Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Free Practice Exam Questions (2025 Updated)

The correct answer is B — Implementing domain name system security extensions (DNSSEC) to digitally sign DNS responses and prevent DNS spoofing attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that DNSSEC protects the integrity and authenticity of DNS responses, thereby preventing DNS spoofing (also called DNS cache poisoning), which could redirect users to malicious sites.

Restricting DNS access (A) is not sufficient against spoofing. Increasing patching frequency (C) is good practice but does not specifically stop spoofing. Security awareness training (D) helps against phishing, not DNS vulnerabilities.

Reference Extract from Study Guide:

"DNSSEC digitally signs DNS data to ensure the integrity and authenticity of DNS responses, mitigating risks such as DNS spoofing and cache poisoning."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Networking Protocols

=============================================

The goal of an IT department that directly supports business goals is to develop technological solutions that enable and enhance the company's business operations. Developing an online shopping cart for company products directly supports the business goal of facilitating online sales. This involves:

E-commerce functionality: Enabling customers to browse, select, and purchase products online.

User experience: Creating a seamless and user-friendly shopping experience to drive sales.

Integration: Ensuring the shopping cart integrates with backend systems like inventory and order management.

This development aligns with business goals by enabling revenue generation through online sales.

References

Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.

Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.

The second generation of computers (1956-1963) saw the introduction of transistors, which replaced vacuum tubes used in the first generation. Transistors allowed computers to be smaller, faster, more reliable, and more energy-efficient compared to their predecessors.

The correct answer is C — Least privilege.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course material, the principle of least privilege ensures that users are granted only the minimum level of access required to perform their job functions. In this case, if the insider only had access to resources necessary for their user role, they would not have been able to access sensitive administrative information.

Password complexity (A) strengthens account security but does not prevent excessive access. Separation of duties (B) divides critical tasks but is not solely about limiting access. Job rotation (D) moves employees between roles but is not an access control measure.

Reference Extract from Study Guide:

"The principle of least privilege requires limiting user access rights to the minimum necessary to perform their tasks, reducing the risk of insider threats and unauthorized access to sensitive information."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Principles

=============================================

The correct answer is A — Electronic codebook (ECB).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), ECB mode is the simplest and most basic mode of operation for block ciphers. It encrypts each block of plaintext independently with the same key, but identical plaintext blocks produce identical ciphertext blocks, providing no additional confidentiality beyond the block cipher itself and making patterns visible.

CBC (B), CTR (C), and OFB (D) are more secure and avoid patterns.

Reference Extract from Study Guide:

"Electronic Codebook (ECB) mode encrypts each block independently and is simple but reveals patterns when identical plaintext blocks occur, thus offering minimal confidentiality beyond the underlying cipher."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Block Cipher Modes of Operation

=============================================

The relational model is the most common organizing principle of databases. In a relational database, data is organized into tables (or relations), where each table consists of rows andcolumns. Each row represents a record with a unique identifier, and each column represents a data field. This model allows for easy data retrieval and management through the use of structured query language (SQL).

The correct answer is D — Containerization.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) material states that containerization provides isolated environments (containers) where applications can be developed, tested, and deployed securely. This isolation minimizes the risk of vulnerabilities affecting the host system or other applications, improving the overall security of the development process.

DLP (A) prevents data leakage but does not isolate applications. VPNs (B) secure network traffic but do not create isolated development environments. Firewalls (C) control network traffic but do not manage application-level isolation.

Reference Extract from Study Guide:

"Containerization secures application development and deployment by isolating applications in lightweight, standalone environments, reducing risk and improving manageability."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application Security Concepts

=============================================

Fiber optic communications use light waves to transmit data.

This method allows for high-speed and long-distance data transmission.

The other options:

Radio towers use radio waves.

Twisted pair uses electrical signals.

Coaxial also uses electrical signals.

Therefore, the correct communication medium that uses light waves is fiber optic.

Step by Step Comprehensive Detailed Explanation

A compiler is a program that translates source code written in a high-level programming language into machine code.

Definition: A compiler processes the entire source code of a program and translates it into a machine code executable.

Functionality: This process is typically done in several stages, including lexical analysis, syntax analysis, semantic analysis, optimization, and code generation.

Output: The result is an executable file that can be run on a specific operating system.

References

"Compilers: Principles, Techniques, and Tools" by Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman

NISTIR 7860, "C++ Coding Standards"

The correct answer is C — Role-based access control (RBAC).

WGU KFO1 / D488 course material emphasizes that RBAC allows administrators to assign permissions based on roles rather than individual users. This method provides granular control and flexibility, allowing the organization to efficiently manage access rights across multiple cloud services while maintaining a strong security posture.

OAuth (A) and SAML (B) are protocols for authentication and authorization, not detailed access control models. Kerberos (D) is used for secure authentication within a network but does not provide the granular delegation capabilities needed for cloud service administration.

Reference Extract from Study Guide:

"Role-based access control (RBAC) provides a scalable and manageable model to assign permissions to users based on their organizational roles, ensuring flexibility and maintaining secure delegation of administrative tasks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Access Control Models

=============================================

The correct answer is C — Assess.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, after risks have been identified, the next step in the risk management life cycle is to assess them. Assessment involves analyzing and prioritizing the risks based on their potential impact and likelihood. Only after assessment can proper strategies be formulated for controlling and mitigating the risks.

Identification (A) occurs before assessment, while reviewing (B) and controlling (D) happen later in the process.

Reference Extract from Study Guide:

"Following the identification of risks, the risk management process proceeds to risk assessment, where risks are analyzed and prioritized based on likelihood and impact to guide mitigation efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Process

=============================================

The correct answer is D — Business assets that will be stored in the new system.

As described in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in risk management is identifying and classifying assets that need protection. Without understanding the business assets, you cannot properly assess threats, vulnerabilities, or impacts.

Threats (A), impacts (B), and vulnerabilities (C) are assessed after assets are identified.

Reference Extract from Study Guide:

"Identifying and classifying business assets is the first step in the risk management process, as assets drive the prioritization of threats and mitigations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Identification and Asset Classification

================

A programming language is a formal language comprising a set of instructions that produce various kinds of output. Programming languages are used in computer programming to implement algorithms and manipulate data. They provide the vocabulary and grammatical rules for instructing a computer to perform specific tasks, allowing developers to write software programs that can be executed by a computer.