Page 1 of 410
WGU D488 Cybersecurity Architecture and Engineering
(CASP+) EXAM ALL 1000 QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE THIS YEAR
D488 - Cybersecurity Architecture and Engineering (CASP+)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed
C) Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share
protected health information (PHI) data from medical records.
What is the best solution?
A) Encryption
1
, Page 2 of 410
B) Metadata
C) Anonymization
D) Obfuscation
C) Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity
C) Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team
has been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments.
2
, Page 3 of 410
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM)
C) Attribute-based access control (ABAC)
A team of developers is building a new corporate web application. The security team has
stated that the application must authenticate users through two separate channels of
communication.
Which type of authentication method should the developers include when building the
application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
D) Challenge-Handshake Authentication Protocol (CHAP)
C) Out-of-band authentication
3
, Page 4 of 410
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in
to all corporate resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec)
C) Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its
web applications.
Which of the following protocols provides the best method for securely authenticating users
and granting access?
A) Simple network management protocol (SNMP)
B) Extensible Authentication Protocol (EAP)
C) Open Authentication (OAuth)
D) Secure Sockets Layer (SSL)
4
WGU D488 Cybersecurity Architecture and Engineering
(CASP+) EXAM ALL 1000 QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE THIS YEAR
D488 - Cybersecurity Architecture and Engineering (CASP+)
A security team has been tasked with performing regular vulnerability scans for a cloud-
based infrastructure.
How should these vulnerability scans be conducted when implementing zero trust security?
A) Manually
B) Annually
C) Automatically
D) As needed
C) Automatically
A healthcare company needs to ensure that medical researchers cannot inadvertently share
protected health information (PHI) data from medical records.
What is the best solution?
A) Encryption
1
, Page 2 of 410
B) Metadata
C) Anonymization
D) Obfuscation
C) Anonymization
A security team has been tasked with mitigating the risk of stolen credentials after a recent
breach. The solution must isolate the use of privileged accounts. In the future, administrators
must request access to mission-critical services before they can perform their tasks.
What is the best solution?
A) Identity and access management (IAM)
B) Password policies
C) Privileged access management (PAM)
D) Password complexity
C) Privileged access management (PAM)
A global manufacturing company is moving its applications to the cloud. The security team
has been tasked with hardening the access controls for a corporate web application that was
recently migrated. End users should be granted access to different features based on their
locations and departments.
2
, Page 3 of 410
Which access control solution should be implemented?
A) Kerberos
B) Mandatory access control (MAC)
C) Attribute-based access control (ABAC)
D) Privileged access management (PAM)
C) Attribute-based access control (ABAC)
A team of developers is building a new corporate web application. The security team has
stated that the application must authenticate users through two separate channels of
communication.
Which type of authentication method should the developers include when building the
application?
A) In-band authentication
B) Kerberos
C) Out-of-band authentication
D) Challenge-Handshake Authentication Protocol (CHAP)
C) Out-of-band authentication
3
, Page 4 of 410
An IT organization is implementing a hybrid cloud deployment. Users should be able to sign in
to all corporate resources using their email addresses as their usernames, regardless of
whether they are accessing an application on-premises or in the cloud.
Which solution meets this requirement?
A) JSON Web Token (JWT)
B) Trusted Platform Module (TPM)
C) Single sign-on (SSO)
D) Internet Protocol Security (IPsec)
C) Single sign-on (SSO)
The security team has been tasked with implementing a secure authorization protocol for its
web applications.
Which of the following protocols provides the best method for securely authenticating users
and granting access?
A) Simple network management protocol (SNMP)
B) Extensible Authentication Protocol (EAP)
C) Open Authentication (OAuth)
D) Secure Sockets Layer (SSL)
4
