Cybersecurity-Architecture-and-Engineering Exam Dumps - WGU Courses and Certificates Questions and Answers

Applyingregular updates and patchesis fundamental to risk mitigation. Choosing ahybrid cloud topologyallows the financial institution to retaincritical services in-housewhile leveragingcloud scalabilityfor high-volume transactions.

NIST SP 800-160 Vol. 1 (Systems Security Engineering):

“Security patching is essential for mitigating vulnerabilities, especially in high-assurance environments like financial systems.”

Thehybrid modelbalancesperformance, control, and security, which is vital for core banking systems.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply risk mitigation techniques and choose secure deployment topologies

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is C — Determine business processes and recovery criticality, identify resource requirements, and identify recovery priorities for system resources.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies critical business functions, determines the impact of disruptions, and establishes recovery priorities, including resource needs.

A (monitoring) relates to incident response. B (developing BCP) is after BIA. D (recovery strategies) is part of disaster recovery planning after BIA findings.

Reference Extract from Study Guide:

"Business impact analysis (BIA) involves determining critical business processes, evaluating their recovery requirements, and prioritizing system recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Impact Analysis Procedures

=============================================

The correct answer is D — By providing over-the-air updates.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that over-the-air(OTA) updates allow organizations to remotely deploy patches and updates to mobile devices without requiring users to manually visit a central location. This method is essential for maintaining security for a geographically dispersed workforce.

Remote module updates (A), tokenized container updates (B), and mobile station updates (C) are not standard or widely recognized terms for mobile device update practices in this context.

Reference Extract from Study Guide:

"Over-the-air (OTA) updates ensure that security patches and software updates can be remotely deployed to mobile devices, supporting business continuity and device security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Management and Security

=============================================

Electronic Codebook (ECB)is thesimplest modeof block cipher operation, but it encrypts each blockindependently, which results inidentical ciphertext for identical plaintext blocks— making itunsafe for use with structured or repetitive data.

NIST SP 800-38A (Recommendation for Block Cipher Modes of Operation):

“ECB reveals patterns in plaintext and should not be used when such patterns are meaningful and predictable.”

Though efficient, ECB lackssemantic securityand is rarely recommended in practice.

????WGU Course Alignment:

Domain:Cryptography

Topic:Evaluate block cipher modes for appropriate use cases

Geo-IP filtering at the firewallis a well-established method of blocking traffic from regions that the organization does not do business with or has no legitimate presence in.

NIST SP 800-41 Rev. 1 (Guidelines on Firewalls):

“Firewalls can be configured to block traffic based on geolocation or IP ranges to reduce exposure to known hostile regions.”

Firewalls are thefirst line of defensein the network perimeter; adjusting SIEM rules doesn’t actively block access.

????WGU Course Alignment:

Domain:Network Security

Topic:Implement firewall filtering rules for geographic and IP-based restrictions

Google Apps, Dropbox, and GoToMeeting are examples of Software-as-a-Service (SaaS). SaaS provides software applications over the internet as a service. Users can access the softwarethrough a web browser without needing to install and maintain the software on their local devices, making it convenient and cost-effective for both individuals and businesses.

It is better to purchase software rather than build a software solution in-house when there is a short timeline. Building software from scratch requires significant time for development, testing, and deployment. Purchasing off-the-shelf software can significantly reduce the time needed to implement a solution. Other considerations include:

Cost-effectiveness: Pre-built software can be more cost-effective than developing a custom solution, especially when factoring in the costs of development, maintenance, and support.

Immediate availability: Purchased software is usually ready to deploy immediately, whereas custom development can take months or even years.

Proven reliability: Commercial software often has a track record of reliability and user support, reducing the risk of bugs and issues that may arise with custom development.

Therefore, when time is of the essence, purchasing software is the preferable option.

References

Ian Sommerville, "Software Engineering," Pearson.

Steve McConnell, "Rapid Development: Taming Wild Software Schedules," Microsoft Press.

The correct answer is D — Identity federation.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) details that identity federation enables users to authenticate using the same credentials across multiple systems and platforms, including hybrid cloud and on-premises environments. Federation facilitates Single Sign-On (SSO) and seamless authentication.

Two-step verification (A) improves authentication strength but does not federate identities. CHAP (B) is an old protocol for PPP connections. Privileged identity management (C) manages high-privilege accounts, not general user access across domains.

Reference Extract from Study Guide:

"Identity federation allows for seamless authentication across on-premises and cloud environments by trusting external identity providers, supporting Single Sign-On (SSO) and hybrid deployments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Federation and Identity Management Concepts

Theavailabilityof the POS system depends on itsresilience against known vulnerabilities. Applyingregular security patchesensures that attackers cannot exploit outdated components, which could crash or disrupt the POS system.

NIST SP 800-40 Rev. 3 (Guide to Enterprise Patch Management):

“Prompt application of security patches mitigates vulnerabilities that can be exploited to disrupt system availability or compromise data.”

Backups protect from data loss, butpatching is proactive protectionfor uptime and availability.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Maintain system availability through proactive patch management