Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

WGU Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Exam Practice Test

WGU Cybersecurity Architecture and Engineering (KFO1/D488) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

An organization wants to ensure that its website is free of certain vulnerabilities before the final handoff to the client. What testing method should the organization use to inspect traffic and detect potential issues?

Options:

A.

HTTP interceptor

B.

Port scanner

C.

Bastion scanner

Question 2

A company wants to improve the security of its software development process and reduce the risk of vulnerabilities in its applications. The company is looking for a solution that can isolate its applications and provide a secure environment for development and testing.

Which security technology meets the needs of this company?

Options:

A.

Data loss prevention (DLP)

B.

Virtual private network (VPN)

C.

Firewall

D.

Containerization

Question 3

What is the role of the CPU in a computing environment?

Choose 2 answers

Options:

A.

Carrying out the instructions of a computer program

B.

Storing data as it is being processed

C.

Directing electrical current over the circuit board

D.

Connecting components to the system unit

E.

Containing an arithmetic logic unit (ALU) that performs arithmetic and logic operations

Question 4

Which peripheral replaces the mouse on a mobile device?

Options:

A.

Stylus

B.

Jack

C.

Camera

D.

USB

Question 5

An application team manages a large farm of web servers on virtual machines in the cloud. The team wants to reduce the server load by caching static content. Adding a second layer of protection is also a requirement.

What should this team recommend in this scenario?

Options:

A.

Firewall rule changes

B.

Intrusion detection system (IDS)

C.

Reverse proxy

D.

Network address translation (NAT)

Question 6

A retail company has recently implemented a new point of sale (POS) system that is critical to its business.

Which security control is essential for protecting the availability of the POS system?

Options:

A.

Backing up the data stored in the POS system and having a disaster recovery plan

B.

Regularly updating the POS system with the latest security patches

C.

Implementing intrusion detection and prevention systems

D.

Enforcing strict access controls on the POS system

Question 7

A company has recently implemented a hybrid cloud deployment. The security team has been notified about thousands of failed attempts to connect to routers and switches in the on-premises network. A solution must be implemented to block connections after three unsuccessful SSH attempts on any network device.

Options:

A.

Firewall

B.

Data Loss Prevention

C.

Intrusion Prevention System (IPS)

Question 8

A healthcare provider is developing a disaster recovery plan and wants to determine the longest duration that its systems or applications can be down before causing significant damage to the business.

What is the term used to describe this metric?

Options:

A.

Recovery time objective (RTO)

B.

Business impact analysis (BIA)

C.

Business continuity planning (BCP)

D.

Disaster recovery (DR)

Question 9

What is scope creep?

Options:

A.

Realization that the organization staffing is inadequate

B.

The extent of the project that lacks needed requirements

C.

Small changes in a project that lead to bigger changes

D.

When the project is completed in less than the required time

Question 10

Which life cycle is part of the process for planning, creating, testing, and deploying information systems?

Options:

A.

Network Development Life Cycle (NDLC)

B.

System Development Life Cycle (SDLC)

C.

Database Creation System Life Cycle (DCSLC)

D.

Software Test Life Cycle (STLC)

Question 11

Which characteristic identifies intranet application software?

Options:

A.

Hosted by an outsourced provider

B.

Hosted in the internal business network

C.

Hosted by a third-party web portal

D.

Hosted on an individual computer

Question 12

What signals the development of scope creep?

Options:

A.

Programmers are focused on a single feature.

B.

Many unplanned features have been added to the original project.

C.

The product does not satisfy all the requirements of the plan.

D.

An extension to the deadline of the project is requested.

Question 13

A small start-up is setting up its first network, and it needs to ensure that its network security is adequate. The start-up is aware of the latest cybersecurity threats and the need for strong security measures. In addition to network security, the start-up wants to ensure that it has a disaster recovery plan in place in case of any unexpected events.

Which approach will meet the needs of the start-up?

Options:

A.

Intrusion detection system (IDS)

B.

Packet filtering

C.

Bootstrapping

D.

Virtual private network (VPN)

Question 14

A company has recently experienced a data breach in which customer information was stolen. The company is concerned about the potential for future data breaches. A review of the incident revealed that the breach originated from stolen credentials.

Which security measure will meet the needs of this company?

Options:

A.

Implementing two-factor authentication

B.

Conducting background checks on employees

C.

Providing regular security awareness training to employees

D.

Installing a security information and event management (SIEM) system

Question 15

What is a characteristic of algorithms?

Options:

A.

No starting or stopping point

B.

Random instructions

C.

Unambiguous rules

D.

Constantly changing

Question 16

Which method is frequently used to protect software?

Options:

A.

Trademarks

B.

GNU General Public License

C.

Copyrights

D.

Fair use

Question 17

Which encryption technique can be used to enable a third-party provider to perform calculations on encrypted data without decrypting the data?

Options:

A.

Homomorphic encryption

B.

Secure function evaluation (SFE)

C.

Secure Sockets Layer (SSL)

D.

Private information retrieval (PIR)

Question 18

What is the typical organizing principle of a database?

Options:

A.

Selective

B.

Projection

C.

Relational

D.

Modular

Question 19

An employee needs to execute a program from the command line.

Which peripheral device should be used?

Options:

A.

Keyboard

B.

Hard drive

C.

Speaker

D.

Printer

Question 20

Which block cipher mode of operation for encrypting data is simple and efficient but provides no confidentiality beyond that of the underlying block cipher?

Options:

A.

Counter (CTR)

B.

Electronic Codebook (ECB)

C.

Output Feedback (OFB)

D.

Cipher Block Chaining (CBC)

Question 21

A security team is investigating multiple man-in-the-middle (MITM) attacks that have taken place on the corporate network over the past few months. The team needs a solution that will ensure that data is not exposed if a man-in-the-middle attack occurs in the future.

Options:

A.

Enforcing password history

B.

Encrypting data

C.

Ensuring all users have complex passwords

D.

Disabling Wi-Fi connections

Question 22

Which action should an IT department take if an organization decides to expand its business by selling products online?

Options:

A.

Make sure the website can handle e-commerce transactions

B.

Ensure that the strategic goals aligned with the organization's mission statement

C.

Market the company’s products or services

D.

Manage capital to ensure a successful website

Question 23

Which task is the responsibility of a database administrator?

Options:

A.

Installing and configuring databases

B.

Compiling code into an executable file

C.

Deciding on database applications for the company

D.

Troubleshooting network security issues

Question 24

What are three operating systems that are commonly used today?

Choose 3 answers

Options:

A.

Microsoft Outlook

B.

Mac OS

C.

Linux

D.

MySQL

E.

Microsoft Windows

F.

Mozilla Firefox

Question 25

An organization's board of directors is reviewing the risk register and attempting to evaluate whether there is too much risk for the organization.

Which metric should the board review?

Options:

A.

Risk appetite

B.

Risk evaluation plan

C.

Risk treatment plan

D.

Risk tolerance

Question 26

An insurance agency is concerned that some employees could be mishandling funds and covering it up. The agency wants to temporarily block these employees from working and ensure that operations continue.

Which strategy should the agency implement?

Options:

A.

Separation of duties

B.

Mandatory vacation

C.

Job rotation

D.

Least privilege

Question 27

Why is business continuity planning essential?

Options:

A.

It ensures that the company will be profitable.

B.

It ensures that the company will avoid asset loss.

C.

It allows for succession planning.

D.

It allows for the quickest return to business operations.

Question 28

Which IT department goal would support business goals?

Options:

A.

Overseeing funds flowing through the organization

B.

Developing an online shopping cart for company products

C.

Promoting the company's products and services

D.

Interviewing applicants for marketing positions

Question 29

A company has identified a potential risk associated with a new software implementation, which could result in a significant data breach.

Which step of the risk management life cycle involves implementing security controls to prevent the risk?

Options:

A.

Assess

B.

Identify

C.

Control

D.

Review

Question 30

What type of a system requirement involves preventing unauthorized access to data?

Options:

A.

Accessibility

B.

Design

C.

User needs

D.

Security

Question 31

Which encryption technique can be used to enable a third-party provider to perform calculations on encrypted data without decrypting the data?

Options:

A.

Secure Sockets Layer (SSL)

B.

Private Information Retrieval (PIR)

C.

Secure Function Evaluation (SFE)

D.

Homomorphic encryption

Question 32

An organization wants to implement a new encryption solution for a real-time video conferencing application. The organization wants to ensure that the encryption solution provides protection for the video stream without causing significant delays or latency in the conference.

Which type of encryption will meet the needs of the organization?

Options:

A.

Block ciphers

B.

Asymmetric encryption

C.

Stream ciphers

D.

Hash functions

Question 33

The security team has been notified about multiple man-in-the-middle (MITM) attacks happening on the wireless network over the past thirty days. Management has agreed to upgrade the network infrastructure to help eliminate these attacks.

Options:

A.

Security information and event management (SIEM)

B.

Inline network encryptor

C.

Layer 3 switch

D.

Wireless intrusion prevention system (WIPS)

Question 34

The security team has been notified about multiple man-in-the-middle (MITM) attacks happening on the wireless network over the past thirty days. Management has agreed to upgrade the network infrastructure to help eliminate these attacks.

Which solution fulfills these requirements?

Options:

A.

Security information and event management (SIEM)

B.

Wireless intrusion prevention system (WIPS)

C.

Inline network encryptor

D.

Layer 3 switch

Question 35

Which block cipher mode of operation for encrypting data is simple and efficient and provides no confidentiality beyond that of the underlying block cipher?

Options:

A.

Electronic codebook (ECB)

B.

Cipher block chaining (CBC)

C.

Counter (CTR)

D.

Output feedback (OFB)

Question 36

Management has asked its networking team to recommend a solution for direct communication between multiple virtual networks in the cloud. The solution must utilize the least amount of administrative effort.

Options:

A.

Remote Desktop Protocol (RDP)

B.

Virtual network peering

C.

Domain Name System (DNS)

D.

Virtual Local Area Network (VLAN)

Question 37

A healthcare organization is required to comply with the Health Insurance Portability and Accountability Act (HIPAA), which regulates the privacy and security of personal health information. The organization uses simple network management protocol (SNMP) to manage and monitor its network devices.

Which security control will protect the confidentiality of network device information within this organization?

Options:

A.

Access controls

B.

Network segmentation

C.

Encryption

D.

Security monitoring

Question 38

Which security technique should be used to prevent data exfiltration?

Options:

A.

Intrusion Detection Software (IDS)

B.

Data Loss Prevention (DLP)

C.

Multi-Factor Authentication (MFA)

D.

Intrusion Prevention Software (IPS)

Question 39

A consultancy organization has many employees who travel with different mobile devices. Having the employees visit an office to update their devices is not feasible due to their travel schedule.

How should the organization ensure that its employees receive the latest security updates?

Options:

A.

By providing remote module updates

B.

By providing tokenized container updates

C.

By providing mobile station updates

D.

By providing over-the-air updates

Question 40

What is a function of a proxy server?

Options:

A.

It stores files that any user of the network may wish to access.

B.

It acts as a giant cache of web pages that anyone in the organization has recently retrieved.

C.

It responds to user queries to create, manipulate, and retrieve records from a database.

D.

It responds to HTTP requests and can execute scripts to generate dynamic pages.

Question 41

A company is looking to monitor and detect any suspicious activity on its servers. The company wants to implement a security solution that can detect any unauthorized access or unusual activity on the servers.

Which security technology will meet the needs of this company?

Options:

A.

Hardware security module (HSM)

B.

Two-factor authentication

C.

Antivirus tools

D.

Host-based intrusion detection system (HIDS)

Question 42

Which risk management strategy will help defeat piracy efforts on a new patient management system?

Options:

A.

Configuration of the patient management system to disable all external device connections on all workstations

B.

Incorporation of end-to-end encryption for all patient data

C.

Implementation of regular virus scanning for all workstations

D.

Implementation of licensing technologies in order to restrict unauthorized access to the system

Question 43

A company is planning to implement a new cloud-based system to store sensitive customer information.

What should be identified in the first step of the risk management process for this project?

Options:

A.

Possible threats to the new system

B.

Potential business impacts of a security breach

C.

Potential vulnerabilities of the new system

D.

Business assets that will be stored in the new system

Question 44

An IT organization has seen a surge of ransomware and Trojan horse attacks recently.

Which action should the security team recommend to protect the IT infrastructure from commodity malware threats?

Options:

A.

Installing a firewall to identify malicious traffic

B.

Rerouting suspicious communications to a remote machine

C.

Implementing a two-factor authentication system

D.

Installing endpoint protection software

Question 45

Which device does a Local Area Network (LAN) need to communicate over the Internet?

Options:

A.

Multiplexer

B.

Repeater

C.

Switch

D.

Router

Question 46

A corporate website is currently being redesigned, which leaves it vulnerable to security threats. Management does not want to provide an attacker with any information about the web server. Which strategy should be used to prevent an attacker from gaining unauthorized information?

Options:

A.

Obfuscating error messages on the site or within the Uniform Resource Locator (URL)

B.

Enabling Hypertext Transfer Protocol Secure (HTTPS) over Domain Name Service (DNS)

C.

Using HTTPS for all page and content requests

D.

Becoming PCI-DSS compliant and certified

Question 47

A company wants to ensure that the integrity of its systems is maintained during the startup process.

Which security technology can ensure the integrity of the system during startup by verifying that the system has not been compromised?

Options:

A.

Two-factor authentication

B.

Intrusion detection system (IDS)

C.

Hardware security module (HSM)

D.

Measured boot

Question 48

Which risk management strategy will ensure the secure configuration and deployment of a new online banking system and help prevent credit card fraud?

Options:

A.

Implementation of real-time transaction monitoring

B.

Implementation of a strict firewall policy to restrict access to the system's server

C.

Configuration of the system to disable all email services on all workstations

D.

Use of regular system backups to an off-site location

Question 49

Which IT role is responsible for installing new hardware and troubleshooting existing hardware?

Options:

A.

Web administrator

B.

System administrator

C.

Security administrator

D.

Network administrator

Question 50

An IT organization needs to enable secure communication across virtual networks in Microsoft Azure and Amazon Web Services.

Which protocol will offer the most reliable and secure method for data transport?

Options:

A.

Transmission Control Protocol (TCP)

B.

Internet Protocol Security (IPsec)

C.

File Transfer Protocol (FTP)

D.

Secure Shell (SSH)

Question 51

A cybersecurity analyst at a manufacturing company is tasked with analyzing the indicators of compromise (IOCs) to identify potential threats and vulnerabilities within the organization. While viewing the security information and event management (SIEM), the analyst notices an unknown IP address logging on to the company's Secure Shell (SSH) server.

Which potential vulnerability is the manufacturing company facing?

Options:

A.

Exfiltration

B.

Unpatched software

C.

Enumeration

D.

Weak passwords

Question 52

Which system conversion method deploys the new system while the old system is still operational in order to compare output?

Options:

A.

Phased

B.

Direct

C.

Parallel

D.

Pilot

Question 53

After a recent security assessment, it was discovered that many company devices have unnecessary ports opened to the network.

What should the company configure to fix this?

Options:

A.

Intrusion prevention system

B.

Web application firewall

C.

Device hardening

D.

Intrusion detection system

Question 54

An on-call security engineer has been notified after business hours that a possible threat could be impacting production applications.

Which type of threat intelligence should be used by first responders?

Options:

A.

Tactical

B.

Commodity malware

C.

Operational

D.

Strategic

Question 55

A retail company wants to establish the frequency at which it needs to backup its critical data to ensure it can be restored in case of a disruption with the least amount of acceptable loss in recovery.

What is the term used to describe this metric?

Options:

A.

Continuous data protection (CDP)

B.

Business impact analysis (BIA)

C.

Disaster recovery (DR)

D.

Recovery point objective (RPO)

Question 56

Which protocol can be used to provide secure email communication and ensure the confidentiality, integrity, and authenticity of email messages?

Options:

A.

Simple Mail Transfer Protocol (SMTP)

B.

Pretty Good Privacy (PGP)

C.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

D.

Internet Protocol Security (IPsec)

Question 57

Which type of services are Google Apps, Dropbox. and GoToMeeling?

Options:

A.

Infrastructure-as-a-Service (laaS)

B.

Security-as-a-Service (SECaaS)

C.

Platform-as-a-Service (PaaS)

D.

Software-as-a-Service (SaaS)

Question 58

A retail company has recently implemented a new point of sale (POS) system that is critical to its business.

Which security control is essential for protecting the availability of the POS system?

Options:

A.

Implementing intrusion detection and prevention systems can help detect and prevent unauthorized access to the POS system.

B.

Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

C.

Enforcing strict access controls can limit the number of users with access to the POS system and prevent unauthorized access.

D.

Regularly updating the POS system with the latest security patches can help prevent exploitation of known vulnerabilities and maintain the system's availability.

Question 59

Which stream cipher is a variant of the Salsa20 cipher, designed to be fast, secure, and resistant to cryptanalysis, and is commonly used in combination with the Poly1305 authentication mode?

Options:

A.

ChaCha

B.

Cipher Block Chaining (CBC)

C.

Counter (CTR)

D.

Electronic Codebook (ECB)

Question 60

An engineer has noticed increased network traffic originating from an unknown internet protocol (IP) address.

Which action should be taken to analyze the unusual network traffic patterns?

Options:

A.

Permanently block all incoming traffic from the unknown IP address

B.

Compare the unknown address to known IP addresses to determine if it is a threat

C.

Temporarily block all incoming traffic from the unknown IP address

D.

Rate limit incoming traffic from the unknown IP address

Question 61

The cybersecurity analyst at a hardware company conducted a vulnerability assessment to identify potential security risks to the organization and discovered multiple vulnerabilities on the company’s webpage. The analyst then provided the results to the Chief Information Security Officer (CISO), who then decided to decommission the website and create a new page with increased security controls.

Options:

A.

Transfer

B.

Accept

C.

Avoid

D.

Mitigate

Question 62

Management has asked its networking team to recommend a solution for direct communication between multiple virtual networks in the cloud. The solution must utilize the least amount of administrative effort.

Which solution meets the requirements?

Options:

A.

Virtual network peering

B.

Virtual local area network

C.

Remote Desktop Protocol

D.

Domain name system

Question 63

An IT organization has recently suffered multiple data breaches. The security operations center (SOC) team has been tasked with preventing future breaches by implementing user monitoring. The proposed solution must provide insights about unusual user behaviors from a variety of internal corporate resources.

Which solution meets the requirements?

Options:

A.

Virtual private network (VPN)

B.

Secure Shell (SSH) Protocol

C.

Web application firewall (WAF)

D.

Security information and event management (SIEM)

Question 64

An organization is experiencing multiple instances of attempted access from geographical locations where there are no corporate offices or staff.

What should a network administrator do to prevent further access attempts?

Options:

A.

Adjust the rule sets within the security information and event manager (SIEM) tool

B.

Adjust the Domain Name Service (DNS) server A Records

C.

Adjust the firewall configuration to drop traffic from these addresses

D.

Adjust the main proxy server to only allow specific addresses

Question 65

An IT organization recently implemented a hybrid cloud deployment. The security team must be able to correlate event data combined from different sources in a central location.

Options:

A.

Intrusion Detection System (IDS)

B.

File Integrity Monitoring (FIM)

C.

Security Information and Event Management (SIEM)

D.

Data Loss Prevention (DLP)

Question 66

What is an information system?

Options:

A.

The hardware that allows human-computer interactions

B.

A database utility from a third party

C.

The computer hardware components

D.

A collection of data to support an organization

Question 67

A healthcare organization is concerned about the potential risks associated with unauthorized access to sensitive patient information on its endpoint devices. The organization has decided to implement hardening techniques and endpoint security controls to mitigate the risk.

Which hardening technique will meet the needs of this organization?

Options:

A.

Enforcing strict password policies for all user accounts

B.

Conducting regular vulnerability assessments and penetration testing

C.

Implementing a network-based intrusion detection and prevention system

D.

Logging and monitoring endpoint devices

Question 68

A financial institution conducted a cybersecurity assessment, which identified several vulnerabilities including outdated software and weak password policies. The company also needs to implement a new core banking system that can handle a large number of transactions while ensuring the security of customer data.

Which risk mitigation process is the most effective approach to address these vulnerabilities, and what is the best topology for the new core banking system?

Options:

A.

Implementing security patches and updates on a regular basis and using hybrid cloud topology

B.

Installing antivirus software on all endpoints and using on-premises topology

C.

Creating strong password policies and enforcing multifactor authentication and using public cloud topology

D.

Conducting regular security audits and penetration testing and using private cloud topology

Question 69

The DevSecOps team for an organization manages a continuous integration and continuous deployment (CI/CD) pipeline for a three-tier web application. Management has asked the team toperform a series of comprehensive post-deployment tests to make sure that all of the components of the application can interact and function properly.

What should the team recommend?

Options:

A.

Static code analysis

B.

Dynamic code analysis

C.

Integration testing

D.

Package scanning