WGU D488 SECURITY ARCHITECTURE –
NEWEST 2026 OA EXAM TEST BANK
(200+ Q&A WITH RATIONALES)
SECTION 1: NETWORK SECURITY ARCHITECTURE
Questions 1-35
Question 1
A solutions architect is designing a security architecture for a nuclear power plant
facility. Which of the following would be the best design?
A) Jump box
B) Guest environment
C) Peer-to-peer
D) Air gap
Correct ,,,answer,,,,: D
Rationale: An air gap provides physical isolation of a secure network from
unsecured networks, making it impossible for attackers to remotely access
sensitive systems. For critical infrastructure like nuclear power plants, air gaps are
the highest security design .
,Question 2
Which network appliance is used to provide fault tolerance by re-directing traffic
when one server in a group becomes inoperable?
A) NAT gateway
B) Firewall
C) Router
D) Load balancer
Correct ,,,answer,,,,: D
Rationale: A load balancer distributes traffic across multiple servers and
automatically redirects traffic away from failed servers to operational ones,
providing fault tolerance and high availability .
Question 3
Which device provides foundational protection for a network by blocking or
allowing traffic based on pre-configured rules?
A) Firewall
B) Router
C) Load balancer
D) NAT gateway
Correct ,,,answer,,,,: A
Rationale: A firewall is the foundational network security device that filters traffic
based on rule sets, blocking or allowing packets according to security policies .
,Question 4
Which device forwards traffic between subnets by inspecting IP addresses and
operates at layer 3 of the OSI model?
A) Firewall
B) Load balancer
C) Router
D) NAT gateway
Correct ,,,answer,,,,: C
Rationale: A router operates at the Network layer (Layer 3) and forwards packets
between different subnets based on IP addresses .
Question 5
What allows connectivity between private subnets, or Virtual Private Clouds
(VPC), and the Internet?
A) Router
B) Load balancer
C) NAT gateway
D) Firewall
Correct ,,,answer,,,,: C
Rationale: A NAT (Network Address Translation) gateway enables private
subnets to access the internet by translating private IP addresses to public IP
addresses, while preventing direct inbound access from the internet .
, Question 6
Which network device would you use to ensure that traffic continues to flow to a
functional web server when another server in a cluster goes down?
A) Router
B) Load balancer
C) Firewall
D) NAT gateway
Correct ,,,answer,,,,: B
Rationale: A load balancer monitors server health and distributes traffic only to
healthy servers. When a server fails, the load balancer stops sending traffic to it,
maintaining service availability .
Question 7
Which Type 1 hypervisor would you choose if you're looking for a bare metal
solution from VMware that supports multiple virtual machines running on a single
physical machine?
A) Hyper-V
B) Windows Server
C) XEN
D) ESXi
Correct ,,,answer,,,,: D
Rationale: VMware ESXi is a Type 1 (bare metal) hypervisor that runs directly on
server hardware without a host operating system, providing efficient virtualization
of multiple VMs .
NEWEST 2026 OA EXAM TEST BANK
(200+ Q&A WITH RATIONALES)
SECTION 1: NETWORK SECURITY ARCHITECTURE
Questions 1-35
Question 1
A solutions architect is designing a security architecture for a nuclear power plant
facility. Which of the following would be the best design?
A) Jump box
B) Guest environment
C) Peer-to-peer
D) Air gap
Correct ,,,answer,,,,: D
Rationale: An air gap provides physical isolation of a secure network from
unsecured networks, making it impossible for attackers to remotely access
sensitive systems. For critical infrastructure like nuclear power plants, air gaps are
the highest security design .
,Question 2
Which network appliance is used to provide fault tolerance by re-directing traffic
when one server in a group becomes inoperable?
A) NAT gateway
B) Firewall
C) Router
D) Load balancer
Correct ,,,answer,,,,: D
Rationale: A load balancer distributes traffic across multiple servers and
automatically redirects traffic away from failed servers to operational ones,
providing fault tolerance and high availability .
Question 3
Which device provides foundational protection for a network by blocking or
allowing traffic based on pre-configured rules?
A) Firewall
B) Router
C) Load balancer
D) NAT gateway
Correct ,,,answer,,,,: A
Rationale: A firewall is the foundational network security device that filters traffic
based on rule sets, blocking or allowing packets according to security policies .
,Question 4
Which device forwards traffic between subnets by inspecting IP addresses and
operates at layer 3 of the OSI model?
A) Firewall
B) Load balancer
C) Router
D) NAT gateway
Correct ,,,answer,,,,: C
Rationale: A router operates at the Network layer (Layer 3) and forwards packets
between different subnets based on IP addresses .
Question 5
What allows connectivity between private subnets, or Virtual Private Clouds
(VPC), and the Internet?
A) Router
B) Load balancer
C) NAT gateway
D) Firewall
Correct ,,,answer,,,,: C
Rationale: A NAT (Network Address Translation) gateway enables private
subnets to access the internet by translating private IP addresses to public IP
addresses, while preventing direct inbound access from the internet .
, Question 6
Which network device would you use to ensure that traffic continues to flow to a
functional web server when another server in a cluster goes down?
A) Router
B) Load balancer
C) Firewall
D) NAT gateway
Correct ,,,answer,,,,: B
Rationale: A load balancer monitors server health and distributes traffic only to
healthy servers. When a server fails, the load balancer stops sending traffic to it,
maintaining service availability .
Question 7
Which Type 1 hypervisor would you choose if you're looking for a bare metal
solution from VMware that supports multiple virtual machines running on a single
physical machine?
A) Hyper-V
B) Windows Server
C) XEN
D) ESXi
Correct ,,,answer,,,,: D
Rationale: VMware ESXi is a Type 1 (bare metal) hypervisor that runs directly on
server hardware without a host operating system, providing efficient virtualization
of multiple VMs .
