1|Page
WGU D488 OA Final Exam Test Bank||Verified Exam!!
||WGU D488 Cybersecurity Architecture & Engineering
Newest 2026 Complete All 230 Questions And Correct
Detailed Answers |Already Graded A+||Newest Exam!!
A security team has been tasked with mitigating the risk of
stolen credentials after a recent breach. The solution must
isolate the use of privileged accounts. In the future,
administrators must request access to mission-critical
services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity - Answer-C) Privileged access
management (PAM)
A global manufacturing company is moving its applications
to the cloud. The security team has been tasked with
hardening the access controls for a corporate web
application that was recently migrated. End users should
,2|Page
be granted access to different features based on their
locations and departments.
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM) - Answer-C)
Attribute-based access control (ABAC)
A team of developers is building a new corporate web
application. The security team has stated that the
application must authenticate users through two separate
channels of communication.
Which type of authentication method should the
developers include when building the application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
,3|Page
D) Challenge-Handshake Authentication Protocol (CHAP)
- Answer-C) Out-of-band authentication
An IT organization is implementing a hybrid cloud
deployment. Users should be able to sign in to all
corporate resources using their email addresses as their
usernames, regardless of whether they are accessing an
application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec) - Answer-C) Single
sign-on (SSO)
The security team has been tasked with implementing a
secure authorization protocol for its web applications.
Which of the following protocols provides the best method
for securely authenticating users and granting access?
, 4|Page
A) Simple network management protocol (SNMP)
B) Extensible Authentication Protocol (EAP)
C) Open Authentication (OAuth)
D) Secure Sockets Layer (SSL) - Answer-C) Open
Authentication (OAuth)
An IT team is preparing the network for a hybrid cloud
deployment. A security analyst recently discovered that the
firmware of a router in the core data center has been
compromised. According to the analyst, the attack
occurred over a year ago without being detected.
Which type of threat actor is the most likely cause of the
attack?
A) Competitor
B) Hacktivist
C) Advanced persistent threat
D) Novice hacker - Answer-C) Advanced persistent threat
WGU D488 OA Final Exam Test Bank||Verified Exam!!
||WGU D488 Cybersecurity Architecture & Engineering
Newest 2026 Complete All 230 Questions And Correct
Detailed Answers |Already Graded A+||Newest Exam!!
A security team has been tasked with mitigating the risk of
stolen credentials after a recent breach. The solution must
isolate the use of privileged accounts. In the future,
administrators must request access to mission-critical
services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity - Answer-C) Privileged access
management (PAM)
A global manufacturing company is moving its applications
to the cloud. The security team has been tasked with
hardening the access controls for a corporate web
application that was recently migrated. End users should
,2|Page
be granted access to different features based on their
locations and departments.
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM) - Answer-C)
Attribute-based access control (ABAC)
A team of developers is building a new corporate web
application. The security team has stated that the
application must authenticate users through two separate
channels of communication.
Which type of authentication method should the
developers include when building the application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
,3|Page
D) Challenge-Handshake Authentication Protocol (CHAP)
- Answer-C) Out-of-band authentication
An IT organization is implementing a hybrid cloud
deployment. Users should be able to sign in to all
corporate resources using their email addresses as their
usernames, regardless of whether they are accessing an
application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec) - Answer-C) Single
sign-on (SSO)
The security team has been tasked with implementing a
secure authorization protocol for its web applications.
Which of the following protocols provides the best method
for securely authenticating users and granting access?
, 4|Page
A) Simple network management protocol (SNMP)
B) Extensible Authentication Protocol (EAP)
C) Open Authentication (OAuth)
D) Secure Sockets Layer (SSL) - Answer-C) Open
Authentication (OAuth)
An IT team is preparing the network for a hybrid cloud
deployment. A security analyst recently discovered that the
firmware of a router in the core data center has been
compromised. According to the analyst, the attack
occurred over a year ago without being detected.
Which type of threat actor is the most likely cause of the
attack?
A) Competitor
B) Hacktivist
C) Advanced persistent threat
D) Novice hacker - Answer-C) Advanced persistent threat
