D488 | D488 Cybersecurity Architecture and
Engineering Exam 4 Version 3 | Questions with
Correct Answers and Expert Explanation for Each
Question | WGU
1. Which principle of Zero Trust architecture requires that every access request be
authenticated and authorized regardless of the user’s location?
A. Implicit Trust
B. Perimeter Defense
C. Explicit Verification
D. Segmented Trust
Correct Answer: C
Expert Explanation: Explicit verification is a core pillar of Zero Trust that
mandates authentication for every request. This approach moves away from the
traditional model that trusts anyone inside the local network. By verifying identity,
location, and device health, the system minimizes the risk of unauthorized access.
This strategy ensures that security is applied granularly rather than at a broad
perimeter level. Implementing this principle helps mitigate the impact of stolen
credentials or compromised internal accounts.
,2. In the Cloud Shared Responsibility Model for Software as a Service (SaaS), who is
primarily responsible for securing the underlying infrastructure?
A. The Customer
B. The Cloud Service Provider
C. The Third-party Auditor
D. The Government Regulator
Correct Answer: B
Expert Explanation: In a SaaS environment, the Cloud Service Provider is
responsible for managing the physical data centers and the software stack. The
customer is generally only responsible for their own data and user access
management. This division allows the customer to focus on application usage rather
than infrastructure maintenance. Understanding these boundaries is critical for
effective risk management in cloud deployments. Failure to recognize these duties
often leads to security vulnerabilities due to misaligned expectations.
3. Which network security technique divides a network into smaller, isolated
segments to limit the lateral movement of an attacker?
A. Load Balancing
B. Dynamic Routing
C. Network Address Translation
,D. Micro-segmentation
Correct Answer: D
Expert Explanation: Micro-segmentation creates granular security zones within a
data center or cloud environment. This technique prevents an attacker who has
breached one segment from easily accessing other sensitive areas. It relies on
software-defined policies to control traffic between individual workloads. By
reducing the attack surface, organizations can contain breaches more effectively.
This is a vital component of modern cybersecurity architecture focused on internal
threat mitigation.
4. During which phase of the Secure Software Development Life Cycle (SDLC) is threat
modeling typically performed?
A. Maintenance
B. Deployment
C. Design
D. Testing
Correct Answer: C
Expert Explanation: Threat modeling is most effective when conducted during the
design phase of the SDLC. This process identifies potential security flaws before any
code is actually written. By analyzing the architecture early, developers can
, implement necessary controls more cost-effectively. It helps in prioritizing security
requirements based on the risk profile of the application. Integrating security at this
stage follows the principle of ‘security by design.’
5. What is the primary purpose of a Business Impact Analysis (BIA) in the context of
risk management?
A. To identify critical business functions and their recovery requirements
B. To install firewalls and intrusion detection systems
C. To perform background checks on new employees
D. To encrypt all data at rest and in transit
Correct Answer: A
Expert Explanation: A BIA is used to determine the potential effects of a disruption
to business operations. It helps organizations prioritize which systems need to be
recovered first after an incident. This analysis identifies Recovery Time Objectives
and Recovery Point Objectives for vital services. Without a BIA, disaster recovery
planning lacks the necessary business context to be effective. It serves as a
foundational element for both continuity planning and overall risk strategy.
6. Which cryptographic concept ensures that a sender cannot later deny having sent a
specific message?
A. Confidentiality
Engineering Exam 4 Version 3 | Questions with
Correct Answers and Expert Explanation for Each
Question | WGU
1. Which principle of Zero Trust architecture requires that every access request be
authenticated and authorized regardless of the user’s location?
A. Implicit Trust
B. Perimeter Defense
C. Explicit Verification
D. Segmented Trust
Correct Answer: C
Expert Explanation: Explicit verification is a core pillar of Zero Trust that
mandates authentication for every request. This approach moves away from the
traditional model that trusts anyone inside the local network. By verifying identity,
location, and device health, the system minimizes the risk of unauthorized access.
This strategy ensures that security is applied granularly rather than at a broad
perimeter level. Implementing this principle helps mitigate the impact of stolen
credentials or compromised internal accounts.
,2. In the Cloud Shared Responsibility Model for Software as a Service (SaaS), who is
primarily responsible for securing the underlying infrastructure?
A. The Customer
B. The Cloud Service Provider
C. The Third-party Auditor
D. The Government Regulator
Correct Answer: B
Expert Explanation: In a SaaS environment, the Cloud Service Provider is
responsible for managing the physical data centers and the software stack. The
customer is generally only responsible for their own data and user access
management. This division allows the customer to focus on application usage rather
than infrastructure maintenance. Understanding these boundaries is critical for
effective risk management in cloud deployments. Failure to recognize these duties
often leads to security vulnerabilities due to misaligned expectations.
3. Which network security technique divides a network into smaller, isolated
segments to limit the lateral movement of an attacker?
A. Load Balancing
B. Dynamic Routing
C. Network Address Translation
,D. Micro-segmentation
Correct Answer: D
Expert Explanation: Micro-segmentation creates granular security zones within a
data center or cloud environment. This technique prevents an attacker who has
breached one segment from easily accessing other sensitive areas. It relies on
software-defined policies to control traffic between individual workloads. By
reducing the attack surface, organizations can contain breaches more effectively.
This is a vital component of modern cybersecurity architecture focused on internal
threat mitigation.
4. During which phase of the Secure Software Development Life Cycle (SDLC) is threat
modeling typically performed?
A. Maintenance
B. Deployment
C. Design
D. Testing
Correct Answer: C
Expert Explanation: Threat modeling is most effective when conducted during the
design phase of the SDLC. This process identifies potential security flaws before any
code is actually written. By analyzing the architecture early, developers can
, implement necessary controls more cost-effectively. It helps in prioritizing security
requirements based on the risk profile of the application. Integrating security at this
stage follows the principle of ‘security by design.’
5. What is the primary purpose of a Business Impact Analysis (BIA) in the context of
risk management?
A. To identify critical business functions and their recovery requirements
B. To install firewalls and intrusion detection systems
C. To perform background checks on new employees
D. To encrypt all data at rest and in transit
Correct Answer: A
Expert Explanation: A BIA is used to determine the potential effects of a disruption
to business operations. It helps organizations prioritize which systems need to be
recovered first after an incident. This analysis identifies Recovery Time Objectives
and Recovery Point Objectives for vital services. Without a BIA, disaster recovery
planning lacks the necessary business context to be effective. It serves as a
foundational element for both continuity planning and overall risk strategy.
6. Which cryptographic concept ensures that a sender cannot later deny having sent a
specific message?
A. Confidentiality
