Free WGU Cybersecurity-Architecture-and-Engineering Practice Exam with Questions & Answers | Set: 4

Data support an organization's business goals by providing crucial information that aids in making informed decisions. Analyzing data helps identify trends, measure performance, and uncover insights that drive strategic planning and operational improvements. This informed decision-making process is vital for achieving business goals and staying competitive in the market.

Data encryptionensures confidentiality and integrity even if communications are intercepted. If properly implemented (e.g., using TLS), encryption makes the payload unreadable to the attacker.

NIST SP 800-52 Rev. 2 (Guidelines for the Selection and Use of Transport Layer Security):

“Encryption technologies provide secure channels that resist interception and unauthorized access, which is essential in mitigating MITM attacks.”

Passwords and Wi-Fi controls support security, but encryption is thecoredefense against data leakage during interception.

????WGU Course Alignment:

Domain:Cryptography

Topic:Apply encryption to secure data in transit and at rest

AData Protection Impact Assessment (DPIA)is a formal process toassess the risks to personal data privacybefore implementing systems or technologies that handle personal data, especially under regulations likeGDPRor HIPAA.

NIST Privacy Framework v1.0 (Appendix D):

“A DPIA helps organizations systematically analyze, identify, and minimize the data protection risks of a project or plan involving personal information.”

While BCP and DR focus on operational resilience, DPIA isprivacy-focusedand risk-driven.

????WGU Course Alignment:

Domain:Risk Management and Privacy Engineering

Topic:Conduct privacy impact assessments for systems processing personal data

The correct answer is B — Risk mitigation.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, risk mitigation involves taking steps to reduce either the likelihood or the impact of risks. Since the healthcare provider plans to implement tools to lower the risks identified at the clinic, it is using a mitigation strategy, not avoiding, transferring, or simply accepting the risk.

Risk acceptance (A) means taking no action. Risk transference (C) shifts responsibility elsewhere, such as through insurance. Risk avoidance (D) involves eliminating the risky activity entirely.

Reference Extract from Study Guide:

"Risk mitigation is the process of implementing measures to reduce the likelihood or impact of identified risks, often through security controls or operational changes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies

The correct answer is C — Data Protection Impact Assessment (DPIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a DPIA is conducted to assess how personal data is collected, stored, and processed, evaluating potential privacy impacts and defining measures to mitigate risks. This is essential for compliance with privacy laws and regulations, especially in systems handling sensitive customer information.

DR (A) and BCP (B) are about operational recovery, not data privacy. Risk management (D) is broader and not focused solely on privacy impact.

Reference Extract from Study Guide:

"A Data Protection Impact Assessment (DPIA) evaluates the effects of processing activities on the privacy of individuals and develops strategies to mitigate privacy risks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Privacy and Protection Strategies

=============================================

Multi-Factor Authentication (MFA)mitigates identity theft by requiring two or more factors (something you know, have, or are) for access. This significantly raises the difficulty of account compromise, especially in environments with sensitive supply chain data.

NIST SP 800-63B (Digital Identity Guidelines):

“MFA significantly reduces the likelihood of credential compromise and is strongly recommended for all user accounts accessing critical systems.”

While patching and firewalls are important, MFAdirectly addresses identity theftprevention.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement MFA for secure user authentication

The correct answer is C — Role-based access control (RBAC).

WGU KFO1 / D488 course material emphasizes that RBAC allows administrators to assign permissions based on roles rather than individual users. This method provides granular control and flexibility, allowing the organization to efficiently manage access rights across multiple cloud services while maintaining a strong security posture.

OAuth (A) and SAML (B) are protocols for authentication and authorization, not detailed access control models. Kerberos (D) is used for secure authentication within a network but does not provide the granular delegation capabilities needed for cloud service administration.

Reference Extract from Study Guide:

"Role-based access control (RBAC) provides a scalable and manageable model to assign permissions to users based on their organizational roles, ensuring flexibility and maintaining secure delegation of administrative tasks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

End-of-life (EOL) systemspose a significant security risk because they no longer receive patches or security updates. Themost effective and proactive hardening techniquein this case is tocompletely remove those systems from the network.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems no longer supported by vendors must be removed, replaced, or isolated as they pose unacceptable risks.”

Other controls are useful for broader protection, but if a system is inherently vulnerable and cannot be patched,removal is the only surefire solution.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement system hardening strategies and manage legacy systems

The correct answer is C — Control.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the control phase of the risk management life cycle involves implementing appropriate security measures or countermeasures to mitigate or eliminate identified risks. After a risk is assessed, controls are applied to address it and reduce its impact or likelihood.

Assess (A) evaluates risk severity. Identify (B) discovers risks. Review (D) checks the effectiveness of applied controls.

Reference Extract from Study Guide:

"The control phase of risk management focuses on applying security controls and mitigations to reduce the risk to an acceptable level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is C — Restrict access to the backups.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in protecting sensitive data such as cloud backups is enforcing access controls to limit who can access the data. Restricting access immediately mitigates the risk of unauthorized exposure or tampering.

Auditing access logs (A) provides insight but does not actively protect. Running vulnerability scans (B) identifies issues but does not protect immediately. Disabling repositories (D) is not practical for maintaining backup availability.

Reference Extract from Study Guide:

"Access control is the first line of defense for sensitive data repositories, ensuring that only authorized users can access backup data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Access Control

=============================================