Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU D488: CYBERSECURITY ARCHITECTURE AND ENGINEERING NEW EXAM QUESTIONS AND CORRECT ANSWERS FOR TOP PERFORMANCE 2026/2027

Rating
-
Sold
-
Pages
27
Grade
A+
Uploaded on
21-01-2026
Written in
2025/2026

WGU D488: CYBERSECURITY ARCHITECTURE AND ENGINEERING NEW EXAM QUESTIONS AND CORRECT ANSWERS FOR TOP PERFORMANCE 2026/2027

Institution
WGU D488 CYBERSECURITY ARCHITECTURE
Course
WGU D488 CYBERSECURITY ARCHITECTURE

Content preview

WGU D488 CYBERSECURITY ARCHITECTURE AND ENGINEERING
NEW EXAM QUESTIONS AND CORRECT ANSWERS FOR TOP
PERFORMANCE




1. What is defense in depth? A layered security approach that implements
multiple security controls at different levels to protect assets, ensuring that if
one layer fails, others remain to provide protection.
2. What are the three main security architecture principles? Confidentiality,
Integrity, and Availability (CIA Triad) - ensuring data is protected from
unauthorized access, remains accurate and unaltered, and is accessible when
needed.
3. What is the principle of least privilege? Users, processes, and systems
should only have the minimum level of access necessary to perform their
authorized functions, reducing the potential attack surface.
4. What is separation of duties? A security principle requiring that critical
tasks be divided among multiple individuals to prevent fraud, errors, and
unauthorized activities by ensuring no single person has complete control.
5. What is a security perimeter? A boundary that separates trusted internal
networks from untrusted external networks, typically enforced through
firewalls, DMZs, and access controls.
6. What is a DMZ (Demilitarized Zone)? A network segment that sits
between an internal trusted network and an external untrusted network,
providing an additional layer of security for publicly accessible services.
7. What is zero trust architecture? A security model that assumes no user or
system should be automatically trusted, requiring continuous verification of all
access requests regardless of location or network.
8. What is network segmentation? The practice of dividing a network into
smaller, isolated segments to limit lateral movement, contain breaches, and
improve security control granularity.

,9. What is the AAA framework? Authentication, Authorization, and
Accounting - a framework for controlling access by verifying identity, granting
appropriate permissions, and tracking user activities.
10. What is fail-safe in security design? A design principle ensuring that when
a system fails, it defaults to a secure state that denies access rather than allowing
unrestricted entry.
11. What is fail-secure? Similar to fail-safe, systems designed to maintain
security controls even during failure, typically by denying access when
authentication or validation cannot occur.
12. What is the difference between fail-open and fail-closed? Fail-open
allows access when a control fails (prioritizing availability), while fail-closed
denies access when a control fails (prioritizing security).
13. What is security by obscurity? Relying on the secrecy of design or
implementation as the primary security method - considered a weak practice as
it fails when the design is discovered.
14. What is a security baseline? A minimum set of security controls and
configurations that must be implemented across systems to maintain an
acceptable security posture.
15. What is a trusted computing base (TCB)? The set of all hardware,
firmware, and software components critical to a system's security, whose failure
could compromise the entire security policy.
16. What is a reference monitor? An access control concept that mediates all
access attempts to resources, is tamper-proof, always invoked, and small
enough to be verified.
17. What is the Bell-LaPadula model? A security model focused on
confidentiality with two main rules: no read up (simple security property) and
no write down (star property) to prevent information leakage.
18. What is the Biba model? A security model focused on integrity with rules
preventing contamination: no read down (simple integrity) and no write up (star
integrity property).
19. What is the Clark-Wilson model? An integrity model focusing on well-
formed transactions and separation of duties, commonly used in commercial
applications requiring data integrity.

, 20. What is mandatory access control (MAC)? An access control method
where the system enforces access decisions based on security labels and
clearances, with users unable to override these controls.
21. What is discretionary access control (DAC)? An access control method
where resource owners can determine who has access to their resources,
allowing flexibility but less centralized control.
22. What is role-based access control (RBAC)? Access control based on
organizational roles rather than individual identities, simplifying management
by assigning permissions to roles that users inherit.
23. What is attribute-based access control (ABAC)? Dynamic access control
using multiple attributes (user, resource, environment) evaluated through
policies to make granular access decisions.
24. What is security architecture documentation? Formal documentation
describing security controls, network topology, data flows, trust boundaries, and
security mechanisms protecting organizational assets.
25. What is a security domain? A logical or physical area where specific
security policies and controls apply uniformly, with boundaries enforced to
prevent unauthorized cross-domain access.
26. What is compensating control? An alternative security measure
implemented when the primary control cannot be used, providing equivalent or
better protection through different means.
27. What is security through diversity? Using varied technologies, vendors,
and implementations to prevent single points of failure and make widespread
exploitation more difficult.
28. What is the principle of complete mediation? Every access request must
be checked against the access control mechanism - no caching or bypassing of
security checks is permitted.
29. What is the principle of open design? Security should not depend on the
secrecy of the design; the mechanism should be secure even if attackers know
how it works.
30. What is a security kernel? The core components of a TCB that enforce the
reference monitor concept, providing fundamental security functions for the
entire system.
Section 2: Network Security Architecture (Questions 31-60)

Written for

Institution
WGU D488 CYBERSECURITY ARCHITECTURE
Course
WGU D488 CYBERSECURITY ARCHITECTURE

Document information

Uploaded on
January 21, 2026
Number of pages
27
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$17.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Thumbnail
Package deal
WGU D488 / D488 PACKAGED EXAMS: NEW VERSION EXAM QUESTIONS AND ANSWERS
-
6 2026
$ 39.77 More info

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
luzlinkuz Chamberlain University
View profile
Follow You need to be logged in order to follow users or courses
Sold
1562
Member since
4 year
Number of followers
854
Documents
31113
Last sold
3 days ago

3.8

322 reviews

5
140
4
63
3
62
2
17
1
40

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions