Cybersecurity-Architecture-and-Engineering Exam Dumps - WGU Courses and Certificates Questions and Answers

The correct answer is C — Implementing a mobile device management (MDM) solution.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that an MDM solution enables organizations to enforce security policies on personal devices, such as encryption, remote wipe capabilities, and application controls. MDM allows safe access to corporate resources while managing the inherent risks of BYOD environments.

Blocking access (A) contradicts the BYOD policy goal. Security audits (B) monitor but do not control personal devices. Awareness training (D) is important but does not enforce technical protections on devices.

Reference Extract from Study Guide:

"Mobile device management (MDM) solutions enforce security policies on employee-owned devices, ensuring compliance and reducing the risks associated with BYOD implementations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Security

=============================================

IPsecis anend-to-end encryption protocol suitethat operates at thenetwork layer, providingauthentication, integrity, and confidentialitybetween virtual networks—even across different cloud environments like Azure and AWS.

NIST SP 800-77 Rev. 1 (Guide to IPsec VPNs):

“IPsec provides network-layer protection through authentication headers (AH) and encapsulating security payloads (ESP), suitable for securing traffic across untrusted environments.”

FTP is insecure, and SSH is more suitable for command-line access or remote sessions—not secure VPC-to-VPC tunnels.

????WGU Course Alignment:

Domain:Cryptography

Topic:Use encryption protocols like IPsec for secure data transmission between networks

A Business Intelligence (BI) system is designed to analyze and present data in a way that supports decision-making processes. It helps organizations make informed, strategic decisions by providing insights through data analysis, visualization, and reporting. BI systems aggregate data from various sources, enabling a comprehensive view of the business that informs planning and strategy.

Multi-Factor Authentication (MFA)mitigates identity theft by requiring two or more factors (something you know, have, or are) for access. This significantly raises the difficulty of account compromise, especially in environments with sensitive supply chain data.

NIST SP 800-63B (Digital Identity Guidelines):

“MFA significantly reduces the likelihood of credential compromise and is strongly recommended for all user accounts accessing critical systems.”

While patching and firewalls are important, MFAdirectly addresses identity theftprevention.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement MFA for secure user authentication

The correct answer is A — Homomorphic encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), homomorphic encryption allows computations to be performed directly on encrypted data without needing to decrypt it first. This ensures the confidentiality of the data even during processing.

SFE (B) allows two parties to jointly compute a function without revealing inputs but is not the same. SSL (C) secures communication channels. PIR (D) is for retrieving information privately, not computing on encrypted data.

Reference Extract from Study Guide:

"Homomorphic encryption allows operations on encrypted data, enabling secure processing by third parties without exposing underlying data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Advanced Encryption Techniques

=============================================

DMCA (Digital Millennium Copyright Act)

Purpose: The DMCA makes it illegal to violate copyrights by disseminating digitized material.

The DMCA was enacted in 1998 to address the issues of digital rights management and copyright infringement in the digital age. It provides legal protection to copyright holders against unauthorized copying, sharing, and distribution of their digital works. The legislation criminalizes the production and dissemination of technology, devices, or services intended tocircumvent measures that control access to copyrighted works (commonly known as DRM—Digital Rights Management).

DMCA Overview - U.S. Copyright Office

HIPAA (Health Insurance Portability and Accountability Act)

Purpose: Prohibits agencies from distributing an individual's health information without the individual's consent.

HIPAA, enacted in 1996, is designed to protect individuals' medical records and other personal health information. The Privacy Rule under HIPAA sets standards for the protection of health information by health plans, healthcare clearinghouses, and healthcare providers that conduct certain healthcare transactions electronically. It mandates the protection and confidential handling of protected health information (PHI).

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

Deploying the SMTP server in aDMZ between two firewallsallows email traffic to be filtered before it ever touches the internal network. The DMZ serves as a security buffer zone—where public-facing services are isolated but still accessible from both internal and external networks, thus reducing the attack surface.

NIST SP 800-41 Rev. 1 (Guidelines on Firewalls and Firewall Policy):

"Organizations often place publicly accessible resources (e.g., SMTP servers) in a demilitarized zone (DMZ) between two firewalls to provide layered protection and isolate internal systems from external threats."

????WGU Course Alignment:

Domain:Network Architecture and Design

Topic:Implement secure DMZ design and segmentation

Data Loss Prevention (DLP)systems are specifically designed todetect, monitor, andpreventunauthorized attempts to access, transmit, or extract sensitive data — including email, removable media, and cloud uploads.

NIST SP 800-207A (Data Protection):

“DLP systems are used to prevent sensitive information from being transmitted outside of a trusted boundary by monitoring and enforcing content-based policies.”

IDS and IPS detect threats but do notfocus on protecting data from being exfiltrated. MFA protects user identities, not data leakage.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Implement DLP controls to protect sensitive data from unauthorized extraction

The correct answer is C — Implementing shell restrictions.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), shell restrictions on Linux systems can prevent users (or attackers) from executing unauthorized commands, significantly reducing the exploitation risk on Linux servers.

Host-based IDPS (A) detects attacks but does not directly harden the OS. Access control (B) andassessments/penetration testing (D) are important but do not focus specifically on securing the Linux shell environment.

Reference Extract from Study Guide:

"Implementing shell restrictions on Linux systems minimizes the attack surface by limiting the ability of users and processes to execute unauthorized commands."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Linux System Hardening Techniques