Pass the WGU Courses and Certificates Cybersecurity-Architecture-and-Engineering Questions and answers with ValidTests

Competitorsare known to engage in corporate espionage for business advantage. When intellectual property is targeted (like eBooks, videos), it often indicates acommercial motive, rather than political (hacktivist), state-sponsored (APT), or random (novice hacker) reasons.

NIST SP 800-30 Rev. 1 (Guide for Conducting Risk Assessments):

“Threat sources include adversarial actors such as competitors seeking proprietary or confidential business information.”

The data theft of commercial products strongly aligns with anadversarial actor motivated by business gain, a hallmark of competitor-driven threat modeling.

????WGU Course Alignment:

Domain:Security Models and Design

Topic:Understand threat actor types and motivations (e.g., competitors, insiders, nation-states)

When an organization decides to expand its business by selling products online, the IT department needs to ensure that the website is equipped to handle e-commerce transactions. This involves:

Setting up a secure online payment system: Ensuring that payment gateways and encryption methods are in place to protect sensitive customer data.

Scalability: Making sure the website infrastructure can handle increased traffic and transaction volumes without compromising performance.

Integration: Ensuring the e-commerce platform is integrated with the organization's existing systems, such as inventory management, order fulfillment, and customer relationship management (CRM) systems.

Compliance: Adhering to regulatory requirements and industry standards for online transactions, such as PCI DSS compliance for payment processing.

Therefore, making sure the website can handle e-commerce transactions is crucial for a successful online business expansion.

References

Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.

Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.

The correct answer is C — Role-based access control (RBAC).

WGU KFO1 / D488 course material emphasizes that RBAC allows administrators to assign permissions based on roles rather than individual users. This method provides granular control and flexibility, allowing the organization to efficiently manage access rights across multiple cloud services while maintaining a strong security posture.

OAuth (A) and SAML (B) are protocols for authentication and authorization, not detailed access control models. Kerberos (D) is used for secure authentication within a network but does not provide the granular delegation capabilities needed for cloud service administration.

Reference Extract from Study Guide:

"Role-based access control (RBAC) provides a scalable and manageable model to assign permissions to users based on their organizational roles, ensuring flexibility and maintaining secure delegation of administrative tasks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is B — Log analysis.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) curriculum, log analysis is critical for retrospective threat hunting — reviewing system, network, and application logs to identify signs of compromise or unauthorized activities that might have gone unnoticed in real-time. This technique helps uncover attacks that have already occurred in hybrid or cloud environments.

Honeypots (A) are proactive traps to detect future attacks. Social engineering (C) involves manipulating people, not hunting threats. Penetration testing (D) is used to find vulnerabilities, not to review past incidents.

Reference Extract from Study Guide:

"Threat hunting through log analysis involves systematically reviewing collected logs to uncover evidence of past or ongoing compromises, enabling organizations to identify and respond to threats that may have bypassed preventive controls."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection and Hunting Concepts

Of course!

Here are the verified and properly formatted answers for your next set of questions, strictly following your instructions and the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official course materials:

=============================================

Integration testingverifies the interactions and data flow between individual software components post-deployment. It is a crucial step in CI/CD pipelines, especially inmulti-tier architecturesystems like web applications.

NIST SP 800-160 Vol. 1 (Systems Security Engineering):

“Integration testing should verify that security functions behave correctly when subsystems or components are combined.”

This test type ensures system cohesion after components are deployed, unlikestatic/dynamic code analysiswhich focuses on code quality and vulnerabilities during earlier phases.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Validate secure systems through testing in CI/CD pipelines

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.

Example: In the URL "http://www.example.com/index.html":

"http" is the protocol.

"www.example.com" is the domain name.

"/index.html" is the resource path ID.

The other options:

The protocol specifies the communication method.

The resource path ID specifies the specific page or resource on the server.

The IP address is not typically visible in the URL itself but can be resolved via DNS.

Therefore, the domain name is the correct part that identifies the server.

Preventing unauthorized access and impersonation during exams or coursework is critical in e-learning platforms.Strong user authentication(e.g., MFA, CAPTCHA, secure login mechanisms) ensures that only authorized users access exams and coursework.

NIST SP 800-63B (Digital Identity Guidelines – Authentication):

“Secure user authentication ensures the identity of individuals accessing sensitive applications, reducing the risk of impersonation and credential misuse.”

Firewall rules and patching are important, but they don't directly addressuser-level fraud prevention.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Secure authentication mechanisms for web platforms

The correct answer is C — Structured Query Language (SQL) injection attacks.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a Web Application Firewall (WAF) protects web applications by filtering and monitoring HTTP traffic. It isspecifically effective against attacks such as SQL injection, cross-site scripting (XSS), and other application-layer vulnerabilities.

Phishing (A) and social engineering (D) involve human deception, not web application vulnerabilities. Brute force attacks (B) typically target authentication but are not the primary focus of a WAF.

Reference Extract from Study Guide:

"A web application firewall (WAF) detects and prevents attacks against web applications, including SQL injection and cross-site scripting (XSS)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Firewall and Threat Protection

=============================================

DNSSEC (Domain Name System Security Extensions)is a security protocol that adds cryptographic validation to DNS responses, making it nearly impossible for attackers to spoof DNS responses or redirect users to malicious sites.

NIST SP 800-81 Rev. 2 (Secure Domain Name System (DNS) Deployment Guide):

“DNSSEC provides data origin authentication and data integrity to DNS responses using digital signatures, effectively mitigating spoofing and cache poisoning attacks.”

While patching and awareness are important, DNSSECdirectly mitigatesthe technical risk described.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement DNS hardening techniques such as DNSSEC

End-of-life (EOL) systemspose a significant security risk because they no longer receive patches or security updates. Themost effective and proactive hardening techniquein this case is tocompletely remove those systems from the network.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems no longer supported by vendors must be removed, replaced, or isolated as they pose unacceptable risks.”

Other controls are useful for broader protection, but if a system is inherently vulnerable and cannot be patched,removal is the only surefire solution.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement system hardening strategies and manage legacy systems