WGU D488 Cybersecurity Architecture and
Engineering Exam Questions and Answers
100% Verified Graded A+
1. The security team recently enabled public access to a web application hosted
on a server inside the corporate network. The developers of the application
report that the server has received several structured query language (SQL)
injection attacks in the past several days. The team needs to deploy a solution
that will block the SQL injection attacks. Which solution fulfills these require-
ments?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH)
Answer: C - Web application firewall (WAF)
2. An IT security team has been notified that external contractors are using
their personal laptops to gain access to the corporate network. The team
needs to recommend a solution that will prevent unapproved devices from
accessing the network. Which solution fulfills these requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall
,Answer: C - Implementing port security
3. The chief technology officer for a small publishing company has been tasked
with improving the company's security posture. As part of a network upgrade,
the company has decided to implement intrusion detection, spam filtering,
content filtering, and antivirus controls. The project needs to be completed
using the least amount of infrastructure while meeting all requirements.
Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF)
Answer: C - Deploying a unified threat management (UTM) appliance
,4. The security team plans to deploy an intrusion detection system (IDS) so-
lution to alert engineers about inbound threats. The team already has a
database of signatures that they want the IDS solution to validate. Which
detection technique meets the requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention
Answer: C - Signature-based detection
5. An IT organization had a security breach after deploying an update to its
production web servers. The application currently goes through a manual
update process a few times per year. The security team needs to recommend
a failback option for future deployments. Which solution fulfills these require-
ments?
A - Implementing a code scanner
B - Implementing code signing
C - Implementing versioning
D - Implementing a security requirements traceability matrix (SRTM)
Answer: C - Imple- menting versioning
6. A software development team is working on a new mobile application that
will be used by customers. The security team must ensure that builds of the
application will be trusted by a variety of mobile devices. Which solution fulfills
these requirements?
A - Code scanning
B - Regression testing
C - Code signing
D - Continuous delivery
Answer: C - Code signing
7. An IT organization recently suffered a data leak incident. Management has
asked the security team to implement a print blocking mechanism for all
, documents stored on a corporate file share. Which solution fulfills these
requirements?
A - Virtual desktop infrastructure (VDI)
B - Remote Desktop Protocol (RDP)
C - Digital rights management (DRM)
D - Watermarking
Answer: C - Digital rights management (DRM)
8. A company has recently discovered that a competitor is distributing copy-
righted videos produced by the in-house marketing team. Management has
asked the security team to prevent these types of violations in the future.
Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP)
Answer: C - Digital rights management (DRM)
9. A security team has been tasked with performing regular vulnerability scans
for a cloud-based infrastructure. How should these vulnerability scans be
conducted when implementing zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed
Answer: C - Automatically
10. A healthcare company needs to ensure that medical researchers cannot
inadvertently share protected health information (PHI) data from medical
records. What is the best solution?
A - Encryption
B - Metadata
C - Anonymization
Engineering Exam Questions and Answers
100% Verified Graded A+
1. The security team recently enabled public access to a web application hosted
on a server inside the corporate network. The developers of the application
report that the server has received several structured query language (SQL)
injection attacks in the past several days. The team needs to deploy a solution
that will block the SQL injection attacks. Which solution fulfills these require-
ments?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH)
Answer: C - Web application firewall (WAF)
2. An IT security team has been notified that external contractors are using
their personal laptops to gain access to the corporate network. The team
needs to recommend a solution that will prevent unapproved devices from
accessing the network. Which solution fulfills these requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall
,Answer: C - Implementing port security
3. The chief technology officer for a small publishing company has been tasked
with improving the company's security posture. As part of a network upgrade,
the company has decided to implement intrusion detection, spam filtering,
content filtering, and antivirus controls. The project needs to be completed
using the least amount of infrastructure while meeting all requirements.
Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF)
Answer: C - Deploying a unified threat management (UTM) appliance
,4. The security team plans to deploy an intrusion detection system (IDS) so-
lution to alert engineers about inbound threats. The team already has a
database of signatures that they want the IDS solution to validate. Which
detection technique meets the requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention
Answer: C - Signature-based detection
5. An IT organization had a security breach after deploying an update to its
production web servers. The application currently goes through a manual
update process a few times per year. The security team needs to recommend
a failback option for future deployments. Which solution fulfills these require-
ments?
A - Implementing a code scanner
B - Implementing code signing
C - Implementing versioning
D - Implementing a security requirements traceability matrix (SRTM)
Answer: C - Imple- menting versioning
6. A software development team is working on a new mobile application that
will be used by customers. The security team must ensure that builds of the
application will be trusted by a variety of mobile devices. Which solution fulfills
these requirements?
A - Code scanning
B - Regression testing
C - Code signing
D - Continuous delivery
Answer: C - Code signing
7. An IT organization recently suffered a data leak incident. Management has
asked the security team to implement a print blocking mechanism for all
, documents stored on a corporate file share. Which solution fulfills these
requirements?
A - Virtual desktop infrastructure (VDI)
B - Remote Desktop Protocol (RDP)
C - Digital rights management (DRM)
D - Watermarking
Answer: C - Digital rights management (DRM)
8. A company has recently discovered that a competitor is distributing copy-
righted videos produced by the in-house marketing team. Management has
asked the security team to prevent these types of violations in the future.
Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP)
Answer: C - Digital rights management (DRM)
9. A security team has been tasked with performing regular vulnerability scans
for a cloud-based infrastructure. How should these vulnerability scans be
conducted when implementing zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed
Answer: C - Automatically
10. A healthcare company needs to ensure that medical researchers cannot
inadvertently share protected health information (PHI) data from medical
records. What is the best solution?
A - Encryption
B - Metadata
C - Anonymization
