1|Page
WGU D488 OA PREP CYBERSECURITY ARCHITECTURE AND
ENGINEERING EXAM TEST BANK
A financial institution is required to comply with the Payment Card Industry Data
Security Standard (PCI DSS), which sets requirements for the protection of
payment card data. The institution uses various software programs and utilities to
manage payment card data, and it is essential to ensure that only authorized
programs and utilities are allowed on the institution's systems.
Which security control will meet the needs of the institution?
Application allowlisting
What is SIEM?
Security information and event management. SIEM gives security teams a central
place to collect, aggregate, and analyze volumes of data across an enterprise,
effectively streamlining security workflows.
It also delivers operational capabilities such as compliance reporting, incident
management, and dashboards that prioritize threat activity.
A regional hospital with budget constraints stores critical patient information and
medical records on local servers.
Which type of disaster recovery site will ensure that the hospital can quickly
resume operations in case of a disaster?
A warm site that is partially equipped with the necessary hardware and software to
be operational in a short period of time
,2|Page
A manufacturing company is evaluating continuity options for its critical systems
and data.
Which protocol will ensure that the company can respond to an unexpected event
by ensuring that its critical systems are available and responsive with minimal
downtime and data loss?
Disaster recovery (DR) protocol, to ensure that recovery procedures are executed
in a consistent and efficient manner
An e-commerce company is developing a disaster recovery plan and wants to
determine how long its systems or applications can be down before causing
significant harm to the business.
What is the term used to describe this metric?
Maximum tolerable downtime (MTD)
A company is planning to update its disaster recovery plan to ensure that it meets
the latest regulations on securing personally identifiable information (PII).
What is the term used to describe the process of identifying and evaluating the
effect that the updated plan will have on the company's operations and
stakeholders?
Privacy Impact Assessment (PIA)
,3|Page
In the event of a cyberattack, a company's security team needs to be able to
respond quickly and remediate the issue to minimize the impact.
Which solution will streamline the incident response process?
Security orchestration, automation, and response (SOAR)
What is SOAR?
SOAR—for security orchestration, automation and response—is a software
solution that enables security teams to integrate and coordinate separate security
tools, automate repetitive tasks and streamline incident and threat response
workflows.
A company's website is a critical component of their business operations.
However, due to an unexpected disaster, their website is experiencing a high
volume of traffic, which is negatively affecting its performance. As part of their
disaster recovery plan, the company is looking for a solution that can improve
website speed and performance.
Which solution will meet the needs of the company?
Content delivery network (CDN)
, 4|Page
A company is developing its disaster recovery plan and wants to ensure the
security of its data, even in the event of a major disaster. The IT team is
considering using a tool that provides visibility into cloud applications and
enforces data security policies.
Which tool will meet the needs of the company?
Cloud access security broker (CASB
The chief technology officer for a small publishing company has been tasked with
improving the company's security posture. As part of a network upgrade, the
company has decided to implement intrusion detection, spam filtering, content
filtering, and antivirus controls. The project needs to be completed using the least
amount of infrastructure while meeting all requirements.
Which solution fulfills these requirements?
Deploying a unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to
alert engineers about inbound threats. The team already has a database of
signatures that they want the IDS solution to validate.
Which detection technique meets the requirements?
Signature-based detection
An IT organization had a security breach after deploying an update to its
production web servers. The application currently goes through a manual update
WGU D488 OA PREP CYBERSECURITY ARCHITECTURE AND
ENGINEERING EXAM TEST BANK
A financial institution is required to comply with the Payment Card Industry Data
Security Standard (PCI DSS), which sets requirements for the protection of
payment card data. The institution uses various software programs and utilities to
manage payment card data, and it is essential to ensure that only authorized
programs and utilities are allowed on the institution's systems.
Which security control will meet the needs of the institution?
Application allowlisting
What is SIEM?
Security information and event management. SIEM gives security teams a central
place to collect, aggregate, and analyze volumes of data across an enterprise,
effectively streamlining security workflows.
It also delivers operational capabilities such as compliance reporting, incident
management, and dashboards that prioritize threat activity.
A regional hospital with budget constraints stores critical patient information and
medical records on local servers.
Which type of disaster recovery site will ensure that the hospital can quickly
resume operations in case of a disaster?
A warm site that is partially equipped with the necessary hardware and software to
be operational in a short period of time
,2|Page
A manufacturing company is evaluating continuity options for its critical systems
and data.
Which protocol will ensure that the company can respond to an unexpected event
by ensuring that its critical systems are available and responsive with minimal
downtime and data loss?
Disaster recovery (DR) protocol, to ensure that recovery procedures are executed
in a consistent and efficient manner
An e-commerce company is developing a disaster recovery plan and wants to
determine how long its systems or applications can be down before causing
significant harm to the business.
What is the term used to describe this metric?
Maximum tolerable downtime (MTD)
A company is planning to update its disaster recovery plan to ensure that it meets
the latest regulations on securing personally identifiable information (PII).
What is the term used to describe the process of identifying and evaluating the
effect that the updated plan will have on the company's operations and
stakeholders?
Privacy Impact Assessment (PIA)
,3|Page
In the event of a cyberattack, a company's security team needs to be able to
respond quickly and remediate the issue to minimize the impact.
Which solution will streamline the incident response process?
Security orchestration, automation, and response (SOAR)
What is SOAR?
SOAR—for security orchestration, automation and response—is a software
solution that enables security teams to integrate and coordinate separate security
tools, automate repetitive tasks and streamline incident and threat response
workflows.
A company's website is a critical component of their business operations.
However, due to an unexpected disaster, their website is experiencing a high
volume of traffic, which is negatively affecting its performance. As part of their
disaster recovery plan, the company is looking for a solution that can improve
website speed and performance.
Which solution will meet the needs of the company?
Content delivery network (CDN)
, 4|Page
A company is developing its disaster recovery plan and wants to ensure the
security of its data, even in the event of a major disaster. The IT team is
considering using a tool that provides visibility into cloud applications and
enforces data security policies.
Which tool will meet the needs of the company?
Cloud access security broker (CASB
The chief technology officer for a small publishing company has been tasked with
improving the company's security posture. As part of a network upgrade, the
company has decided to implement intrusion detection, spam filtering, content
filtering, and antivirus controls. The project needs to be completed using the least
amount of infrastructure while meeting all requirements.
Which solution fulfills these requirements?
Deploying a unified threat management (UTM) appliance
The security team plans to deploy an intrusion detection system (IDS) solution to
alert engineers about inbound threats. The team already has a database of
signatures that they want the IDS solution to validate.
Which detection technique meets the requirements?
Signature-based detection
An IT organization had a security breach after deploying an update to its
production web servers. The application currently goes through a manual update
