2025/2026 WGU D488 Objective Assessment Test Bank||Questions
And Correct Verified Answers/D488 Cybersecurity Architecture
And Engineering Latest Version!!!Already Graded A+
What should a business use to provide non-repudiation for emails
between employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - Answer-C - S/MIME (Secure/Multipurpose Internet Mail
Extensions)
S/MIME provides non-repudiation for emails by using digital
signatures.
Which strategy is appropriate for a risk management team to
determine if a business has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - Answer-B - Gap assessment
A gap assessment identifies the gaps between the current security
control and the desired or required levels of security.
Which of the following outcomes is MOST likely for an organization
that decides to ignore End-of-Life (EOL) warnings and continues to
use outdated systems?
The organization will face increased security risks, compliance issues,
and higher long-term costs.
A company is preparing to release a major update to its software
application. They want to ensure that the update does not negatively
impact the user experience. The team has already implemented unit
tests and integration tests.
pg. 1
,Which additional testing strategy should the company employ to
minimize the risk of issues in the production environment?
Canary Testing to expose a small subset of users to the update
Which of the following statements BEST describes the effectiveness
of the shared responsibility model in ensuring cloud security?
It fosters a collaborative approach where both providers and
customers contribute to the security of cloud resources.
Your organization has conducted a vulnerability assessment and
identified several vulnerabilities with high CVSS scores. However,
the penetration testing team found that some of these vulnerabilities
are not exploitable in your specific environment.
How should you analyze this information to make an informed
decision on remediation priorities?
Combine the CVSS scores with the penetration testing results to
prioritize vulnerabilities that are both severe and exploitable.
In what way does continuous authorization differ from context-based
reauthentication in a Zero Trust Architecture (ZTA)?
Continuous authorization maintains an ongoing evaluation of trust,
while context-based reauthentication focuses on specific triggers.
What is the primary purpose of detective cloud control strategies?
To provide real-time monitoring and logging of cloud activities
Which factor would most likely influence an organization to choose a
hybrid infrastructure over a purely on-premises or purely cloud-based
solution?
The necessity to comply with regulatory requirements that mandate
data to be stored on-premises.
Which type of security should a business use on its layer 2 switch to
isolate the finance network from other departmental networks?
A - Virtual Private Network (VPN)
pg. 2
,B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - Answer-C - Virtual
Local Area Network (VLAN)
VLANs allow companies to logically segment network traffic,
ensuring devices on different VLANs cannot communicate unless
otherwise specified in a layer 3 device like a router.
Which type of software testing should be used when there has been a
change within the existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - Answer-A - Regression Testing
Regression testing ensures that recent changes within the environment
have not introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password
that may match common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - Answer-B - Password Auditing
Password auditing allows for existing passwords to be compared
against known weak passwords to help determine the security of a
credential.
What should an organization implement if it wants users of their site
to provide a password, memorable word, and pin?
A - Multi-factor authentication (MFA)
pg. 3
, B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - Answer-A - Multi-factor
authentication
MFA enhances security by requiring multiple forms of authentication,
therefore reducing the risk of unauthorized access.
A network technician is asked by their manager to update security to
block several known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - Answer-B - Firewall rules
Firewall rules can be set up to deny traffic coming from known
malicious IP addresses.
On a shopping website, there is a 500-millisecond delay when the
authorized payment button is selected for purchases. Attackers have
been running a script to alter the final payment that takes 200
milliseconds. Which vulnerability on the website is being targeted by
the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - Answer-D - Race Condition
A race condition occurs when multiple processes or actions are
executed simultaneously, and the outcome depends on the sequence or
timing of events.
pg. 4
And Correct Verified Answers/D488 Cybersecurity Architecture
And Engineering Latest Version!!!Already Graded A+
What should a business use to provide non-repudiation for emails
between employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - Answer-C - S/MIME (Secure/Multipurpose Internet Mail
Extensions)
S/MIME provides non-repudiation for emails by using digital
signatures.
Which strategy is appropriate for a risk management team to
determine if a business has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - Answer-B - Gap assessment
A gap assessment identifies the gaps between the current security
control and the desired or required levels of security.
Which of the following outcomes is MOST likely for an organization
that decides to ignore End-of-Life (EOL) warnings and continues to
use outdated systems?
The organization will face increased security risks, compliance issues,
and higher long-term costs.
A company is preparing to release a major update to its software
application. They want to ensure that the update does not negatively
impact the user experience. The team has already implemented unit
tests and integration tests.
pg. 1
,Which additional testing strategy should the company employ to
minimize the risk of issues in the production environment?
Canary Testing to expose a small subset of users to the update
Which of the following statements BEST describes the effectiveness
of the shared responsibility model in ensuring cloud security?
It fosters a collaborative approach where both providers and
customers contribute to the security of cloud resources.
Your organization has conducted a vulnerability assessment and
identified several vulnerabilities with high CVSS scores. However,
the penetration testing team found that some of these vulnerabilities
are not exploitable in your specific environment.
How should you analyze this information to make an informed
decision on remediation priorities?
Combine the CVSS scores with the penetration testing results to
prioritize vulnerabilities that are both severe and exploitable.
In what way does continuous authorization differ from context-based
reauthentication in a Zero Trust Architecture (ZTA)?
Continuous authorization maintains an ongoing evaluation of trust,
while context-based reauthentication focuses on specific triggers.
What is the primary purpose of detective cloud control strategies?
To provide real-time monitoring and logging of cloud activities
Which factor would most likely influence an organization to choose a
hybrid infrastructure over a purely on-premises or purely cloud-based
solution?
The necessity to comply with regulatory requirements that mandate
data to be stored on-premises.
Which type of security should a business use on its layer 2 switch to
isolate the finance network from other departmental networks?
A - Virtual Private Network (VPN)
pg. 2
,B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - Answer-C - Virtual
Local Area Network (VLAN)
VLANs allow companies to logically segment network traffic,
ensuring devices on different VLANs cannot communicate unless
otherwise specified in a layer 3 device like a router.
Which type of software testing should be used when there has been a
change within the existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - Answer-A - Regression Testing
Regression testing ensures that recent changes within the environment
have not introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password
that may match common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - Answer-B - Password Auditing
Password auditing allows for existing passwords to be compared
against known weak passwords to help determine the security of a
credential.
What should an organization implement if it wants users of their site
to provide a password, memorable word, and pin?
A - Multi-factor authentication (MFA)
pg. 3
, B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - Answer-A - Multi-factor
authentication
MFA enhances security by requiring multiple forms of authentication,
therefore reducing the risk of unauthorized access.
A network technician is asked by their manager to update security to
block several known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - Answer-B - Firewall rules
Firewall rules can be set up to deny traffic coming from known
malicious IP addresses.
On a shopping website, there is a 500-millisecond delay when the
authorized payment button is selected for purchases. Attackers have
been running a script to alter the final payment that takes 200
milliseconds. Which vulnerability on the website is being targeted by
the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - Answer-D - Race Condition
A race condition occurs when multiple processes or actions are
executed simultaneously, and the outcome depends on the sequence or
timing of events.
pg. 4
