1|Page
WGU D488 OA Final Exam /WGU D488 Cybersecurity Architecture & Engineering Newest
2025/2026 Complete All 100 Questions And Correct Detailed Answers |Already Graded
A+||Already Graded A+
A disaster recovery planner needs to focus prioritization efforts around operational impact. The
disaster recovery planner should focus on which system?
A - Demilitarized Zone
B - External systems
C - Systems with critical vulnerabilities
D - Mission critical - ANSWER=D - Mission Critical
A small business is looking at migrating to the cloud but wants as little administration
responsibility as possible. Which of the following solutions would best suit them?
A - IaaS
B - PaaS
C - SaaS
D - DRaaS - ANSWER=C - SaaS
The security operations center (SOC) team for a global company is planning an initiative to
defend against security breaches. Leadership wants the team to monitor for threats against the
organization's data, credentials, and brand reputation by scanning networks that can not be
accessed via search engines. Which type of network should be scanned based on the
requirements?
A - Wireless fidelity
B - Intranet
C - Deep web
D - Supervisory control and data acquisition - ANSWER=C - Deep web
Which security technique should be used to detect a weak password that may match common
dictionary words?
A - Password Spraying
,2|Page
B - Password Auditing
C - Password Guessing
D - Password History - ANSWER=B - Password Auditing
A security consultant is conducting a security assessment and is trying to communicate
reasons that flaws may exist. What are the primary categories in which these flaws exist?
Select 3 answers.
A - Communication
B - People
C - Process
D - Technology - ANSWER=B, C, & D; People, Process, and Technology
Password auditing allows for existing passwords to be compared against known weak passwords
to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide a password,
memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - ANSWER=A - Multi-factor authentication
The security team recently enabled public access to a web application hosted on a server inside
the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
,3|Page
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - ANSWER=C - Web application firewall (WAF)
A financial services company has experienced several incidents of data breaches in recent
months. The company has analyzed the indicators of compromise and determined that the data
breaches were caused by insider threats. The company has decided to implement hardening
techniques and endpoint security controls to mitigate the risk. What should be used to prevent
data breaches caused by insider threats based on the indicators of compromise?
A - Network monitoring
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP)
D - Access control systems (ACS) - ANSWER=C - Data loss prevention (DLP)
The cybersecurity analyst at a software company conducted a vulnerability assessment to
identify potential security risks to the organization and discovered multiple vulnerabilities on
the company's webpage. The analyst then provided the results to the chief information security
officer (CISO), who then decided not to fix the discrepancies due to the vulnerabilities being
outside of the organization's resources. Which risk mitigation strategy is demonstrated in this
scenario?
A - Accept
B - Mitigate
C - Avoid
D - Transfer - ANSWER=A - Accept
A company wants to implement a policy to reduce the risk of unauthorized access to sensitive
information. Which policy should be implemented?
A - Least privilege
B - Separation of duties
C - Job rotation
D - Data encryption - ANSWER=A - Least privilege
, 4|Page
A company is developing a cybersecurity risk management program and wants to establish
metrics to measure the program's effectiveness. What should the company consider?
A - Key performance indicators (KPIs)
B - Key risk indicators (KRIs)
C - Risk appetite
D - Risk tolerance - ANSWER=A - Key performance indicators (KPIs)
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall - ANSWER=C - Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) - ANSWER=C - Deploying a unified threat
management (UTM) appliance
WGU D488 OA Final Exam /WGU D488 Cybersecurity Architecture & Engineering Newest
2025/2026 Complete All 100 Questions And Correct Detailed Answers |Already Graded
A+||Already Graded A+
A disaster recovery planner needs to focus prioritization efforts around operational impact. The
disaster recovery planner should focus on which system?
A - Demilitarized Zone
B - External systems
C - Systems with critical vulnerabilities
D - Mission critical - ANSWER=D - Mission Critical
A small business is looking at migrating to the cloud but wants as little administration
responsibility as possible. Which of the following solutions would best suit them?
A - IaaS
B - PaaS
C - SaaS
D - DRaaS - ANSWER=C - SaaS
The security operations center (SOC) team for a global company is planning an initiative to
defend against security breaches. Leadership wants the team to monitor for threats against the
organization's data, credentials, and brand reputation by scanning networks that can not be
accessed via search engines. Which type of network should be scanned based on the
requirements?
A - Wireless fidelity
B - Intranet
C - Deep web
D - Supervisory control and data acquisition - ANSWER=C - Deep web
Which security technique should be used to detect a weak password that may match common
dictionary words?
A - Password Spraying
,2|Page
B - Password Auditing
C - Password Guessing
D - Password History - ANSWER=B - Password Auditing
A security consultant is conducting a security assessment and is trying to communicate
reasons that flaws may exist. What are the primary categories in which these flaws exist?
Select 3 answers.
A - Communication
B - People
C - Process
D - Technology - ANSWER=B, C, & D; People, Process, and Technology
Password auditing allows for existing passwords to be compared against known weak passwords
to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide a password,
memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - ANSWER=A - Multi-factor authentication
The security team recently enabled public access to a web application hosted on a server inside
the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
,3|Page
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - ANSWER=C - Web application firewall (WAF)
A financial services company has experienced several incidents of data breaches in recent
months. The company has analyzed the indicators of compromise and determined that the data
breaches were caused by insider threats. The company has decided to implement hardening
techniques and endpoint security controls to mitigate the risk. What should be used to prevent
data breaches caused by insider threats based on the indicators of compromise?
A - Network monitoring
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP)
D - Access control systems (ACS) - ANSWER=C - Data loss prevention (DLP)
The cybersecurity analyst at a software company conducted a vulnerability assessment to
identify potential security risks to the organization and discovered multiple vulnerabilities on
the company's webpage. The analyst then provided the results to the chief information security
officer (CISO), who then decided not to fix the discrepancies due to the vulnerabilities being
outside of the organization's resources. Which risk mitigation strategy is demonstrated in this
scenario?
A - Accept
B - Mitigate
C - Avoid
D - Transfer - ANSWER=A - Accept
A company wants to implement a policy to reduce the risk of unauthorized access to sensitive
information. Which policy should be implemented?
A - Least privilege
B - Separation of duties
C - Job rotation
D - Data encryption - ANSWER=A - Least privilege
, 4|Page
A company is developing a cybersecurity risk management program and wants to establish
metrics to measure the program's effectiveness. What should the company consider?
A - Key performance indicators (KPIs)
B - Key risk indicators (KRIs)
C - Risk appetite
D - Risk tolerance - ANSWER=A - Key performance indicators (KPIs)
An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall - ANSWER=C - Implementing port security
The chief technology officer for a small publishing company has been tasked with improving the
company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) - ANSWER=C - Deploying a unified threat
management (UTM) appliance
