WGU D488 - Cybersecurity Architecture &
Engineering Frequently Tested Exam Questions
With Verified Multiple Choice and Conceptual
Actual 100% Correct Detailed Answers
Guaranteed Pass!!Current Update!!
1. A security architect is explaining logistics security to a non-technical person.
What term would the security architect use to describe all of the suppliers,
vendors, and partners needed to deliver a final product?
A - Transmission control
B - Vendor policy
C - Vendor viability
D - Supply chain - ANSWER D - Supply chain
The supply chain describes all of the suppliers, vendors, and partners needed to
deliver a final product. The supply chain presents a significant amount of risk.
Transmission control defines how a system protects communication channels from
infiltration, exploitation, and interception.
Establishing the maturity of vendor security operations and defining the minimum
set of requirements and expectations in a policy is essential.
,Vendor viability is important when determining if a vendor will be in business on
an ongoing basis, that they have a viable and in-demand product, and the
financial means to stay afloat.
2. A security engineer at a software company is currently analyzing its supply
chain. What would the company's supply chain most likely involve? Select 3
answers.
A - Chips
B - Source code repositories
C - Development language
D - Third-party libraries - ANSWER B, C, & D; Source code repositories,
development language, and third party libraries
Platforms where developers store and manage their code play a significant role.
Examples like GitHub, GitLab, and Bitbucket are vital components of many modern
software supply chains. Events such as Microsoft's acquisition of GitHub highlight
the importance of these repositories in the software supply chain.
The programming language can have various implications, such as the libraries
and frameworks a company might use and their target platforms.
Third-party libraries are often integrated into software projects to expedite
development. They can also represent security risks if they aren't updated
regularly or originate from untrusted sources.
Chips are not as likely to be involved in software company supply chains but are
much more likely to be part of companies that sell hardware.
,3. A U.S. government agency has contracted a risk auditor to conduct a risk
assessment. Which of the following frameworks should the auditor use?
A - ISO 31000
B - COBIT
C - NIST RMF
D - COSO - ANSWER C - NIST RMF (Risk Management Framework)
The National Institute of Standards and Technology Risk Management Framework
(NIST RMF) defines standards that US Federal Agencies must use to assess and
manage cybersecurity risks.
The International Organization for Standardization (ISO) is one of the world's
largest developers of standards. Many international organizations have adopted
ISO standards to establish a common taxonomy among diverse industries.
The Control Objectives for Information and Related Technologies (COBIT) is a
framework created and maintained by Information Systems Audit and Control
Association (ISACA). COBIT frames IT risk from a business leadership viewpoint.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
is an initiative of five private sector organizations collaborating on the
development of risk management frameworks.
4. What are the two major components of risk? Select 2 answers.
A - Impact
, B - Exploitability
C - Integrity
D - Likelihood - ANSWER A & D - Impact & Likelihood
Impact is the severity of the risk when realized. Determining factors include the
scope, the value of the asset, or the financial impacts of the event.
The likelihood of occurrence is the probability that a threat is taking place.
Exploitability is a factor, though not one of the main components. It is one of the
primary scores multiplied to assess the CVSS score.
While integrity is not one of the main components, it does play a role in
calculating scores based on the Common Vulnerability Scoring System (CVSS). The
integrity metric describes the type of information alteration that might occur if an
attacker successfully exploits the vulnerability.
5. A consultant for various IT services wants to draft a document that explains
basic responsibilities but has concerns that companies will try to fight about
additional changes in the project. Therefore, the consultant wants to draft a
document to set expectations and keep companies from trying to get more
services than they paid for in the agreement. Which would best fit this situation?
A - MOU
B - NDA
C - MSA
D - ISA - ANSWER A - MOU (Memorandum of Understanding)
Engineering Frequently Tested Exam Questions
With Verified Multiple Choice and Conceptual
Actual 100% Correct Detailed Answers
Guaranteed Pass!!Current Update!!
1. A security architect is explaining logistics security to a non-technical person.
What term would the security architect use to describe all of the suppliers,
vendors, and partners needed to deliver a final product?
A - Transmission control
B - Vendor policy
C - Vendor viability
D - Supply chain - ANSWER D - Supply chain
The supply chain describes all of the suppliers, vendors, and partners needed to
deliver a final product. The supply chain presents a significant amount of risk.
Transmission control defines how a system protects communication channels from
infiltration, exploitation, and interception.
Establishing the maturity of vendor security operations and defining the minimum
set of requirements and expectations in a policy is essential.
,Vendor viability is important when determining if a vendor will be in business on
an ongoing basis, that they have a viable and in-demand product, and the
financial means to stay afloat.
2. A security engineer at a software company is currently analyzing its supply
chain. What would the company's supply chain most likely involve? Select 3
answers.
A - Chips
B - Source code repositories
C - Development language
D - Third-party libraries - ANSWER B, C, & D; Source code repositories,
development language, and third party libraries
Platforms where developers store and manage their code play a significant role.
Examples like GitHub, GitLab, and Bitbucket are vital components of many modern
software supply chains. Events such as Microsoft's acquisition of GitHub highlight
the importance of these repositories in the software supply chain.
The programming language can have various implications, such as the libraries
and frameworks a company might use and their target platforms.
Third-party libraries are often integrated into software projects to expedite
development. They can also represent security risks if they aren't updated
regularly or originate from untrusted sources.
Chips are not as likely to be involved in software company supply chains but are
much more likely to be part of companies that sell hardware.
,3. A U.S. government agency has contracted a risk auditor to conduct a risk
assessment. Which of the following frameworks should the auditor use?
A - ISO 31000
B - COBIT
C - NIST RMF
D - COSO - ANSWER C - NIST RMF (Risk Management Framework)
The National Institute of Standards and Technology Risk Management Framework
(NIST RMF) defines standards that US Federal Agencies must use to assess and
manage cybersecurity risks.
The International Organization for Standardization (ISO) is one of the world's
largest developers of standards. Many international organizations have adopted
ISO standards to establish a common taxonomy among diverse industries.
The Control Objectives for Information and Related Technologies (COBIT) is a
framework created and maintained by Information Systems Audit and Control
Association (ISACA). COBIT frames IT risk from a business leadership viewpoint.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
is an initiative of five private sector organizations collaborating on the
development of risk management frameworks.
4. What are the two major components of risk? Select 2 answers.
A - Impact
, B - Exploitability
C - Integrity
D - Likelihood - ANSWER A & D - Impact & Likelihood
Impact is the severity of the risk when realized. Determining factors include the
scope, the value of the asset, or the financial impacts of the event.
The likelihood of occurrence is the probability that a threat is taking place.
Exploitability is a factor, though not one of the main components. It is one of the
primary scores multiplied to assess the CVSS score.
While integrity is not one of the main components, it does play a role in
calculating scores based on the Common Vulnerability Scoring System (CVSS). The
integrity metric describes the type of information alteration that might occur if an
attacker successfully exploits the vulnerability.
5. A consultant for various IT services wants to draft a document that explains
basic responsibilities but has concerns that companies will try to fight about
additional changes in the project. Therefore, the consultant wants to draft a
document to set expectations and keep companies from trying to get more
services than they paid for in the agreement. Which would best fit this situation?
A - MOU
B - NDA
C - MSA
D - ISA - ANSWER A - MOU (Memorandum of Understanding)
