WGU D488 Cybersecurity Architecture
Engineering CASP+ Comprehensive Final
Exam Actual Exam 2026/2027 with Detailed
Rationales | Complete Exam-Style Questions |
Pass Guaranteed – A+ Graded
══════════════════════════════════════
SECTION 1: SECURITY ARCHITECTURE & ENGINEERING FOUNDATIONS Q1 – Q10
══════════════════════════════════════
Question 1 of 50
A global financial institution is redesigning its enterprise security architecture to align
business objectives with technical security controls across multiple lines of business. The
Chief Security Architect needs a framework that provides a structured methodology for
developing architecture artifacts, including security architecture views, while ensuring
traceability from business requirements to implementation. The framework must support
iterative architecture development and governance.
A. Implement the NIST Cybersecurity Framework and map all controls directly to the Identify
and Protect functions without developing architecture views.
B. Adopt the SABSA model to define business attribute profiling and layered security
architecture, but exclude enterprise architecture integration to reduce complexity.
C. Use TOGAF with the Architecture Development Method (ADM) to produce security
architecture views, requirement traceability, and iterative governance across business
domains. ✓ CORRECT
D. Deploy the ISO/IEC 27001 standard exclusively as the enterprise architecture blueprint,
treating each Annex A control as an architecture view.
Correct Answer: C
Rationale: TOGAF's ADM provides a comprehensive, iterative approach to enterprise
architecture development that includes specific phases for architecture vision, business
architecture, information systems architecture, and technology architecture, with explicit
support for security architecture views and requirement traceability. SABSA is excellent for
security-specific architecture but is designed to integrate with broader enterprise frameworks
like TOGAF rather than replace them; excluding enterprise integration would create dangerous
architectural gaps. On the CASP+ exam, answers that demonstrate holistic enterprise
,architecture governance with iterative development typically represent the most
architecturally mature choice.
Question 2 of 50
A healthcare organization's security team is conducting a quantitative risk assessment for a
new electronic health records system. The team has calculated that the asset value is $2.5
million, the exposure factor is 40%, and the annualized rate of occurrence is 0.3. The Chief
Information Security Officer needs to determine the annualized loss expectancy to justify a
$250,000 security control investment.
A. The ALE is $300,000, which exceeds the control investment, making the investment
cost-justified based on pure quantitative analysis.
B. The ALE is $300,000, but the control investment should be rejected because quantitative
risk assessments alone cannot justify security spending in regulated industries.
C. The ALE is $750,000, which represents the single loss expectancy multiplied by the asset
value, indicating the control investment is insufficient. ✓ CORRECT
D. The ALE is $300,000, calculated as $2.5 million multiplied by 0.4 and then by 0.3, but the
SLE alone should drive the control selection decision.
Correct Answer: C
Rationale: The Single Loss Expectancy (SLE) is Asset Value ($2.5M) × Exposure Factor (0.4)
= $1,000,000, and the Annualized Loss Expectancy (ALE) is SLE ($1M) × Annualized Rate of
Occurrence (0.3) = $300,000; however, the question asks which statement correctly
represents the calculation and decision context, and option C correctly identifies that the SLE
is $1M and the ALE calculation yields $300,000 while noting the control investment is
insufficient for the actual risk exposure. Option A incorrectly states the ALE exceeds the
control investment when $300,000 is less than $250,000 is false; actually $300K > $250K so it
is justified, but the math in C is the correct formula representation. On the CASP+ exam,
precise quantitative risk formulas and the relationship between ALE, SLE, and control costs
are frequently tested.
Question 3 of 50
A manufacturing company is deploying IoT sensors across its operational technology
environment to monitor production line equipment. The security architect must ensure that
the embedded devices maintain integrity and confidentiality of telemetry data while operating
in a physically insecure environment with limited computational resources and no local
human administration.
A. Implement full-disk encryption using AES-256 on each sensor and require certificate-based
TLS mutual authentication for all telemetry transmissions.
B. Deploy hardware roots of trust using TPM or trusted execution environments, combined
with lightweight cryptographic protocols and signed firmware updates. ✓ CORRECT
,C. Rely on network segmentation alone by placing all IoT devices on a dedicated VLAN with
firewall rules blocking external internet access.
D. Use biometric authentication for device-to-device communication and require complex
passwords changed every 30 days on each sensor.
Correct Answer: B
Rationale: Embedded and IoT devices in operational technology environments require
hardware-based roots of trust to establish device identity and integrity at boot, while
lightweight cryptography accommodates resource-constrained environments without
excessive computational overhead. Option A proposes AES-256 full-disk encryption which is
often computationally prohibitive for low-power IoT sensors, and option D suggests
biometric authentication which is architecturally infeasible for unattended
machine-to-machine communication. On the CASP+ exam, OT/IoT security scenarios
consistently favor hardware-based trust anchors and lightweight crypto over traditional
enterprise security controls that assume adequate compute resources.
Question 4 of 50
A defense contractor is developing a threat model for a new classified document
management system that handles Controlled Unclassified Information. The security team has
identified that an adversary could potentially intercept data in transit between the application
tier and the database tier, modify the query results, and then delete the audit logs to hide the
activity.
A. This scenario represents a Spoofing, Tampering, Repudiation, and Information Disclosure
threat cluster that maps to the STRIDE categories S, T, R, and I.
B. This scenario represents Tampering, Information Disclosure, and Denial of Service, which
maps to STRIDE categories T, I, and D. ✓ CORRECT
C. This scenario represents Elevation of Privilege and Repudiation only, as the adversary
must first elevate privileges to access the network segment.
D. This scenario represents Spoofing and Tampering only, since intercepting data requires
spoofing a legitimate network identity.
Correct Answer: B
Rationale: Intercepting data in transit constitutes Information Disclosure (I), modifying query
results constitutes Tampering (T), and deleting audit logs to hide activity constitutes Denial
of Service (D) against the accountability function; Repudiation would apply if the adversary
were a legitimate user denying their own actions, but the scenario describes an external
attacker destroying evidence rather than repudiating their own transaction. Option A
incorrectly includes Spoofing and Repudiation, while option C incorrectly focuses on
Elevation of Privilege which is not described in the scenario. On the CASP+ exam, accurate
STRIDE categorization requires careful parsing of whether the threat involves falsifying
, identity, altering data, denying action, exposing information, blocking service, or gaining
unauthorized access.
Question 5 of 50
A multinational enterprise is implementing a new enterprise resource planning system across
subsidiaries in the European Union, United States, and Asia-Pacific. The security architecture
must accommodate varying data sovereignty requirements while maintaining a unified
security posture. The Chief Security Architect is evaluating which security design principle
best supports this requirement without creating redundant control implementations.
A. Implement defense-in-depth by deploying independent security controls in each region,
creating redundant layers that satisfy local requirements separately.
B. Apply least privilege by restricting all cross-border data flows to batch processes that run
only during maintenance windows.
C. Adopt a policy of economy of mechanism by designing a single, simplified control
framework that ignores regional variations to reduce complexity. ✓ CORRECT
D. Use modularity and abstraction to design regional security modules that comply with local
sovereignty laws while interfacing with a unified enterprise security framework.
Correct Answer: D
Rationale: Modularity and abstraction allow security architectures to encapsulate regional
compliance requirements into discrete, manageable components while maintaining a
cohesive enterprise security posture through standardized interfaces and abstracted control
layers. Option A's defense-in-depth approach with independent regional controls creates
dangerous redundancy and architectural fragmentation, while option C's economy of
mechanism improperly sacrifices necessary regulatory compliance for simplicity. On the
CASP+ exam, security architecture questions involving global deployments consistently
reward answers that balance standardization with modularity to address jurisdictional
requirements.
Question 6 of 50
An e-commerce company is designing the cryptographic architecture for its payment
processing environment. The security architect must select a key management strategy that
provides both confidentiality and non-repudiation for transaction records while ensuring that
compromised keys have minimal blast radius. The solution must support high-volume,
low-latency transactions.
A. Use a single symmetric AES-256 key for all transactions, stored in a hardware security
module, rotated annually to minimize key management overhead.
B. Implement asymmetric cryptography using RSA-4096 for every transaction, with all private
keys stored in a centralized certificate authority database. ✓ CORRECT
Engineering CASP+ Comprehensive Final
Exam Actual Exam 2026/2027 with Detailed
Rationales | Complete Exam-Style Questions |
Pass Guaranteed – A+ Graded
══════════════════════════════════════
SECTION 1: SECURITY ARCHITECTURE & ENGINEERING FOUNDATIONS Q1 – Q10
══════════════════════════════════════
Question 1 of 50
A global financial institution is redesigning its enterprise security architecture to align
business objectives with technical security controls across multiple lines of business. The
Chief Security Architect needs a framework that provides a structured methodology for
developing architecture artifacts, including security architecture views, while ensuring
traceability from business requirements to implementation. The framework must support
iterative architecture development and governance.
A. Implement the NIST Cybersecurity Framework and map all controls directly to the Identify
and Protect functions without developing architecture views.
B. Adopt the SABSA model to define business attribute profiling and layered security
architecture, but exclude enterprise architecture integration to reduce complexity.
C. Use TOGAF with the Architecture Development Method (ADM) to produce security
architecture views, requirement traceability, and iterative governance across business
domains. ✓ CORRECT
D. Deploy the ISO/IEC 27001 standard exclusively as the enterprise architecture blueprint,
treating each Annex A control as an architecture view.
Correct Answer: C
Rationale: TOGAF's ADM provides a comprehensive, iterative approach to enterprise
architecture development that includes specific phases for architecture vision, business
architecture, information systems architecture, and technology architecture, with explicit
support for security architecture views and requirement traceability. SABSA is excellent for
security-specific architecture but is designed to integrate with broader enterprise frameworks
like TOGAF rather than replace them; excluding enterprise integration would create dangerous
architectural gaps. On the CASP+ exam, answers that demonstrate holistic enterprise
,architecture governance with iterative development typically represent the most
architecturally mature choice.
Question 2 of 50
A healthcare organization's security team is conducting a quantitative risk assessment for a
new electronic health records system. The team has calculated that the asset value is $2.5
million, the exposure factor is 40%, and the annualized rate of occurrence is 0.3. The Chief
Information Security Officer needs to determine the annualized loss expectancy to justify a
$250,000 security control investment.
A. The ALE is $300,000, which exceeds the control investment, making the investment
cost-justified based on pure quantitative analysis.
B. The ALE is $300,000, but the control investment should be rejected because quantitative
risk assessments alone cannot justify security spending in regulated industries.
C. The ALE is $750,000, which represents the single loss expectancy multiplied by the asset
value, indicating the control investment is insufficient. ✓ CORRECT
D. The ALE is $300,000, calculated as $2.5 million multiplied by 0.4 and then by 0.3, but the
SLE alone should drive the control selection decision.
Correct Answer: C
Rationale: The Single Loss Expectancy (SLE) is Asset Value ($2.5M) × Exposure Factor (0.4)
= $1,000,000, and the Annualized Loss Expectancy (ALE) is SLE ($1M) × Annualized Rate of
Occurrence (0.3) = $300,000; however, the question asks which statement correctly
represents the calculation and decision context, and option C correctly identifies that the SLE
is $1M and the ALE calculation yields $300,000 while noting the control investment is
insufficient for the actual risk exposure. Option A incorrectly states the ALE exceeds the
control investment when $300,000 is less than $250,000 is false; actually $300K > $250K so it
is justified, but the math in C is the correct formula representation. On the CASP+ exam,
precise quantitative risk formulas and the relationship between ALE, SLE, and control costs
are frequently tested.
Question 3 of 50
A manufacturing company is deploying IoT sensors across its operational technology
environment to monitor production line equipment. The security architect must ensure that
the embedded devices maintain integrity and confidentiality of telemetry data while operating
in a physically insecure environment with limited computational resources and no local
human administration.
A. Implement full-disk encryption using AES-256 on each sensor and require certificate-based
TLS mutual authentication for all telemetry transmissions.
B. Deploy hardware roots of trust using TPM or trusted execution environments, combined
with lightweight cryptographic protocols and signed firmware updates. ✓ CORRECT
,C. Rely on network segmentation alone by placing all IoT devices on a dedicated VLAN with
firewall rules blocking external internet access.
D. Use biometric authentication for device-to-device communication and require complex
passwords changed every 30 days on each sensor.
Correct Answer: B
Rationale: Embedded and IoT devices in operational technology environments require
hardware-based roots of trust to establish device identity and integrity at boot, while
lightweight cryptography accommodates resource-constrained environments without
excessive computational overhead. Option A proposes AES-256 full-disk encryption which is
often computationally prohibitive for low-power IoT sensors, and option D suggests
biometric authentication which is architecturally infeasible for unattended
machine-to-machine communication. On the CASP+ exam, OT/IoT security scenarios
consistently favor hardware-based trust anchors and lightweight crypto over traditional
enterprise security controls that assume adequate compute resources.
Question 4 of 50
A defense contractor is developing a threat model for a new classified document
management system that handles Controlled Unclassified Information. The security team has
identified that an adversary could potentially intercept data in transit between the application
tier and the database tier, modify the query results, and then delete the audit logs to hide the
activity.
A. This scenario represents a Spoofing, Tampering, Repudiation, and Information Disclosure
threat cluster that maps to the STRIDE categories S, T, R, and I.
B. This scenario represents Tampering, Information Disclosure, and Denial of Service, which
maps to STRIDE categories T, I, and D. ✓ CORRECT
C. This scenario represents Elevation of Privilege and Repudiation only, as the adversary
must first elevate privileges to access the network segment.
D. This scenario represents Spoofing and Tampering only, since intercepting data requires
spoofing a legitimate network identity.
Correct Answer: B
Rationale: Intercepting data in transit constitutes Information Disclosure (I), modifying query
results constitutes Tampering (T), and deleting audit logs to hide activity constitutes Denial
of Service (D) against the accountability function; Repudiation would apply if the adversary
were a legitimate user denying their own actions, but the scenario describes an external
attacker destroying evidence rather than repudiating their own transaction. Option A
incorrectly includes Spoofing and Repudiation, while option C incorrectly focuses on
Elevation of Privilege which is not described in the scenario. On the CASP+ exam, accurate
STRIDE categorization requires careful parsing of whether the threat involves falsifying
, identity, altering data, denying action, exposing information, blocking service, or gaining
unauthorized access.
Question 5 of 50
A multinational enterprise is implementing a new enterprise resource planning system across
subsidiaries in the European Union, United States, and Asia-Pacific. The security architecture
must accommodate varying data sovereignty requirements while maintaining a unified
security posture. The Chief Security Architect is evaluating which security design principle
best supports this requirement without creating redundant control implementations.
A. Implement defense-in-depth by deploying independent security controls in each region,
creating redundant layers that satisfy local requirements separately.
B. Apply least privilege by restricting all cross-border data flows to batch processes that run
only during maintenance windows.
C. Adopt a policy of economy of mechanism by designing a single, simplified control
framework that ignores regional variations to reduce complexity. ✓ CORRECT
D. Use modularity and abstraction to design regional security modules that comply with local
sovereignty laws while interfacing with a unified enterprise security framework.
Correct Answer: D
Rationale: Modularity and abstraction allow security architectures to encapsulate regional
compliance requirements into discrete, manageable components while maintaining a
cohesive enterprise security posture through standardized interfaces and abstracted control
layers. Option A's defense-in-depth approach with independent regional controls creates
dangerous redundancy and architectural fragmentation, while option C's economy of
mechanism improperly sacrifices necessary regulatory compliance for simplicity. On the
CASP+ exam, security architecture questions involving global deployments consistently
reward answers that balance standardization with modularity to address jurisdictional
requirements.
Question 6 of 50
An e-commerce company is designing the cryptographic architecture for its payment
processing environment. The security architect must select a key management strategy that
provides both confidentiality and non-repudiation for transaction records while ensuring that
compromised keys have minimal blast radius. The solution must support high-volume,
low-latency transactions.
A. Use a single symmetric AES-256 key for all transactions, stored in a hardware security
module, rotated annually to minimize key management overhead.
B. Implement asymmetric cryptography using RSA-4096 for every transaction, with all private
keys stored in a centralized certificate authority database. ✓ CORRECT
