1|Page 2|Page
WGU D488 OA Final Exam /WGU D488 Cybersecurity Architecture & Engineering Newest B - Password Auditing
2025/2026 Complete All 100 Questions And Correct Detailed Answers |Already Graded
C - Password Guessing
A+||Already Graded A+
D - Password History - ANSWER=B - Password Auditing
A security consultant is conducting a security assessment and is trying to communicate
A disaster recovery planner needs to focus prioritization efforts around operational impact. The
reasons that flaws may exist. What are the primary categories in which these flaws exist?
disaster recovery planner should focus on which system?
Select 3 answers.
A - Demilitarized Zone
A - Communication
B - External systems
B - People
C - Systems with critical vulnerabilities
C - Process
D - Mission critical - ANSWER=D - Mission Critical
D - Technology - ANSWER=B, C, & D; People, Process, and Technology
A small business is looking at migrating to the cloud but wants as little administration
responsibility as possible. Which of the following solutions would best suit them?
Password auditing allows for existing passwords to be compared against known weak passwords
A - IaaS
to help determine the security of a credential.
B - PaaS
C - SaaS
What should an organization implement if it wants users of their site to provide a password,
D - DRaaS - ANSWER=C - SaaS memorable word, and pin?
A - Multi-factor authentication (MFA)
The security operations center (SOC) team for a global company is planning an initiative to B - Two-factor authentication (2FA)
defend against security breaches. Leadership wants the team to monitor for threats against the
C - Two-step verification
organization's data, credentials, and brand reputation by scanning networks that can not be
accessed via search engines. Which type of network should be scanned based on the D - Single-factor authentication - ANSWER=A - Multi-factor authentication
requirements?
A - Wireless fidelity
The security team recently enabled public access to a web application hosted on a server inside
B - Intranet the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
C - Deep web
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
D - Supervisory control and data acquisition - ANSWER=C - Deep web requirements?
Which security technique should be used to detect a weak password that may match common A - Virtual private network (VPN)
dictionary words?
B - Security information and event management (SIEM)
A - Password Spraying
,3|Page 4|Page
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - ANSWER=C - Web application firewall (WAF) A company is developing a cybersecurity risk management program and wants to establish
metrics to measure the program's effectiveness. What should the company consider?
A financial services company has experienced several incidents of data breaches in recent
months. The company has analyzed the indicators of compromise and determined that the data A - Key performance indicators (KPIs)
breaches were caused by insider threats. The company has decided to implement hardening
B - Key risk indicators (KRIs)
techniques and endpoint security controls to mitigate the risk. What should be used to prevent
data breaches caused by insider threats based on the indicators of compromise? C - Risk appetite
A - Network monitoring D - Risk tolerance - ANSWER=A - Key performance indicators (KPIs)
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP) An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
D - Access control systems (ACS) - ANSWER=C - Data loss prevention (DLP)
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
The cybersecurity analyst at a software company conducted a vulnerability assessment to A - Implementing a demilitarized zone (DMZ)
identify potential security risks to the organization and discovered multiple vulnerabilities on
B - Installing a hardware security module
the company's webpage. The analyst then provided the results to the chief information security
officer (CISO), who then decided not to fix the discrepancies due to the vulnerabilities being C - Implementing port security
outside of the organization's resources. Which risk mitigation strategy is demonstrated in this
D - Deploying a software firewall - ANSWER=C - Implementing port security
scenario?
A - Accept
The chief technology officer for a small publishing company has been tasked with improving the
B - Mitigate
company's security posture. As part of a network upgrade, the company has decided to
C - Avoid implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
D - Transfer - ANSWER=A - Accept
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
A company wants to implement a policy to reduce the risk of unauthorized access to sensitive
B - Deploying a proxy server
information. Which policy should be implemented?
C - Deploying a unified threat management (UTM) appliance
A - Least privilege
D - Deploying a web application firewall (WAF) - ANSWER=C - Deploying a unified threat
B - Separation of duties
management (UTM) appliance
C - Job rotation
D - Data encryption - ANSWER=A - Least privilege
,5|Page 6|Page
The security team plans to deploy an intrusion detection system (IDS) solution to alert engineers A - Virtual desktop infrastructure (VDI)
about inbound threats. The team already has a database of signatures that they want the IDS
B - Remote Desktop Protocol (RDP)
solution to validate. Which detection technique meets the requirements?
C - Digital rights management (DRM)
A - Intrusion detection
D - Watermarking - ANSWER=C - Digital rights management (DRM)
B - Deep packet inspection
C - Signature-based detection
A company has recently discovered that a competitor is distributing copyrighted videos
D - Intrusion prevention - ANSWER=C - Signature-based detection
produced by the in-house marketing team. Management has asked the security team to prevent
these types of violations in the future. Which solution fulfills these requirements?
An IT organization had a security breach after deploying an update to its production web A - Virtual desktop infrastructure (VDI)
servers. The application currently goes through a manual update process a few times per year.
B - Secure Socket Shell (SSH)
The security team needs to recommend a failback option for future deployments. Which
solution fulfills these requirements? C - Digital rights management (DRM)
A - Implementing a code scanner D - Remote Desktop Protocol (RDP) - ANSWER=C - Digital rights management (DRM)
B - Implementing code signing
C - Implementing versioning A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure. How should these vulnerability scans be conducted when implementing zero
D - Implementing a security requirements traceability matrix (SRTM) - ANSWER=C -
trust security?
Implementing versioning
A - Manually
B - Annually
A software development team is working on a new mobile application that will be used by
customers. The security team must ensure that builds of the application will be trusted by a C - Automatically
variety of mobile devices. Which solution fulfills these requirements?
D - As needed - ANSWER=C - Automatically
A - Code scanning
B - Regression testing
A healthcare company needs to ensure that medical researchers cannot inadvertently share
C - Code signing protected health information (PHI) data from medical records. What is the best solution?
D - Continuous delivery - ANSWER=C - Code signing A - Encryption
B - Metadata
An IT organization recently suffered a data leak incident. Management has asked the security C - Anonymization
team to implement a print blocking mechanism for all documents stored on a corporate file
D - Obfuscation - ANSWER=C - Anonymization
share. Which solution fulfills these requirements?
, 7|Page 8|Page
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in to
all corporate resources using their email addresses as their usernames, regardless of whether
A security team has been tasked with mitigating the risk of stolen credentials after a recent
they are accessing an application on-premises or in the cloud. Which solution meets this
breach. The solution must isolate the use of privileged accounts. In the future, administrators
requirement?
must request access to mission-critical services before they can perform their tasks. What is the
best solution? A - JSON Web Token (JWT)
A - Identity and access management (IAM) B - Trusted Platform Module (TPM)
B - Password policies C - Single sign-on (SSO)
C - Privileged access management (PAM) D - Internet Protocol Security (IPsec) - ANSWER=C - Single sign-on (SSO)
D - Password complexity - ANSWER=C - Privileged access management (PAM)
The security team has been tasked with implementing a secure authorization protocol for its
web applications. Which of the following protocols provides the best method for securely
A global manufacturing company is moving its applications to the cloud. The security team has
authenticating users and granting access?
been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their A - Simple network management protocol (SNMP)
locations and departments. Which access control solution should be implemented?
B - Extensible Authentication Protocol (EAP)
A - Kerberos
C - Open Authentication (OAuth)
B - Mandatory access control (MAC)
D - Secure Sockets Layer (SSL) - ANSWER=C - Open Authentication (OAuth)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) - ANSWER=C - Attribute-based access control (ABAC)
An IT team is preparing the network for a hybrid cloud deployment. A security analyst recently
discovered that the firmware of a router in the core data center has been compromised.
According to the analyst, the attack occurred over a year ago without being detected. Which
A team of developers is building a new corporate web application. The security team has stated
type of threat actor is the most likely cause of the attack?
that the application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the A - Competitor
application?
B - Hacktivist
A - In-band authentication
C - Advanced persistent threat
B - Kerberos
D - Novice hacker - ANSWER=C - Advanced persistent threat
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) - ANSWER=C - Out-of-band
The security operations center (SOC) team just received a notification that multiple
authentication
vulnerabilities are present in the codebase of a corporate application. Which threat type is most
likely in this scenario?
WGU D488 OA Final Exam /WGU D488 Cybersecurity Architecture & Engineering Newest B - Password Auditing
2025/2026 Complete All 100 Questions And Correct Detailed Answers |Already Graded
C - Password Guessing
A+||Already Graded A+
D - Password History - ANSWER=B - Password Auditing
A security consultant is conducting a security assessment and is trying to communicate
A disaster recovery planner needs to focus prioritization efforts around operational impact. The
reasons that flaws may exist. What are the primary categories in which these flaws exist?
disaster recovery planner should focus on which system?
Select 3 answers.
A - Demilitarized Zone
A - Communication
B - External systems
B - People
C - Systems with critical vulnerabilities
C - Process
D - Mission critical - ANSWER=D - Mission Critical
D - Technology - ANSWER=B, C, & D; People, Process, and Technology
A small business is looking at migrating to the cloud but wants as little administration
responsibility as possible. Which of the following solutions would best suit them?
Password auditing allows for existing passwords to be compared against known weak passwords
A - IaaS
to help determine the security of a credential.
B - PaaS
C - SaaS
What should an organization implement if it wants users of their site to provide a password,
D - DRaaS - ANSWER=C - SaaS memorable word, and pin?
A - Multi-factor authentication (MFA)
The security operations center (SOC) team for a global company is planning an initiative to B - Two-factor authentication (2FA)
defend against security breaches. Leadership wants the team to monitor for threats against the
C - Two-step verification
organization's data, credentials, and brand reputation by scanning networks that can not be
accessed via search engines. Which type of network should be scanned based on the D - Single-factor authentication - ANSWER=A - Multi-factor authentication
requirements?
A - Wireless fidelity
The security team recently enabled public access to a web application hosted on a server inside
B - Intranet the corporate network. The developers of the application report that the server has received
several structured query language (SQL) injection attacks in the past several days. The team
C - Deep web
needs to deploy a solution that will block the SQL injection attacks. Which solution fulfills these
D - Supervisory control and data acquisition - ANSWER=C - Deep web requirements?
Which security technique should be used to detect a weak password that may match common A - Virtual private network (VPN)
dictionary words?
B - Security information and event management (SIEM)
A - Password Spraying
,3|Page 4|Page
C - Web application firewall (WAF)
D - Secure Socket Shell (SSH) - ANSWER=C - Web application firewall (WAF) A company is developing a cybersecurity risk management program and wants to establish
metrics to measure the program's effectiveness. What should the company consider?
A financial services company has experienced several incidents of data breaches in recent
months. The company has analyzed the indicators of compromise and determined that the data A - Key performance indicators (KPIs)
breaches were caused by insider threats. The company has decided to implement hardening
B - Key risk indicators (KRIs)
techniques and endpoint security controls to mitigate the risk. What should be used to prevent
data breaches caused by insider threats based on the indicators of compromise? C - Risk appetite
A - Network monitoring D - Risk tolerance - ANSWER=A - Key performance indicators (KPIs)
B - Intrusion detection systems (IDS)
C - Data loss prevention (DLP) An IT security team has been notified that external contractors are using their personal laptops
to gain access to the corporate network. The team needs to recommend a solution that will
D - Access control systems (ACS) - ANSWER=C - Data loss prevention (DLP)
prevent unapproved devices from accessing the network. Which solution fulfills these
requirements?
The cybersecurity analyst at a software company conducted a vulnerability assessment to A - Implementing a demilitarized zone (DMZ)
identify potential security risks to the organization and discovered multiple vulnerabilities on
B - Installing a hardware security module
the company's webpage. The analyst then provided the results to the chief information security
officer (CISO), who then decided not to fix the discrepancies due to the vulnerabilities being C - Implementing port security
outside of the organization's resources. Which risk mitigation strategy is demonstrated in this
D - Deploying a software firewall - ANSWER=C - Implementing port security
scenario?
A - Accept
The chief technology officer for a small publishing company has been tasked with improving the
B - Mitigate
company's security posture. As part of a network upgrade, the company has decided to
C - Avoid implement intrusion detection, spam filtering, content filtering, and antivirus controls. The
project needs to be completed using the least amount of infrastructure while meeting all
D - Transfer - ANSWER=A - Accept
requirements. Which solution fulfills these requirements?
A - Deploying an anti-spam gateway
A company wants to implement a policy to reduce the risk of unauthorized access to sensitive
B - Deploying a proxy server
information. Which policy should be implemented?
C - Deploying a unified threat management (UTM) appliance
A - Least privilege
D - Deploying a web application firewall (WAF) - ANSWER=C - Deploying a unified threat
B - Separation of duties
management (UTM) appliance
C - Job rotation
D - Data encryption - ANSWER=A - Least privilege
,5|Page 6|Page
The security team plans to deploy an intrusion detection system (IDS) solution to alert engineers A - Virtual desktop infrastructure (VDI)
about inbound threats. The team already has a database of signatures that they want the IDS
B - Remote Desktop Protocol (RDP)
solution to validate. Which detection technique meets the requirements?
C - Digital rights management (DRM)
A - Intrusion detection
D - Watermarking - ANSWER=C - Digital rights management (DRM)
B - Deep packet inspection
C - Signature-based detection
A company has recently discovered that a competitor is distributing copyrighted videos
D - Intrusion prevention - ANSWER=C - Signature-based detection
produced by the in-house marketing team. Management has asked the security team to prevent
these types of violations in the future. Which solution fulfills these requirements?
An IT organization had a security breach after deploying an update to its production web A - Virtual desktop infrastructure (VDI)
servers. The application currently goes through a manual update process a few times per year.
B - Secure Socket Shell (SSH)
The security team needs to recommend a failback option for future deployments. Which
solution fulfills these requirements? C - Digital rights management (DRM)
A - Implementing a code scanner D - Remote Desktop Protocol (RDP) - ANSWER=C - Digital rights management (DRM)
B - Implementing code signing
C - Implementing versioning A security team has been tasked with performing regular vulnerability scans for a cloud-based
infrastructure. How should these vulnerability scans be conducted when implementing zero
D - Implementing a security requirements traceability matrix (SRTM) - ANSWER=C -
trust security?
Implementing versioning
A - Manually
B - Annually
A software development team is working on a new mobile application that will be used by
customers. The security team must ensure that builds of the application will be trusted by a C - Automatically
variety of mobile devices. Which solution fulfills these requirements?
D - As needed - ANSWER=C - Automatically
A - Code scanning
B - Regression testing
A healthcare company needs to ensure that medical researchers cannot inadvertently share
C - Code signing protected health information (PHI) data from medical records. What is the best solution?
D - Continuous delivery - ANSWER=C - Code signing A - Encryption
B - Metadata
An IT organization recently suffered a data leak incident. Management has asked the security C - Anonymization
team to implement a print blocking mechanism for all documents stored on a corporate file
D - Obfuscation - ANSWER=C - Anonymization
share. Which solution fulfills these requirements?
, 7|Page 8|Page
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in to
all corporate resources using their email addresses as their usernames, regardless of whether
A security team has been tasked with mitigating the risk of stolen credentials after a recent
they are accessing an application on-premises or in the cloud. Which solution meets this
breach. The solution must isolate the use of privileged accounts. In the future, administrators
requirement?
must request access to mission-critical services before they can perform their tasks. What is the
best solution? A - JSON Web Token (JWT)
A - Identity and access management (IAM) B - Trusted Platform Module (TPM)
B - Password policies C - Single sign-on (SSO)
C - Privileged access management (PAM) D - Internet Protocol Security (IPsec) - ANSWER=C - Single sign-on (SSO)
D - Password complexity - ANSWER=C - Privileged access management (PAM)
The security team has been tasked with implementing a secure authorization protocol for its
web applications. Which of the following protocols provides the best method for securely
A global manufacturing company is moving its applications to the cloud. The security team has
authenticating users and granting access?
been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their A - Simple network management protocol (SNMP)
locations and departments. Which access control solution should be implemented?
B - Extensible Authentication Protocol (EAP)
A - Kerberos
C - Open Authentication (OAuth)
B - Mandatory access control (MAC)
D - Secure Sockets Layer (SSL) - ANSWER=C - Open Authentication (OAuth)
C - Attribute-based access control (ABAC)
D - Privileged access management (PAM) - ANSWER=C - Attribute-based access control (ABAC)
An IT team is preparing the network for a hybrid cloud deployment. A security analyst recently
discovered that the firmware of a router in the core data center has been compromised.
According to the analyst, the attack occurred over a year ago without being detected. Which
A team of developers is building a new corporate web application. The security team has stated
type of threat actor is the most likely cause of the attack?
that the application must authenticate users through two separate channels of communication.
Which type of authentication method should the developers include when building the A - Competitor
application?
B - Hacktivist
A - In-band authentication
C - Advanced persistent threat
B - Kerberos
D - Novice hacker - ANSWER=C - Advanced persistent threat
C - Out-of-band authentication
D - Challenge-Handshake Authentication Protocol (CHAP) - ANSWER=C - Out-of-band
The security operations center (SOC) team just received a notification that multiple
authentication
vulnerabilities are present in the codebase of a corporate application. Which threat type is most
likely in this scenario?
