Cybersecurity-Architecture-and-Engineering WGU Cybersecurity Architecture and Engineering (KFO1/D488) Free Practice Exam Questions (2025 Updated)

The correct answer is A — Homomorphic encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), homomorphic encryption allows computations to be performed directly on encrypted data without needing to decrypt it first. This ensures the confidentiality of the data even during processing.

SFE (B) allows two parties to jointly compute a function without revealing inputs but is not the same. SSL (C) secures communication channels. PIR (D) is for retrieving information privately, not computing on encrypted data.

Reference Extract from Study Guide:

"Homomorphic encryption allows operations on encrypted data, enabling secure processing by third parties without exposing underlying data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Advanced Encryption Techniques

=============================================

The correct answer is A — User and entity behavior analytics (UEBA).

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that UEBA tools analyze patterns of user and entity behavior to detect anomalies that could indicate insider threats, compromised accounts, or advanced persistent threats (APTs). UEBA focuses on deviations from normal activity patterns to identify risks that traditional signature-based systems might miss.

HSMs (B) protect cryptographic keys but do not monitor behavior. Antivirus tools (C) detect known malware but do not perform behavioral analytics. Two-factor authentication (D) secures access but does not detect unusual behavior patterns.

Reference Extract from Study Guide:

"User and entity behavior analytics (UEBA) identifies potential security threats by analyzing deviations from typical user and system activity patterns."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection Technologies

The operating system (OS) is the primary software that manages all the hardware and other software on a computer. It acts as an intermediary between users and the computer hardware. The OS handles basic tasks such as controlling and allocating memory, prioritizing system requests, controlling input and output devices, facilitating networking, and managing files. Examples include Windows, macOS, and Linux.

The correct answer is B — Firewall.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), firewalls are critical for securing external network perimeters by filtering incoming and outgoing traffic based on predefined security rules. This control is a foundational requirement under FISMA to prevent unauthorized access.

IDS/IPS (A) monitor and detect attacks but are secondary to establishing the initial network boundary. Access controls (C) manage user permissions inside a system. Network segmentation (D) divides internal networks but does not protect the external boundary.

Reference Extract from Study Guide:

"Firewalls are the first line of defense for securing external networks, providing traffic filtering to prevent unauthorized access, aligning with FISMA compliance requirements."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Fundamentals

=============================================

The correct answer is A — Developing and implementing a testing plan for the DRP.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), testing the disaster recovery plan is critical to ensuring that it is functional and effective when an actual disruptive event occurs. Regularly scheduled DRP testing validates that recovery processes work as intended and that personnel are familiar with their responsibilities.

Reviewing (B) and training (D) are important but are supplementary activities. Risk assessment (C) is important for planning but does not test the DRP.

Reference Extract from Study Guide:

"Testing and exercising disaster recovery plans ensure operational readiness and reveal gaps or weaknesses that can be corrected before an actual event occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing and Validation

=============================================

An information system is a coordinated set of components designed to collect, store, and process data, and to deliver information, knowledge, and digital products. Organizations use information systems to support operations, management, and decision-making. This includes both the technical components (hardware, software, databases, and networks) and the human components (people and processes).

Scripting languages are designed for integrating and communicating with other programming languages.

Python: A high-level scripting language known for its readability and extensive library support.

PHP: A server-side scripting language used primarily for web development.

References

"Python Crash Course" by Eric Matthes

"PHP and MySQL Web Development" by Luke Welling and Laura Thomson

The correct answer is D — BIOS protection.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) recommends enabling BIOS protection features such as BIOS passwords, secure boot, and firmware write protection to prevent unauthorized changes to BIOS firmware. BIOS protection locks the firmware settings to prevent tampering.

BIOS monitoring (A) detects changes but does not prevent them. IDS (B) detects network attacks, not firmware changes. Backups (C) protect data but not BIOS integrity.

Reference Extract from Study Guide:

"BIOS protection involves securing firmware with authentication methods and write protections to prevent unauthorized modifications at the hardware level."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Hardware and Firmware Security

=============================================

The correct answer is C — Implementation of encryption for all data stored in the system.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that encrypting data at rest ensures that even if storage systems are compromised, the data remains confidential and secure.

Password changes (A) help secure user accounts but not stored data. Firewall policies (B) and VPNs (D) protect data in transit and access control but not the storage layer itself.

Reference Extract from Study Guide:

"Encrypting data at rest ensures that stored data remains confidential and protected from unauthorized access, even if storage devices are compromised."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Protection Strategies

=============================================

A Local Area Network (LAN) requires a router to communicate over the Internet.

The router serves as a gateway that connects the LAN to the external network (Internet) and directs data traffic between the LAN and the Internet.

The other options:

Multiplexer combines multiple signals into one.

Repeater amplifies signals to extend the range.

Switch connects devices within the LAN but does not facilitate Internet communication.

Therefore, a router is the necessary device for a LAN to communicate over the Internet.

The correct answer is C — Impact.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, when evaluating the severity of an incident, the immediate and potential impact on operations, patient care, finances, or reputation is the most critical factor. In this scenario, the interruption to patientcare due to encrypted records signifies a major operational impact, making it the most important consideration.

Threat actors (A) identify who is behind the attack, not the severity. Risk (B) encompasses impact and likelihood but is broader. Likelihood (D) concerns the probability of an event happening, not its current severity.

Reference Extract from Study Guide:

"Impact refers to the actual or potential harm that results from a security incident, including effects on operations, financial loss, or harm to individuals."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Incident Response and Management

=============================================

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

Arelational databaseis structured to recognize relations among stored items of information.

Multiple tablesin a relational database can have interrelated fields.

These relationships are often managed throughforeign keys, which reference the primary keys of other tables.

This relational model allows for complex queries and data integrity across the database.

Example:Tables such asCustomers,Orders, andProductsin a sales database, whereOrderstable may reference bothCustomersandProductstables to establish relationships.

Application Software:

Application software refers to programs that help end users perform specific tasks. Examples include email clients, word processors, and spreadsheet programs.

These are designed to be used by people to perform tasks such as writing documents, managing data, or communicating.

Operating Systems:

Operating systems (OS) manage the hardware and software resources of a computer system. They provide a platform for application software to run.

Examples include Microsoft Windows, macOS, and Linux. The OS handles system-level tasks like memory management, process scheduling, and hardware interaction.

Key Differences:

Application software (B, C) is user-oriented, aimed at helping users complete tasks.

Operating systems (A, D) manage the computer's hardware and system resources.

The correct answer is D — Implementation of data encryption.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), encrypting data at rest ensures that even if attackers breach the system and obtain files, the data remains protected because it cannot be easily read without decryption keys.

Firewall enforcement (A) restricts access but does not protect data if stolen. Disabling printing services (B) limits data leakage but not core data protection. Backups (C) help with recovery, not immediate breach protection.

Reference Extract from Study Guide:

"Encrypting sensitive data ensures confidentiality even in the event of a security breach, protecting information from unauthorized exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Encryption Practices

=============================================

Scope creep refers to the phenomenon where the scope of a project gradually increases over time due to small, incremental changes that were not initially planned or approved. This can happen when:

New featuresor requirements are added without proper evaluation or approval.

Stakeholderscontinuously request small changes or additions.

Lack of a clear scope definitionand change control process.

These small changes can accumulate, leading to significant deviations from the original project plan, affecting the project's schedule, budget, and overall success.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.

A system requirement that involves preventing unauthorized access to data is aSecurityrequirement. Security requirements ensure that the system:

Protects data integrity: Ensuring data is accurate and unchanged by unauthorized users.

Maintains confidentiality: Preventing unauthorized access to sensitive information.

Ensures availability: Making sure that data and resources are available to authorized users when needed.

Security requirements are critical for safeguarding the system against threats and vulnerabilities.

References

Dieter Gollmann, "Computer Security," Wiley.

Ross Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems," Wiley.

The correct answer is C — Adjust the firewall configuration to drop traffic from these addresses.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that the firewall is the primary network defense that can block or filter unwanted incoming traffic based on IP addresses, geographical locations, and other attributes. Dropping traffic from untrusted regions at the firewall level effectively prevents further access attempts.

Adjusting SIEM (A) can improve alerting but not blocking. DNS changes (B) relate to domain resolution, not access control. Proxy servers (D) can limit outbound traffic but are not primarily used for blocking geographic access inbound.

Reference Extract from Study Guide:

"Adjusting firewall rules to drop or block traffic based on IP addresses or geolocation is a primary defense against unauthorized access attempts from suspicious regions."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Firewall Configuration

=============================================

Data support an organization's business goals by providing crucial information that aids in making informed decisions. Analyzing data helps identify trends, measure performance, and uncover insights that drive strategic planning and operational improvements. This informed decision-making process is vital for achieving business goals and staying competitive in the market.