WGU D488 CYBERSECURITY ARCHITECTURE AND ENGINEERING
NEW EXAM QUESTIONS AND CORRECT ANSWERS FOR TOP
PERFORMANCE
1. What is defense in depth? A layered security approach that implements
multiple security controls at different levels to protect assets, ensuring that if
one layer fails, others remain to provide protection.
2. What are the three main security architecture principles? Confidentiality,
Integrity, and Availability (CIA Triad) - ensuring data is protected from
unauthorized access, remains accurate and unaltered, and is accessible when
needed.
3. What is the principle of least privilege? Users, processes, and systems
should only have the minimum level of access necessary to perform their
authorized functions, reducing the potential attack surface.
4. What is separation of duties? A security principle requiring that critical
tasks be divided among multiple individuals to prevent fraud, errors, and
unauthorized activities by ensuring no single person has complete control.
5. What is a security perimeter? A boundary that separates trusted internal
networks from untrusted external networks, typically enforced through
firewalls, DMZs, and access controls.
6. What is a DMZ (Demilitarized Zone)? A network segment that sits
between an internal trusted network and an external untrusted network,
providing an additional layer of security for publicly accessible services.
7. What is zero trust architecture? A security model that assumes no user or
system should be automatically trusted, requiring continuous verification of all
access requests regardless of location or network.
8. What is network segmentation? The practice of dividing a network into
smaller, isolated segments to limit lateral movement, contain breaches, and
improve security control granularity.
,9. What is the AAA framework? Authentication, Authorization, and
Accounting - a framework for controlling access by verifying identity, granting
appropriate permissions, and tracking user activities.
10. What is fail-safe in security design? A design principle ensuring that when
a system fails, it defaults to a secure state that denies access rather than allowing
unrestricted entry.
11. What is fail-secure? Similar to fail-safe, systems designed to maintain
security controls even during failure, typically by denying access when
authentication or validation cannot occur.
12. What is the difference between fail-open and fail-closed? Fail-open
allows access when a control fails (prioritizing availability), while fail-closed
denies access when a control fails (prioritizing security).
13. What is security by obscurity? Relying on the secrecy of design or
implementation as the primary security method - considered a weak practice as
it fails when the design is discovered.
14. What is a security baseline? A minimum set of security controls and
configurations that must be implemented across systems to maintain an
acceptable security posture.
15. What is a trusted computing base (TCB)? The set of all hardware,
firmware, and software components critical to a system's security, whose failure
could compromise the entire security policy.
16. What is a reference monitor? An access control concept that mediates all
access attempts to resources, is tamper-proof, always invoked, and small
enough to be verified.
17. What is the Bell-LaPadula model? A security model focused on
confidentiality with two main rules: no read up (simple security property) and
no write down (star property) to prevent information leakage.
18. What is the Biba model? A security model focused on integrity with rules
preventing contamination: no read down (simple integrity) and no write up (star
integrity property).
19. What is the Clark-Wilson model? An integrity model focusing on well-
formed transactions and separation of duties, commonly used in commercial
applications requiring data integrity.
, 20. What is mandatory access control (MAC)? An access control method
where the system enforces access decisions based on security labels and
clearances, with users unable to override these controls.
21. What is discretionary access control (DAC)? An access control method
where resource owners can determine who has access to their resources,
allowing flexibility but less centralized control.
22. What is role-based access control (RBAC)? Access control based on
organizational roles rather than individual identities, simplifying management
by assigning permissions to roles that users inherit.
23. What is attribute-based access control (ABAC)? Dynamic access control
using multiple attributes (user, resource, environment) evaluated through
policies to make granular access decisions.
24. What is security architecture documentation? Formal documentation
describing security controls, network topology, data flows, trust boundaries, and
security mechanisms protecting organizational assets.
25. What is a security domain? A logical or physical area where specific
security policies and controls apply uniformly, with boundaries enforced to
prevent unauthorized cross-domain access.
26. What is compensating control? An alternative security measure
implemented when the primary control cannot be used, providing equivalent or
better protection through different means.
27. What is security through diversity? Using varied technologies, vendors,
and implementations to prevent single points of failure and make widespread
exploitation more difficult.
28. What is the principle of complete mediation? Every access request must
be checked against the access control mechanism - no caching or bypassing of
security checks is permitted.
29. What is the principle of open design? Security should not depend on the
secrecy of the design; the mechanism should be secure even if attackers know
how it works.
30. What is a security kernel? The core components of a TCB that enforce the
reference monitor concept, providing fundamental security functions for the
entire system.
Section 2: Network Security Architecture (Questions 31-60)
NEW EXAM QUESTIONS AND CORRECT ANSWERS FOR TOP
PERFORMANCE
1. What is defense in depth? A layered security approach that implements
multiple security controls at different levels to protect assets, ensuring that if
one layer fails, others remain to provide protection.
2. What are the three main security architecture principles? Confidentiality,
Integrity, and Availability (CIA Triad) - ensuring data is protected from
unauthorized access, remains accurate and unaltered, and is accessible when
needed.
3. What is the principle of least privilege? Users, processes, and systems
should only have the minimum level of access necessary to perform their
authorized functions, reducing the potential attack surface.
4. What is separation of duties? A security principle requiring that critical
tasks be divided among multiple individuals to prevent fraud, errors, and
unauthorized activities by ensuring no single person has complete control.
5. What is a security perimeter? A boundary that separates trusted internal
networks from untrusted external networks, typically enforced through
firewalls, DMZs, and access controls.
6. What is a DMZ (Demilitarized Zone)? A network segment that sits
between an internal trusted network and an external untrusted network,
providing an additional layer of security for publicly accessible services.
7. What is zero trust architecture? A security model that assumes no user or
system should be automatically trusted, requiring continuous verification of all
access requests regardless of location or network.
8. What is network segmentation? The practice of dividing a network into
smaller, isolated segments to limit lateral movement, contain breaches, and
improve security control granularity.
,9. What is the AAA framework? Authentication, Authorization, and
Accounting - a framework for controlling access by verifying identity, granting
appropriate permissions, and tracking user activities.
10. What is fail-safe in security design? A design principle ensuring that when
a system fails, it defaults to a secure state that denies access rather than allowing
unrestricted entry.
11. What is fail-secure? Similar to fail-safe, systems designed to maintain
security controls even during failure, typically by denying access when
authentication or validation cannot occur.
12. What is the difference between fail-open and fail-closed? Fail-open
allows access when a control fails (prioritizing availability), while fail-closed
denies access when a control fails (prioritizing security).
13. What is security by obscurity? Relying on the secrecy of design or
implementation as the primary security method - considered a weak practice as
it fails when the design is discovered.
14. What is a security baseline? A minimum set of security controls and
configurations that must be implemented across systems to maintain an
acceptable security posture.
15. What is a trusted computing base (TCB)? The set of all hardware,
firmware, and software components critical to a system's security, whose failure
could compromise the entire security policy.
16. What is a reference monitor? An access control concept that mediates all
access attempts to resources, is tamper-proof, always invoked, and small
enough to be verified.
17. What is the Bell-LaPadula model? A security model focused on
confidentiality with two main rules: no read up (simple security property) and
no write down (star property) to prevent information leakage.
18. What is the Biba model? A security model focused on integrity with rules
preventing contamination: no read down (simple integrity) and no write up (star
integrity property).
19. What is the Clark-Wilson model? An integrity model focusing on well-
formed transactions and separation of duties, commonly used in commercial
applications requiring data integrity.
, 20. What is mandatory access control (MAC)? An access control method
where the system enforces access decisions based on security labels and
clearances, with users unable to override these controls.
21. What is discretionary access control (DAC)? An access control method
where resource owners can determine who has access to their resources,
allowing flexibility but less centralized control.
22. What is role-based access control (RBAC)? Access control based on
organizational roles rather than individual identities, simplifying management
by assigning permissions to roles that users inherit.
23. What is attribute-based access control (ABAC)? Dynamic access control
using multiple attributes (user, resource, environment) evaluated through
policies to make granular access decisions.
24. What is security architecture documentation? Formal documentation
describing security controls, network topology, data flows, trust boundaries, and
security mechanisms protecting organizational assets.
25. What is a security domain? A logical or physical area where specific
security policies and controls apply uniformly, with boundaries enforced to
prevent unauthorized cross-domain access.
26. What is compensating control? An alternative security measure
implemented when the primary control cannot be used, providing equivalent or
better protection through different means.
27. What is security through diversity? Using varied technologies, vendors,
and implementations to prevent single points of failure and make widespread
exploitation more difficult.
28. What is the principle of complete mediation? Every access request must
be checked against the access control mechanism - no caching or bypassing of
security checks is permitted.
29. What is the principle of open design? Security should not depend on the
secrecy of the design; the mechanism should be secure even if attackers know
how it works.
30. What is a security kernel? The core components of a TCB that enforce the
reference monitor concept, providing fundamental security functions for the
entire system.
Section 2: Network Security Architecture (Questions 31-60)