Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

D488 | D488 Cybersecurity Architecture and Engineering Exam 2 | Questions with Correct Answers and Expert Explanation for Each Question | WGU

Rating
-
Sold
-
Pages
40
Grade
A+
Uploaded on
29-04-2026
Written in
2025/2026

D488 | D488 Cybersecurity Architecture and Engineering Exam 2 | Questions with Correct Answers and Expert Explanation for Each Question | WGU

Institution
Course

Content preview

D488 | D488 Cybersecurity Architecture and
Engineering Exam 2 Version 3 Questions with
Correct Answers and Expert Explanation for Each
Question
1. A security engineer is reviewing an application that allows users to upload files to a

server. Which vulnerability is most likely present if the application does not validate

the file extension or content type?

A. Unrestricted Executable File Upload


B. Cross-Site Scripting (XSS)


C. SQL Injection


D. Security Misconfiguration


Correct Answer: A


Expert Explanation: Unrestricted file upload occurs when an application allows

users to upload files without sufficient validation. This vulnerability enables

attackers to upload malicious scripts or shells to the server. Once executed, these

files can grant the attacker full control over the host system. To mitigate this risk,

developers must implement strict file type white-listing and scan files for malware.

This process ensures that only safe and intended file formats are processed by the

web server.

,2. During a security audit, a developer discovers that sensitive session tokens are

being transmitted in the URL as query parameters. Which OWASP risk category does

this fall under?

A. Cryptographic Failures


B. Broken Access Control


C. Insecure Design


D. Identification and Authentication Failures


Correct Answer: D


Expert Explanation: Identification and Authentication Failures involve weaknesses

in how an application manages user identities and sessions. Passing session tokens

in URLs is a dangerous practice because URLs are often logged by intermediate

proxies and browsers. If an attacker gains access to these logs, they can easily hijack

the user’s active session. Secure session management requires tokens to be stored

in secure, HttpOnly cookies instead of the URL. This practice minimizes the

exposure of sensitive credentials during transit and storage.


3. Which technique is the most effective way to prevent SQL injection attacks in a web

application?

A. Using prepared statements with parameterized queries


B. Implementing a Web Application Firewall (WAF)

,C. Encoding all output displayed to the user


D. Using client-side JavaScript for input validation


Correct Answer: A


Expert Explanation: Prepared statements ensure that the database treats user

input as data rather than executable code. This approach separates the query

structure from the actual values provided by the user. Even if an attacker enters

malicious SQL commands, the database will not execute them. While WAFs provide

an extra layer of defense, they cannot replace secure coding practices at the

application level. Therefore, parameterization remains the primary and most

reliable defense against various injection flaws.


4. An organization is implementing a DevSecOps pipeline. At which stage should Static

Application Security Testing (SAST) be integrated for the best results?

A. During the deployment phase


B. During the coding and build phase


C. During the monitoring and logging phase


D. During the final manual penetration test


Correct Answer: B

, Expert Explanation: SAST tools analyze the source code or compiled binaries for

security vulnerabilities without executing the program. Integrating SAST early in the

software development lifecycle allows developers to identify and fix flaws

immediately. This ‘shift-left’ approach reduces the cost and effort required to

remediate security issues later. By catching bugs during the build phase, teams can

ensure that only secure code moves forward. This proactive strategy is a

cornerstone of modern cybersecurity architecture and engineering.


5. In the context of threat modeling using the STRIDE methodology, which threat is

associated with an attacker performing actions on behalf of another user without

their consent?

A. Information Disclosure


B. Repudiation


C. Spoofing


D. Tampering


Correct Answer: C


Expert Explanation: Spoofing involves an attacker pretending to be a different user

or system to gain unauthorized access. This threat category focuses on the violation

of authenticity within an application environment. By impersonating a legitimate

entity, attackers can bypass security controls and access sensitive data. Mitigation

Written for

Institution
Course

Document information

Uploaded on
April 29, 2026
Number of pages
40
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$17.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
ScholarsAscend Rasmussen College
Follow You need to be logged in order to follow users or courses
Sold
372
Member since
2 year
Number of followers
39
Documents
26473
Last sold
1 day ago

3.9

66 reviews

5
34
4
11
3
10
2
1
1
10

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions