Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with ValidTests

Aproprietary software licensetypically grants a business or user theright to usethe software.

Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.

The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.

Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.

References:

"Open Source Licensing: Software Freedom and Intellectual Property Law" by Lawrence Rosen.

"Proprietary Software Licenses Explained" from Software Engineering Institute.

The correct answer is C — Adjust the firewall configuration to drop traffic from these addresses.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that the firewall is the primary network defense that can block or filter unwanted incoming traffic based on IP addresses, geographical locations, and other attributes. Dropping traffic from untrusted regions at the firewall level effectively prevents further access attempts.

Adjusting SIEM (A) can improve alerting but not blocking. DNS changes (B) relate to domain resolution, not access control. Proxy servers (D) can limit outbound traffic but are not primarily used for blocking geographic access inbound.

Reference Extract from Study Guide:

"Adjusting firewall rules to drop or block traffic based on IP addresses or geolocation is a primary defense against unauthorized access attempts from suspicious regions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Firewall Configuration

=============================================

The correct first step in responding to a data breach, as emphasized in theWGU Cybersecurity Architecture and Engineering (KFO1 / D488)course material underIncident Responseprocedures, is tonotify affected users. This aligns with theContainment, Eradication, and Recoveryphase of theNIST Incident Response Lifecyclediscussed in the course content. Prompt notification is crucial to empower users to take immediate protective measures such as updating credentials or monitoring for identity theft.

While other actions like implementing access control policies or improving encryption are validpreventive or corrective controls, they are not theinitial response stepafter a breach is identified. Public announcements are typically handledafter internal assessmentsand legal compliance actions are underway.

Reference Extract from Study Guide:

“As soon as a breach affecting personal data is confirmed, organizations are obligated to notify impacted users in accordance with legal and ethical standards. Notification is part of the initial incident response phase and should occur immediately after verification of the breach.”

—WGU KFO1 / D488 Study Guide: Incident Handling and Response

=============================================

The correct answer is C — Device hardening.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that device hardening involves reducing vulnerabilities by disabling unnecessary services, ports, and features. Closing unneeded network ports minimizes the attack surface and strengthens device security.

An intrusion prevention system (A) monitors and blocks threats but does not close ports directly. A web application firewall (B) protects web apps, not device configurations. An intrusion detection system (D) only alerts but does not proactively secure devices.

Reference Extract from Study Guide:

"Device hardening minimizes vulnerabilities by disabling unnecessary services and ports, securing the system against network-based attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Device Hardening and Secure Configuration

=============================================

The correct answer is B — A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

The correct answer is B — Parallel simulation test.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a parallel simulation test as simulating a disaster recovery process where systems are restored at an alternate site without actually taking the primary systems offline. It allows organizations to test full restoration capabilities while avoiding disruption of live operations.

Walk-throughs (A) and tabletop exercises (D) are lower-impact simulations. Full interruption tests (C) would stop operations, which the company wants to avoid.

Reference Extract from Study Guide:

"Parallel simulation tests validate the ability to recover and operate critical systems at an alternate site without affecting primary business operations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Types

=============================================

The correct answer is D — Likelihood.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that when evaluating the chance of future incidents, the focus should be on likelihood — the probability that a threat will exploit a vulnerability again. Given that a breach has already occurred, it is important to assess how likely another breach could happen without additional security measures.

Impact (A) measures consequences, not probability. Risk (B) is a combination of impact and likelihood, but to specifically focus on future potential, likelihood (D) is primary. Threat actors (C) describe adversaries, not probabilities.

Reference Extract from Study Guide:

"Likelihood refers to the probability that a specific threat will successfully exploit a vulnerability, and is a key consideration in predicting future incidents."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Assessment Concepts

=============================================

The correct answer is D — Establish a baseline for normal activity.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.

Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.

Reference Extract from Study Guide:

"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

=============================================

The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical systems and establishing a disaster recovery plan ensures business continuity and system availability even after incidents like hardware failures, cyberattacks, or data corruption.

While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, backups and disaster recovery specifically ensure availability.

Reference Extract from Study Guide:

"Data backups and disaster recovery planning are essential controls to ensure system availability during and after a security incident or technical failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery

=============================================

The correct answer is A — Developing and implementing a testing plan for the DRP.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), testing the disaster recovery plan is critical to ensuring that it is functional and effective when an actual disruptive event occurs. Regularly scheduled DRP testing validates that recovery processes work as intended and that personnel are familiar with their responsibilities.

Reviewing (B) and training (D) are important but are supplementary activities. Risk assessment (C) is important for planning but does not test the DRP.

Reference Extract from Study Guide:

"Testing and exercising disaster recovery plans ensure operational readiness and reveal gaps or weaknesses that can be corrected before an actual event occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing and Validation

=============================================