WGU D488 Final Exam Test Bank ACTUAL
EXAM 2026/2027 | Cybersecurity
Architecture and Engineering | Verified
Q&A | Pass Guaranteed - A+ Graded
SECTION 1: Security Architecture Frameworks & Models (Q1–Q15)
Q1. Multiple Choice
Which security model enforces the rule "no read up" to protect confidentiality?
A. Biba
B. Bell-LaPadula
C. Clark-Wilson
D. Brewer-Nash
Correct Answer: B. Bell-LaPadula [CORRECT]
Rationale: Bell-LaPadula is specifically designed to protect confidentiality through two main rules: the
Simple Security Property ("no read up") prevents subjects from reading data at a higher classification
level, and the *-Property ("no write down") prevents subjects from writing data to a lower classification
level. This directly addresses the scenario described. Reference: NIST SP 800-160, CISSP Domain 3.
Why A is wrong: Biba addresses integrity, not confidentiality. Biba's Simple Integrity Axiom is "no read
down" and the *-Integrity Axiom is "no write up" — the exact opposite direction of Bell-LaPadula. A
common WGU D488 trap is confusing the read/write directions between these two models.
Q2. Multiple Choice
In the Common Criteria (ISO/IEC 15408), which Evaluation Assurance Level (EAL) requires formal design
verification and is typically used for high-security government systems?
A. EAL4
B. EAL5
,C. EAL6
D. EAL7
Correct Answer: C. EAL6 [CORRECT]
Rationale: EAL6 requires semi-formal design verification and is intended for high-security systems where
the risk of penetration is high. EAL7 requires formal verification and is used for extremely high-risk
systems (military, critical infrastructure). EAL4 is the highest level typically achievable by commercial
products. EAL5 requires semi-formal design but less rigor than EAL6. Reference: ISO/IEC 15408, NIST SP
800-160.
Why D is wrong: EAL7 requires formal verification with mathematical proof of security — this is
reserved for the most critical systems (nuclear command, intelligence) and is not the standard for "high-
security government systems" generally. EAL6 is the practical high-security standard.
Q3. Multiple Choice
Which component of the Trusted Computing Base (TCB) is responsible for mediating all access requests
between subjects and objects?
A. Security kernel
B. Reference monitor
C. Trusted path
D. Security perimeter
Correct Answer: B. Reference monitor [CORRECT]
Rationale: The reference monitor is the abstract security concept that mediates all access attempts by
subjects to objects. It must be tamperproof, always invoked (complete mediation), and small enough to
be verifiable. The security kernel is the hardware, firmware, and software implementation of the
reference monitor. Reference: CISSP Domain 3, NIST SP 800-160.
Why A is wrong: The security kernel is the implementation of the reference monitor concept — not the
concept itself. This is a classic WGU/CISSP distractor testing whether you understand the distinction
between the abstract reference monitor and its concrete implementation.
Q4. Multiple Choice
SABSA (Sherwood Applied Business Security Architecture) is best described as:
A. A technical framework focused on network security controls
B. A business-driven security architecture framework that aligns security with business requirements
,C. A cryptographic standards framework for enterprise encryption
D. A software development methodology for secure coding
Correct Answer: B. A business-driven security architecture framework that aligns security with
business requirements [CORRECT]
Rationale: SABSA is explicitly business-driven, using a six-layer model (from contextual/ business layer
down to operational/ technology layer) to ensure security architecture supports business objectives. It
complements TOGAF by adding the security dimension to enterprise architecture. Reference: SABSA
White Paper, WGU D488 Course Materials.
Why A is wrong: SABSA is not primarily technical or network-focused — that's more the domain of NIST
SP 800-53 or CIS Controls. SABSA starts with business risk and derives security requirements from
business needs.
Q5. Multiple Choice
Which of the following is a compensating control?
A. A firewall blocking unauthorized network traffic
B. A security guard monitoring the server room after hours because the badge reader system is
malfunctioning
C. Encryption of data at rest on a database server
D. Mandatory security awareness training for all employees
Correct Answer: B. A security guard monitoring the server room after hours because the badge reader
system is malfunctioning [CORRECT]
Rationale: A compensating control is an alternative security measure implemented when the primary
control cannot be used or is insufficient. The security guard compensates for the failed badge reader (a
technical control) by providing physical monitoring. Reference: NIST SP 800-53, CISSP Domain 3.
Why A is wrong: A firewall is a preventive technical control, not compensating. Compensating controls
specifically address gaps where primary controls fail or are impractical.
Q6. Multiple Choice
In the Zachman Framework, which dimension addresses "How?" (the function/process perspective)?
A. Planner (Scope/Context)
B. Owner (Business Concept)
C. Designer (System Logic)
D. Builder (Technology Physics)
, Correct Answer: C. Designer (System Logic) [CORRECT]
Rationale: The Zachman Framework uses two dimensions: six rows (stakeholder perspectives) and six
columns (interrogatives: What, How, Where, Who, When, Why). The "How?" column (function/process)
at the Designer row (System Logic) defines how the system functions to meet business requirements.
Reference: Zachman Framework, TOGAF-SABSA integration.
Why B is wrong: The Owner row addresses the business concept ("What?" the business does), not
"How?" it functions at the system level. The Designer row translates business requirements into system
logic.
Q7. Multiple Choice
Which security model prevents conflicts of interest by ensuring a subject cannot access objects from
mutually exclusive conflict-of-interest classes?
A. Graham-Denning
B. Brewer-Nash (Chinese Wall)
C. Clark-Wilson
D. State Machine Model
Correct Answer: B. Brewer-Nash (Chinese Wall) [CORRECT]
Rationale: The Brewer-Nash model (Chinese Wall) was designed specifically to prevent conflicts of
interest in commercial environments (e.g., financial consulting). Once a subject accesses data from one
company in a conflict-of-interest class, they cannot access data from competing companies in that same
class. Reference: CISSP Domain 3, WGU D488.
Why C is wrong: Clark-Wilson focuses on integrity through well-formed transactions and separation of
duties — it does not address conflict-of-interest classes or competitive data access restrictions.
Q8. Multiple Choice
Which of the following best describes the TOGAF Architecture Development Method (ADM)?
A. A linear, waterfall approach to security architecture
B. A cyclical, iterative process for developing enterprise architecture with security as a cross-cutting
concern
C. A risk assessment methodology for quantitative threat analysis
D. A cryptographic key management framework
Correct Answer: B. A cyclical, iterative process for developing enterprise architecture with security as
a cross-cutting concern [CORRECT]
EXAM 2026/2027 | Cybersecurity
Architecture and Engineering | Verified
Q&A | Pass Guaranteed - A+ Graded
SECTION 1: Security Architecture Frameworks & Models (Q1–Q15)
Q1. Multiple Choice
Which security model enforces the rule "no read up" to protect confidentiality?
A. Biba
B. Bell-LaPadula
C. Clark-Wilson
D. Brewer-Nash
Correct Answer: B. Bell-LaPadula [CORRECT]
Rationale: Bell-LaPadula is specifically designed to protect confidentiality through two main rules: the
Simple Security Property ("no read up") prevents subjects from reading data at a higher classification
level, and the *-Property ("no write down") prevents subjects from writing data to a lower classification
level. This directly addresses the scenario described. Reference: NIST SP 800-160, CISSP Domain 3.
Why A is wrong: Biba addresses integrity, not confidentiality. Biba's Simple Integrity Axiom is "no read
down" and the *-Integrity Axiom is "no write up" — the exact opposite direction of Bell-LaPadula. A
common WGU D488 trap is confusing the read/write directions between these two models.
Q2. Multiple Choice
In the Common Criteria (ISO/IEC 15408), which Evaluation Assurance Level (EAL) requires formal design
verification and is typically used for high-security government systems?
A. EAL4
B. EAL5
,C. EAL6
D. EAL7
Correct Answer: C. EAL6 [CORRECT]
Rationale: EAL6 requires semi-formal design verification and is intended for high-security systems where
the risk of penetration is high. EAL7 requires formal verification and is used for extremely high-risk
systems (military, critical infrastructure). EAL4 is the highest level typically achievable by commercial
products. EAL5 requires semi-formal design but less rigor than EAL6. Reference: ISO/IEC 15408, NIST SP
800-160.
Why D is wrong: EAL7 requires formal verification with mathematical proof of security — this is
reserved for the most critical systems (nuclear command, intelligence) and is not the standard for "high-
security government systems" generally. EAL6 is the practical high-security standard.
Q3. Multiple Choice
Which component of the Trusted Computing Base (TCB) is responsible for mediating all access requests
between subjects and objects?
A. Security kernel
B. Reference monitor
C. Trusted path
D. Security perimeter
Correct Answer: B. Reference monitor [CORRECT]
Rationale: The reference monitor is the abstract security concept that mediates all access attempts by
subjects to objects. It must be tamperproof, always invoked (complete mediation), and small enough to
be verifiable. The security kernel is the hardware, firmware, and software implementation of the
reference monitor. Reference: CISSP Domain 3, NIST SP 800-160.
Why A is wrong: The security kernel is the implementation of the reference monitor concept — not the
concept itself. This is a classic WGU/CISSP distractor testing whether you understand the distinction
between the abstract reference monitor and its concrete implementation.
Q4. Multiple Choice
SABSA (Sherwood Applied Business Security Architecture) is best described as:
A. A technical framework focused on network security controls
B. A business-driven security architecture framework that aligns security with business requirements
,C. A cryptographic standards framework for enterprise encryption
D. A software development methodology for secure coding
Correct Answer: B. A business-driven security architecture framework that aligns security with
business requirements [CORRECT]
Rationale: SABSA is explicitly business-driven, using a six-layer model (from contextual/ business layer
down to operational/ technology layer) to ensure security architecture supports business objectives. It
complements TOGAF by adding the security dimension to enterprise architecture. Reference: SABSA
White Paper, WGU D488 Course Materials.
Why A is wrong: SABSA is not primarily technical or network-focused — that's more the domain of NIST
SP 800-53 or CIS Controls. SABSA starts with business risk and derives security requirements from
business needs.
Q5. Multiple Choice
Which of the following is a compensating control?
A. A firewall blocking unauthorized network traffic
B. A security guard monitoring the server room after hours because the badge reader system is
malfunctioning
C. Encryption of data at rest on a database server
D. Mandatory security awareness training for all employees
Correct Answer: B. A security guard monitoring the server room after hours because the badge reader
system is malfunctioning [CORRECT]
Rationale: A compensating control is an alternative security measure implemented when the primary
control cannot be used or is insufficient. The security guard compensates for the failed badge reader (a
technical control) by providing physical monitoring. Reference: NIST SP 800-53, CISSP Domain 3.
Why A is wrong: A firewall is a preventive technical control, not compensating. Compensating controls
specifically address gaps where primary controls fail or are impractical.
Q6. Multiple Choice
In the Zachman Framework, which dimension addresses "How?" (the function/process perspective)?
A. Planner (Scope/Context)
B. Owner (Business Concept)
C. Designer (System Logic)
D. Builder (Technology Physics)
, Correct Answer: C. Designer (System Logic) [CORRECT]
Rationale: The Zachman Framework uses two dimensions: six rows (stakeholder perspectives) and six
columns (interrogatives: What, How, Where, Who, When, Why). The "How?" column (function/process)
at the Designer row (System Logic) defines how the system functions to meet business requirements.
Reference: Zachman Framework, TOGAF-SABSA integration.
Why B is wrong: The Owner row addresses the business concept ("What?" the business does), not
"How?" it functions at the system level. The Designer row translates business requirements into system
logic.
Q7. Multiple Choice
Which security model prevents conflicts of interest by ensuring a subject cannot access objects from
mutually exclusive conflict-of-interest classes?
A. Graham-Denning
B. Brewer-Nash (Chinese Wall)
C. Clark-Wilson
D. State Machine Model
Correct Answer: B. Brewer-Nash (Chinese Wall) [CORRECT]
Rationale: The Brewer-Nash model (Chinese Wall) was designed specifically to prevent conflicts of
interest in commercial environments (e.g., financial consulting). Once a subject accesses data from one
company in a conflict-of-interest class, they cannot access data from competing companies in that same
class. Reference: CISSP Domain 3, WGU D488.
Why C is wrong: Clark-Wilson focuses on integrity through well-formed transactions and separation of
duties — it does not address conflict-of-interest classes or competitive data access restrictions.
Q8. Multiple Choice
Which of the following best describes the TOGAF Architecture Development Method (ADM)?
A. A linear, waterfall approach to security architecture
B. A cyclical, iterative process for developing enterprise architecture with security as a cross-cutting
concern
C. A risk assessment methodology for quantitative threat analysis
D. A cryptographic key management framework
Correct Answer: B. A cyclical, iterative process for developing enterprise architecture with security as
a cross-cutting concern [CORRECT]
