FINAL EXAM TEST BANK: WGU D488
CYBERSECURITY ARCHITECTURE AND
ENGINEERING, 2025/2026 GRADE A | 100%
CORRECT (VERIFIED SOLUTIONS)
CYBERSECURITY ARCHITECTURE AND
ENGINEERING
Questions 1–7
1. A security team notices traffic coming from a country where the organization does not
have any business operations. Which of the following would fix the network alert?
,A. High volume
B. DDoS network traffic
C. Geography inconsistencies (Correct Answer)
D. Unauthorized changes
Rationale: Unusual geolocation traffic is a known “geographic anomaly” and should be flagged or blocked.
2. A forensic analyst is creating a copy of evidence. Which stage of the forensics process is
this part of?
A. Identification
B. Analysis
C. Collection (Correct Answer)
D. Presentation
E. Selection
Rationale: Creating a forensic image is part of the Collection phase.
3. A forensic analyst makes a forensic copy and uses hashing to ensure integrity. What
stage is this?
A. Identification
B. Analysis
C. Collection (Correct Answer)
D. Presentation
E. Selection
Rationale: Hashing verifies integrity during the Collection stage.
4. A forensic investigator prepares a detailed report for court. What stage of forensics is
this?
A. Identification
B. Analysis
C. Collection
D. Presentation (Correct Answer)
E. Formulation
Rationale: Presentation is the final documentation stage.
, 5. A web client attacker injects a script into client-side code to run as though from the
victim's site. What attack is this?
A. Reflected XSS
B. Stored XSS (Correct Answer)
C. HTTP Request Forgery
D. Directory Traversal
E. Stored XSS
Rationale: Stored XSS places malicious code permanently into the site’s content.
6. A first responder secures a digital crime scene and ensures the safety of personnel. What
forensic stage is this?
A. Identification (Correct Answer)
B. Analysis
C. Collection
D. Presentation
Rationale: Identification includes scene control and evidence recognition.
7. A forensic expert reconstructs file structures and identifies signs of tampering. What
stage is this?
A. Identification
B. Analysis (Correct Answer)
C. Collection
D. Presentation
Rationale: Analysis interprets and examines the collected data.
NETWORK SECURITY & ARCHITECTURE
8. Which firewall function best prevents unauthorized inbound connections?
A. NAT
B. ACL filtering (Correct Answer)
C. Port forwarding
D. Proxy caching
CYBERSECURITY ARCHITECTURE AND
ENGINEERING, 2025/2026 GRADE A | 100%
CORRECT (VERIFIED SOLUTIONS)
CYBERSECURITY ARCHITECTURE AND
ENGINEERING
Questions 1–7
1. A security team notices traffic coming from a country where the organization does not
have any business operations. Which of the following would fix the network alert?
,A. High volume
B. DDoS network traffic
C. Geography inconsistencies (Correct Answer)
D. Unauthorized changes
Rationale: Unusual geolocation traffic is a known “geographic anomaly” and should be flagged or blocked.
2. A forensic analyst is creating a copy of evidence. Which stage of the forensics process is
this part of?
A. Identification
B. Analysis
C. Collection (Correct Answer)
D. Presentation
E. Selection
Rationale: Creating a forensic image is part of the Collection phase.
3. A forensic analyst makes a forensic copy and uses hashing to ensure integrity. What
stage is this?
A. Identification
B. Analysis
C. Collection (Correct Answer)
D. Presentation
E. Selection
Rationale: Hashing verifies integrity during the Collection stage.
4. A forensic investigator prepares a detailed report for court. What stage of forensics is
this?
A. Identification
B. Analysis
C. Collection
D. Presentation (Correct Answer)
E. Formulation
Rationale: Presentation is the final documentation stage.
, 5. A web client attacker injects a script into client-side code to run as though from the
victim's site. What attack is this?
A. Reflected XSS
B. Stored XSS (Correct Answer)
C. HTTP Request Forgery
D. Directory Traversal
E. Stored XSS
Rationale: Stored XSS places malicious code permanently into the site’s content.
6. A first responder secures a digital crime scene and ensures the safety of personnel. What
forensic stage is this?
A. Identification (Correct Answer)
B. Analysis
C. Collection
D. Presentation
Rationale: Identification includes scene control and evidence recognition.
7. A forensic expert reconstructs file structures and identifies signs of tampering. What
stage is this?
A. Identification
B. Analysis (Correct Answer)
C. Collection
D. Presentation
Rationale: Analysis interprets and examines the collected data.
NETWORK SECURITY & ARCHITECTURE
8. Which firewall function best prevents unauthorized inbound connections?
A. NAT
B. ACL filtering (Correct Answer)
C. Port forwarding
D. Proxy caching
