and removing malicious components.

While containment stops the spread, eradication ensures the threat is no longer

present on affected systems. This stage often involves deleting malware, disabling

breached accounts, and patching vulnerabilities that were exploited. Architects must

plan for this phase to ensure that systems are clean before they return to

production. Following eradication, the recovery phase can begin to restore normal

operations and data.


3. What is the primary objective of a Continuous Monitoring strategy in cybersecurity

architecture?

A. To provide ongoing visibility into security posture and compliance


B. To eliminate all risks within the network infrastructure

,C. To replace the need for periodic vulnerability assessments


D. To automate the entire incident response process without human intervention


Correct Answer: A


Expert Explanation: The correct answer is B because continuous monitoring

provides real-time insights into an organization’s risk profile and security controls.

This approach allows security teams to detect anomalies and unauthorized changes

as they occur rather than waiting for an audit. By maintaining constant visibility,

organizations can respond more quickly to emerging threats and configuration drift.

It supports the Risk Management Framework by ensuring that security controls

remain effective over time. Continuous monitoring is a key requirement for modern

compliance frameworks and resilient architectures.


4. Which forensic principle dictates that digital evidence must be handled such that its

integrity is maintained from collection to the courtroom?

A. Order of Volatility


B. Root Cause Analysis


C. Evidence Seizure


D. Chain of Custody


Correct Answer: D

, Expert Explanation: Chain of custody is the correct answer because it documents

the chronological history of evidence handling to prevent tampering. Maintaining a

clear record of who accessed the evidence and when is vital for its admissibility in

legal proceedings. Architects must design logging and storage systems that support

the integrity and non-repudiation of forensic data. If the chain is broken, the

evidence may be deemed unreliable or invalid during a trial. This process is

fundamental to the forensic lifecycle in any cybersecurity investigation.


5. When prioritizing vulnerabilities for patching, what does a high CVSS environmental

score indicate?

A. The vulnerability is easy to exploit globally


B. The vulnerability is older and more well-known by attackers


C. The vulnerability has a significant impact based on the organization’s specific

context


D. The vulnerability only affects open-source software packages


Correct Answer: C


Expert Explanation: The correct answer is B because the environmental score

adjusts the base score based on factors unique to the specific implementation. This

score allows security engineers to prioritize patches for systems that are most

critical to their business operations. While the base score is static, the

Written for

Institution
Course

Document information

Uploaded on
April 29, 2026
Number of pages
39
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$17.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
ScholarsAscend Rasmussen College
Follow You need to be logged in order to follow users or courses
Sold
372
Member since
2 year
Number of followers
39
Documents
26473
Last sold
1 day ago

3.9

66 reviews

5
34
4
11
3
10
2
1
1
10

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions