.
WGU D488 Cybersecurity Architecture &
Engineering Practice Exam Questions
and Correct Answers 100%
1. Which security principle requires users to have only the permissions necessary
to perform their job duties?
A. Separation of duties
B. Defense in depth
C. Least privilege
D. Fail-safe defaults
Correct Answer: C. Least privilege
2. Which architecture component is primarily responsible for enforcing access
decisions in a Zero Trust environment?
A. Hypervisor
B. Policy Enforcement Point (PEP)
C. Load Balancer
D. DNS Server
Correct Answer: B. Policy Enforcement Point (PEP)
3. What is the primary purpose of network segmentation?
A. Increase storage capacity
B. Reduce power consumption
C. Limit lateral movement of attackers
D. Improve printer performance
Correct Answer: C. Limit lateral movement of attackers
,4. Which cryptographic algorithm is considered asymmetric?
A. AES
B. DES
C. RSA
D. 3DES
Correct Answer: C. RSA
5. A security architect recommends implementing multiple layers of security
controls. Which principle is being applied?
A. Defense in depth
B. Need to know
C. Risk transference
D. Obfuscation
Correct Answer: A. Defense in depth
6. What is the main benefit of using a Hardware Security Module (HSM)?
A. Faster internet access
B. Secure storage and management of cryptographic keys
C. Improved email delivery
D. Larger disk capacity
Correct Answer: B. Secure storage and management of cryptographic keys
7. Which framework is widely used for identifying and managing cybersecurity
risks?
A. TCP/IP
B. NIST Cybersecurity Framework
C. SMTP
D. HTML
Correct Answer: B. NIST Cybersecurity Framework
, 8. Which cloud service model provides customers with the most control over the
operating system?
A. SaaS
B. DaaS
C. IaaS
D. FaaS
Correct Answer: C. IaaS
9. What is the primary purpose of a DMZ?
A. Store backups
B. Isolate public-facing services from the internal network
C. Encrypt databases
D. Manage wireless devices
Correct Answer: B. Isolate public-facing services from the internal network
10. Which security control type is a firewall?
A. Administrative
B. Physical
C. Technical
D. Deterrent
Correct Answer: C. Technical
11. Which CIA triad component ensures data is not altered without
authorization?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Correct Answer: B. Integrity
WGU D488 Cybersecurity Architecture &
Engineering Practice Exam Questions
and Correct Answers 100%
1. Which security principle requires users to have only the permissions necessary
to perform their job duties?
A. Separation of duties
B. Defense in depth
C. Least privilege
D. Fail-safe defaults
Correct Answer: C. Least privilege
2. Which architecture component is primarily responsible for enforcing access
decisions in a Zero Trust environment?
A. Hypervisor
B. Policy Enforcement Point (PEP)
C. Load Balancer
D. DNS Server
Correct Answer: B. Policy Enforcement Point (PEP)
3. What is the primary purpose of network segmentation?
A. Increase storage capacity
B. Reduce power consumption
C. Limit lateral movement of attackers
D. Improve printer performance
Correct Answer: C. Limit lateral movement of attackers
,4. Which cryptographic algorithm is considered asymmetric?
A. AES
B. DES
C. RSA
D. 3DES
Correct Answer: C. RSA
5. A security architect recommends implementing multiple layers of security
controls. Which principle is being applied?
A. Defense in depth
B. Need to know
C. Risk transference
D. Obfuscation
Correct Answer: A. Defense in depth
6. What is the main benefit of using a Hardware Security Module (HSM)?
A. Faster internet access
B. Secure storage and management of cryptographic keys
C. Improved email delivery
D. Larger disk capacity
Correct Answer: B. Secure storage and management of cryptographic keys
7. Which framework is widely used for identifying and managing cybersecurity
risks?
A. TCP/IP
B. NIST Cybersecurity Framework
C. SMTP
D. HTML
Correct Answer: B. NIST Cybersecurity Framework
, 8. Which cloud service model provides customers with the most control over the
operating system?
A. SaaS
B. DaaS
C. IaaS
D. FaaS
Correct Answer: C. IaaS
9. What is the primary purpose of a DMZ?
A. Store backups
B. Isolate public-facing services from the internal network
C. Encrypt databases
D. Manage wireless devices
Correct Answer: B. Isolate public-facing services from the internal network
10. Which security control type is a firewall?
A. Administrative
B. Physical
C. Technical
D. Deterrent
Correct Answer: C. Technical
11. Which CIA triad component ensures data is not altered without
authorization?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Correct Answer: B. Integrity