Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with ValidTests

Intranet Application Software:

Intranet applications are designed to be used within an organization’s internal network. They are not accessible from outside the organization unless through a secure connection like a VPN.

Characteristics:

Internal Hosting: These applications are hosted on servers within the business network, ensuring that only authorized internal users can access them.

Security: Since they are hosted internally, they can be secured with internal security measures like firewalls and access controls.

Incorrect Options:

A: Describes applications hosted by external providers.

C: Describes applications hosted by third-party web portals.

D: Describes standalone applications on individual computers.

The correct answer is B — Advanced Encryption Standard (AES).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient for encrypting stored or transmitted healthcare data.

WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an asymmetric encryption method typically used for key exchanges, not bulk data encryption.

Reference Extract from Study Guide:

"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing strong protection for confidentiality and integrity in HIPAA-regulated environments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory Compliance

=============================================

The correct answer is A — Risk appetite.

As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, risk appetite defines the amount and type of risk an organization is willing to accept in pursuit of its objectives. It is a strategic-level metric used by executive leadership and boards to determine if the current level of risk exceeds what the organization is comfortable handling.

Risk evaluation plans (B) outline how risks are assessed, treatment plans (C) describe mitigation actions, and risk tolerance (D) is more operational, defining acceptable variation from the appetite but not the overall strategic limit.

Reference Extract from Study Guide:

"Risk appetite represents the amount of risk an organization is willing to pursue or retain and is established by senior leadership as part of governance activities."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Concepts

=============================================

Multi-Factor Authentication (MFA)mitigates identity theft by requiring two or more factors (something you know, have, or are) for access. This significantly raises the difficulty of account compromise, especially in environments with sensitive supply chain data.

NIST SP 800-63B (Digital Identity Guidelines):

“MFA significantly reduces the likelihood of credential compromise and is strongly recommended for all user accounts accessing critical systems.”

While patching and firewalls are important, MFAdirectly addresses identity theftprevention.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement MFA for secure user authentication

The correct answer is B — Implementing security patches and updates on a regular basis and using hybrid cloud topology.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that timely application of security patches is critical to addressing vulnerabilities like outdated software. A hybrid cloud topology offers the flexibility and scalability needed by financial institutions while keeping sensitive data protected in more controlled environments.

Strong password policies (A) help, but public cloud alone may not be best for sensitive banking systems. Antivirus (C) addresses only part of the threat. Private cloud (D) improves security but may not offer the scalability benefits of a hybrid approach.

Reference Extract from Study Guide:

"Timely application of security patches mitigates vulnerabilities, and hybrid cloud models balance the need for scalability and sensitive data protection in financial institutions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Mitigation Strategies and Cloud Topologies

=============================================

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

Regularlyreviewing and updatingthe Disaster Recovery Plan ensures it remains effective astechnology, processes, and risks evolve. It ensures that the DRP reflects current infrastructure, contacts, and business requirements.

NIST SP 800-34 Rev. 1:

“Plans should be reviewed and updated regularly to ensure accuracy and relevance. Failure to do so may result in ineffective or outdated procedures.”

Testing is important, butregular updates ensure long-term plan viability.

????WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Maintain and periodically revise DRPs to reflect current risks and systems

An algorithm is a defined set of step-by-step procedures or a set of rules to be followed to perform a specific task or solve a problem. Here are the characteristics that describe an algorithm:

Unambiguous rules: Each step of an algorithm must be clearly defined and unambiguous. There should be no confusion in interpreting the instructions.

Definiteness: The algorithm should have a clear starting and stopping point, leading to a precise output after a finite number of steps.

Finiteness: Algorithms must terminate after a finite number of steps. They cannot run indefinitely.

Input and Output: An algorithm should take zero or more inputs and produce at least one output.

Therefore, the correct answer is "Unambiguous rules," as it directly reflects the essential characteristic of an algorithm being precise and clear in its steps.

References

Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, "Introduction to Algorithms," MIT Press.

Donald E. Knuth, "The Art of Computer Programming," Addison-Wesley.

The correct answer is B — Password policies.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that strong password policies, including requirements for complexity, minimum length, expiration, and reuse restrictions, are essential for protecting user credentials from compromise.

Object storage (A) and removable storage (C) deal with data storage, not password management. Hardware key managers (D) manage cryptographic keys, not passwords directly.

Reference Extract from Study Guide:

"Implementing strong password policies enforces secure password practices among users, reducing the risk of credential compromise."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Controls

=============================================

The correct answer is C — Obfuscating error messages on the site or within the uniform resource locator (URL).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that minimizing the information revealed through error messages and URLs prevents attackers from gathering reconnaissance information that could be used to exploit vulnerabilities.

HTTPS (A and B) protects data in transit but does not conceal server details. PCI-DSS certification (D) improves overall security but is not focused specifically on information disclosure during a redesign.

Reference Extract from Study Guide:

"Obfuscating detailed error messages and removing revealing information in URLs help prevent attackers from gaining reconnaissance data that could be used in targeted attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security

=============================================