Free WGU Cybersecurity-Architecture-and-Engineering Practice Exam with Questions & Answers

The correct answer is C — Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) clearly states that encryption protects the confidentiality of transmitted information. In the case of SNMP (especially older versions like SNMPv1 and SNMPv2), communications are unencrypted, making encryption critical to protecting network management information from unauthorized disclosure.

Access controls (A) restrict who can access systems but do not encrypt data. Network segmentation (B) separates systems but does not encrypt traffic. Security monitoring (D) detects threats but does not protect data confidentiality.

Reference Extract from Study Guide:

"Encryption safeguards sensitive data transmitted over the network, ensuring confidentiality in compliance with privacy regulations such as HIPAA."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Data Protection

The correct answer is C — Implementing a mobile device management (MDM) solution.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that an MDM solution enables organizations to enforce security policies on personal devices, such as encryption, remote wipe capabilities, and application controls. MDM allows safe access to corporate resources while managing the inherent risks of BYOD environments.

Blocking access (A) contradicts the BYOD policy goal. Security audits (B) monitor but do not control personal devices. Awareness training (D) is important but does not enforce technical protections on devices.

Reference Extract from Study Guide:

"Mobile device management (MDM) solutions enforce security policies on employee-owned devices, ensuring compliance and reducing the risks associated with BYOD implementations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Security

=============================================

The correct answer is B — Business impact analysis (BIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies and prioritizes critical business functions and assesses the impact of disruptions on those functions. It determines recovery priorities and establishes the framework for disaster recovery and business continuity planning.

BCP (A) is the broader planning effort. DR (C) focuses on restoring systems. IR (D) responds to specific incidents, not overall business impacts.

Reference Extract from Study Guide:

"Business impact analysis (BIA) determines the criticality of business processes by assessing thepotential impacts of disruptions, providing the foundation for prioritizing recovery efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery Planning

=============================================

The correct answer is A — Virtual private network (VPN).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a VPN creates an encrypted tunnel over public or private networks, ensuring confidentiality, integrity, and authentication of data transmitted between geographically dispersed offices.

SIEM (B) manages security events, not secure communications. PPTP (C) is an outdated and insecure VPN protocol. NAC (D) enforces endpoint security but does not establish secure tunnels.

Reference Extract from Study Guide:

"A virtual private network (VPN) provides a secure, encrypted tunnel between geographically separated networks, enabling confidential communication over untrusted networks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Remote Access Technologies

To protect datain use(within memory), the provider must implementhardware-level memory encryptionandtrusted execution environments(secure enclaves), which protect against cold boot attacks, memory scraping, and unauthorized access.

NIST SP 800-207A (Hardware-Enabled Security: Enclaves):

“Trusted execution environments and memory encryption mechanisms help ensure that data remains protected even when systems are compromised at lower levels.”

This is amodern cloud security best practiceespecially useful forconfidential computingenvironments.

????WGU Course Alignment:

Domain:System Security Engineering / Cryptography

Topic:Protect data in use with hardware-based encryption and enclaves

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.

Example: In the URL "http://www.example.com/index.html":

"http" is the protocol.

"www.example.com" is the domain name.

"/index.html" is the resource path ID.

The other options:

The protocol specifies the communication method.

The resource path ID specifies the specific page or resource on the server.

The IP address is not typically visible in the URL itself but can be resolved via DNS.

Therefore, the domain name is the correct part that identifies the server.

The correct answer is C — Cyber kill chain.

The Cyber Kill Chain, developed by Lockheed Martin, is a model that breaks down a cyber attack into seven distinct phases: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives. According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study materials, this model helps security teams understand and interrupt an attack at various stages.

While MITRE ATT&CK (B) and its ICS variant (A) provide detailed mappings of techniques used by attackers, they are not structured specifically into seven phases like the Cyber Kill Chain. The Diamond Model (D) is an analysis methodology, not a phase-based model.

Reference Extract from Study Guide:

"The Cyber Kill Chain model divides the sequence of a cyber attack into seven phases, providing a structured method for analyzing and disrupting attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Attack Frameworks and Methodologies

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

The correct answer is A — Mandatory access control (MAC).

Per WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, MAC is a strict access control model where access to resources is based on information labels (such as classified, secret, top secret) and user clearances. Only administrators define and control the policy rules, and users cannot alter access settings, making it ideal for environments where classification labels determine access rights, such as government systems.

ABAC (B) focuses on attributes but is more dynamic rather than based purely on rigid classifications. DAC (C) gives data owners control over access permissions, unsuitable for classified government environments. RBAC (D) assigns permissions based on roles, but not necessarily aligned with security labels.

Reference Extract from Study Guide:

"Mandatory access control (MAC) enforces access policies based on fixed labels and security classifications, making it the preferred model for high-security environments like government agencies handling classified data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================