WGU D488 CYBER SECURITY ARCHITECTURE &
ENGINEERING WITH FINAL EXAM COMBINED
WITH QUESTIONS AND ANSWERS WITH
RATIONALES
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to
prevent these types of violations in the future. Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP) --CORRECT ANSWER--C - Digital rights management
(DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure. How should these vulnerability scans be conducted when implementing
zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed --CORRECT ANSWER--C - Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share
protected health information (PHI) data from medical records. What is the best solution?
Page 1 of 231
,A - Encryption
B - Metadata
C - Anonymization
D - Obfuscation --CORRECT ANSWER--C - Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks. What is
the best solution?
A - Identity and access management (IAM)
B - Password policies
C - Privileged access management (PAM)
D - Password complexity --CORRECT ANSWER--C - Privileged access management
(PAM)
A global manufacturing company is moving its applications to the cloud. The security team
has been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments. Which access control solution should be implemented?
A - Kerberos
B - Mandatory access control (MAC)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) --CORRECT ANSWER--C - Attribute-based
access control (ABAC)
A team of developers is building a new corporate web application. The security team has
stated that the application must authenticate users through two separate channels of
Page 2 of 231
,communication. Which type of authentication method should the developers include when
building the application?
A - In-band authentication
B - Kerberos
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) --CORRECT ANSWER--C -
Out-of-band authentication
The security team recently enabled public access to a web application hosted on a server
inside the corporate network. The developers of the application report that the server has
received several structured query language (SQL) injection attacks in the past several days.
The team needs to deploy a solution that will block the SQL injection attacks. Which solution
fulfills these requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) --CORRECT ANSWER--C - Web application firewall (WAF)
An IT security team has been notified that external contractors are using their personal
laptops to gain access to the corporate network. The team needs to recommend a solution that
will prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall --CORRECT ANSWER--C - Implementing port security
Page 3 of 231
, The chief technology officer for a small publishing company has been tasked with improving
the company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) --CORRECT ANSWER--C - Deploying a
unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that they want
the IDS solution to validate. Which detection technique meets the requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention --CORRECT ANSWER--C - Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times per year.
The security team needs to recommend a failback option for future deployments. Which
solution fulfills these requirements?
A - Implementing a code scanner
B - Implementing code signing
C - Implementing versioning
Page 4 of 231
ENGINEERING WITH FINAL EXAM COMBINED
WITH QUESTIONS AND ANSWERS WITH
RATIONALES
A company has recently discovered that a competitor is distributing copyrighted videos
produced by the in-house marketing team. Management has asked the security team to
prevent these types of violations in the future. Which solution fulfills these requirements?
A - Virtual desktop infrastructure (VDI)
B - Secure Socket Shell (SSH)
C - Digital rights management (DRM)
D - Remote Desktop Protocol (RDP) --CORRECT ANSWER--C - Digital rights management
(DRM)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure. How should these vulnerability scans be conducted when implementing
zero trust security?
A - Manually
B - Annually
C - Automatically
D - As needed --CORRECT ANSWER--C - Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share
protected health information (PHI) data from medical records. What is the best solution?
Page 1 of 231
,A - Encryption
B - Metadata
C - Anonymization
D - Obfuscation --CORRECT ANSWER--C - Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks. What is
the best solution?
A - Identity and access management (IAM)
B - Password policies
C - Privileged access management (PAM)
D - Password complexity --CORRECT ANSWER--C - Privileged access management
(PAM)
A global manufacturing company is moving its applications to the cloud. The security team
has been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments. Which access control solution should be implemented?
A - Kerberos
B - Mandatory access control (MAC)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) --CORRECT ANSWER--C - Attribute-based
access control (ABAC)
A team of developers is building a new corporate web application. The security team has
stated that the application must authenticate users through two separate channels of
Page 2 of 231
,communication. Which type of authentication method should the developers include when
building the application?
A - In-band authentication
B - Kerberos
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) --CORRECT ANSWER--C -
Out-of-band authentication
The security team recently enabled public access to a web application hosted on a server
inside the corporate network. The developers of the application report that the server has
received several structured query language (SQL) injection attacks in the past several days.
The team needs to deploy a solution that will block the SQL injection attacks. Which solution
fulfills these requirements?
A - Virtual private network (VPN)
B - Security information and event management (SIEM)
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) --CORRECT ANSWER--C - Web application firewall (WAF)
An IT security team has been notified that external contractors are using their personal
laptops to gain access to the corporate network. The team needs to recommend a solution that
will prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
A - Implementing a demilitarized zone (DMZ)
B - Installing a hardware security module
C - Implementing port security
D - Deploying a software firewall --CORRECT ANSWER--C - Implementing port security
Page 3 of 231
, The chief technology officer for a small publishing company has been tasked with improving
the company's security posture. As part of a network upgrade, the company has decided to
implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
B - Deploying a proxy server
C - Deploying a unified threat management (UTM) appliance
D - Deploying a web application firewall (WAF) --CORRECT ANSWER--C - Deploying a
unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to alert
engineers about inbound threats. The team already has a database of signatures that they want
the IDS solution to validate. Which detection technique meets the requirements?
A - Intrusion detection
B - Deep packet inspection
C - Signature-based detection
D - Intrusion prevention --CORRECT ANSWER--C - Signature-based detection
An IT organization had a security breach after deploying an update to its production web
servers. The application currently goes through a manual update process a few times per year.
The security team needs to recommend a failback option for future deployments. Which
solution fulfills these requirements?
A - Implementing a code scanner
B - Implementing code signing
C - Implementing versioning
Page 4 of 231
