Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

WGU D488 Cybersecurity Architecture and Engineering Questions and Correct Answers Exam 2026

Rating
-
Sold
-
Pages
153
Grade
A+
Uploaded on
22-03-2026
Written in
2025/2026

What could cause Business Continuity and Disaster Recovery (BCDR) development work to come to a halt, even if plans are in place? A. Lack of leadership support for dedicating resources to testing activities B. Incomplete system inventory C. Unavailable staff resources D. Inadequate metrics A. Lack of leadership support for dedicating resources to testing activities What must key strategic objectives and metrics development include to measure operational success effectively? A. Testing activities B. Staff resources C. Leadership support D. Business Continuity and Disaster Recovery (BCDR) activities D. Business Continuity and Disaster Recovery (BCDR) activities A major retail company needs to set up alternate sites so that despite any unforeseen circumstances, the business has as little impact on its operation as possible. Which of the following would be the best setup? A. Cold site B. Warm site C. Hot site D. Mobile site C. Hot site Which type of alternate site provides close to real-time activation with little to no service disruption but is the most expensive and complicated to implement? A. Cold site B. Warm site C. Hot site D. Mobile site C. Hot site What type of alternate site is simply a facility under the organization's control but lacks pre-established information system capability? Cybersecurity Cybersecurity A. Warm site B. Cold site C. Hot site D. Mobile site B. Cold site Which type of alternate site includes a scaled-down data center that can run critical systems and software but is not as immediately operational as a hot site? A. Cold site B. Warm site C. Hot site D. Mobile site B. Warm site What type of alternate site can be described as a "data center in a box" and is commonly used by the military? A. Hot site B. Warm site C. Cold site D. Mobile site D. Mobile site A military unit is going into a foreign country and setting up a small data center for their operations but wants to have an alternate option that is flexible and versatile. Which of the following options would best suit their needs? A. Cold site B. Warm site C. Hot site D. Mobile site D. Mobile site A disaster recovery planner needs to focus prioritization efforts around operational impact. The disaster recovery planner should focus on which system? A. Demilitarized Zone B. External systems C. Systems with critical vulnerabilities D. Mission critical systems D. Mission critical systems Which systems are most important for operational continuity and should be prioritized in disaster recovery planning? A. External systems B. Systems with critical vulnerabilities C. Demilitarized Zone (DMZ) systems D. Mission critical systems D. Mission critical systems Cybersecurity Cybersecurity Why is it important to collaborate with business units when identifying mission critical systems? A. To determine the most critical vulnerabilities B. To ensure that DMZ systems are prioritized C. To gauge the operational impacts of an outage D. To properly categorize external systems C. To gauge the operational impacts of an outage Why might Demilitarized Zone (DMZ) systems, despite their extra risk factor, not be prioritized over mission critical systems in disaster recovery planning? A. They are always more secure than mission critical systems B. They are not essential for keeping operations running C. They are external systems and not part of the internal network D. They have fewer critical vulnerabilities B. They are not essential for keeping operations running What should be the top priority in disaster recovery planning over systems with critical vulnerabilities? A. Demilitarized Zone (DMZ) systems B. Mission critical systems C. External systems D. Less critical vulnerabilities B. Mission critical systems A security architect is looking for examples of standards and regulations with descriptions of Business Continuity and Disaster Recovery (BCDR) capabilities. Which of the following are examples? (Select all that apply.) 1. SOX (Sarbanes-Oxley Act) 2. GLBA (Gramm-Leach-Bliley Act) 3. DRaaS (Disaster Recovery as a Service) 4. FFIEC (Federal Financial Institutions Examination Council) A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 B) 1, 2, 4 Which act related to fraudulent accounting includes descriptions of Business Continuity and Disaster Recovery (BCDR) capabilities? A. GLBA (Gramm-Leach-Bliley Act) B. DRaaS (Disaster Recovery as a Service) C. SOX (Sarbanes-Oxley Act) D. FFIEC (Federal Financial Institutions Examination Council) C. SOX (Sarbanes-Oxley Act) Cybersecurity Cybersecurity Which act related to personal financial information includes requirements for Business Continuity and Disaster Recovery (BCDR) capabilities? A. SOX (Sarbanes-Oxley Act) B. GLBA (Gramm-Leach-Bliley Act) C. DRaaS (Disaster Recovery as a Service) D. FFIEC (Federal Financial Institutions Examination Council) B. GLBA (Gramm-Leach-Bliley Act) Which council provides guidelines and standards for financial institutions, including Business Continuity and Disaster Recovery (BCDR) capabilities? A. SOX (Sarbanes-Oxley Act) B. GLBA (Gramm-Leach-Bliley Act) C. DRaaS (Disaster Recovery as a Service) D. FFIEC (Federal Financial Institutions Examination Council) D. FFIEC (Federal Financial Institutions Examination Council) Which of the following is not a standard or regulation but a mechanism to achieve Business Continuity and Disaster Recovery (BCDR) capabilities using public cloud services? A. SOX (Sarbanes-Oxley Act) B. GLBA (Gramm-Leach-Bliley Act) C. FFIEC (Federal Financial Institutions Examination Council) D. DRaaS (Disaster Recovery as a Service) D. DRaaS (Disaster Recovery as a Service) A security analyst is setting up documents for the outputs of the test or incident, along with recommendations based on the outputs and findings. Which standard should the analyst reference? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. ISO standard 15408 C. NIST 800-84 Which NIST Special Publication provides a guide to test, training, and exercise programs for IT plans and includes an after-action report template to help with documentation and findings? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. ISO standard 15408 C. NIST 800-84 Which NIST Special Publication outlines necessary controls for audits of information systems used for certification, focusing on security and privacy? Cybersecurity Cybersecurity A. NIST 800-84 B. ISO standard 15408 C. NIST 800-61 (Computer Security Incident Handling Guide) D. NIST 800-53 (Security and Privacy Controls for Information Systems) D. NIST 800-53 (Security and Privacy Controls for Information Systems) Which NIST Special Publication is titled "Computer Security Incident Handling Guide" and identifies the necessary groups when responding to an incident? A. ISO standard 15408 B. NIST 800-53 (Security and Privacy Controls for Information Systems) C. NIST 800-84 D. NIST 800-61 (Computer Security Incident Handling Guide) D. NIST 800-61 (Computer Security Incident Handling Guide) Which standard addresses IT security techniques, including the introduction and general model, as well as functional and assurance components? A. NIST 800-61 (Computer Security Incident Handling Guide) B. ISO standard 15408 C. NIST 800-84 D. NIST 800-53 (Security and Privacy Controls for Information Systems) B. ISO standard 15408 A data center lead is preparing an organization for disaster recovery by performing an actual test to ensure systems can failover but wants to minimize impact to production systems. Which method should the data center lead use? A. Parallel test B. Full interruption C. Walk-through D. Tabletop exercise A. Parallel test Which disaster recovery test method involves isolating the DR site from the primary site and activating it as though the company is using the DR site, thereby minimizing impact on production systems? A. Full interruption B. Walk-through C. Parallel test D. Tabletop exercise C. Parallel test Which disaster recovery test method involves performing the exercise on live systems and data, potentially causing a true disaster recovery event if mistakes occur? A. Tabletop exercise B. Walk-through C. Parallel test D. Full interruption Cybersecurity Cybersecurity D. Full interruption Which method is not an active test but requires representatives from all groups included in the BCDR plan to participate in a meeting to review the plan? A. Parallel test B. Full interruption C. Walk-through D. Tabletop exercise C. Walk-through Which method is a non-active test that identifies a specific objective and uses it to determine whether all parties involved in the response know what to do? A. Parallel test B. Full interruption C. Walk-through D. Tabletop exercise D. Tabletop exercise A security analyst is leading a disaster recovery simulation and wants to determine whether all parties involved in the response know what to do and how to work together to complete the exercise. What simulation should they perform? A. Checklist B. Walk-through C. Tabletop exercise D. Active failover C. Tabletop exercise Which type of exercise is used to identify a specific objective and determine whether all parties involved in the response know what to do and how to work together to complete the exercise? A. Walk-through B. Checklist C. Tabletop exercise D. Active failover C. Tabletop exercise What does a checklist test require, involving the distribution of the BCDR plan to all the departments, teams, and other participants included in the plan? A. Tabletop exercise B. Active failover C. Walk-through D. Checklist D. Checklist Which method involves all groups included in the BCDR plan identifying a representative to participate in a meeting to review the plans? Cybersecurity Cybersecurity A. Active failover B. Walk-through C. Checklist D. Tabletop exercise B. Walk-through Which of the following is not a simulation but would be an option for actually performing an active failover to test disaster recovery capabilities? A. Checklist B. Tabletop exercise C. Active failover D. Walk-through C. Active failover A security engineer is performing a business impact assessment (BIA) for an organization. Where should the security engineer begin? A. Preventative measures B. Inventory C. Contingency strategies D. Patching B. Inventory What is the first step in the development of a Business Impact Assessment (BIA), similar to critical security controls? A. Patching B. Contingency strategies C. Inventory D. Preventative measures C. Inventory Which step in business continuity planning involves identifying the systems and assets that exist before any preventative measures can be established? A. Preventative measures B. Inventory C. Contingency strategies D. Patching B. Inventory At which stage of business continuity planning should a security engineer identify preventative measures, ensuring that these measures are applied to known systems? A. Contingency strategies B. Patching C. Inventory D. Preventative measures D. Preventative measures Cybersecurity Cybersecurity Which step in business continuity planning involves developing fallback options if planned strategies fail, and requires an accurate inventory to be effective? A. Preventative measures B. Contingency strategies C. Inventory D. Patching B. Contingency strategies While patching may help prevent catastrophic events, why is it not considered part of the Business Impact Analysis (BIA)? A. Because it is the first step in business continuity planning B. Because it is focused on inventory management C. Because it addresses system vulnerabilities, not the impact analysis D. Because it is the final step in the BIA process C. Because it addresses system vulnerabilities, not the impact analysis A security consultant works for a U.S.-based company and sets up a data recovery site in Germany. The security consultant is beginning the first verification of a data center failover scenario. What are some common issues the consultant might expect to encounter? (Select all that apply.) 1. Recovery failure 2. Conflicting laws 3. Data loss 4. Software not working A) 1, 2, 3 B) 1, 2, 3 C) 1, 3, 4 D) 2, 3, 4 C) 1, 3, 4 What is a common issue that may occur during a data recovery failover due to syncing issues or corrupt disks at the recovery site? A. Conflicting laws B. Software not working C. Recovery failure D. Data loss C. Recovery failure Which issue can arise during a failover if the health status of disaster recovery (DR) devices is not properly monitored? A. Conflicting laws B. Software not working C. Data loss D. Recovery failure Cybersecurity Cybersecurity C. Data loss What could cause software not to work when brought up from recovery during a data center failover? A. Recovery failure B. Software configurations may need changes for the DR environment C. Conflicting laws D. Data loss B. Software configurations may need changes for the DR environment Why is it unlikely for conflicting laws to be an issue during the first verification of a data center failover? A. Because laws only apply after a full failover B. Because conflicting laws should have been vetted when choosing the recovery site C. Because data recovery doesn't involve legal issues D. Because software licenses are globally applicable B. Because conflicting laws should have been vetted when choosing the recovery site A cloud engineer is setting up controls between VPCs. Which of the following should the engineer use? A. NAC lists B. VNET C. Screened subnet D. Jump box A. NAC lists In a cloud environment, which control mechanism is used to regulate both inbound and outbound traffic between virtual private clouds (VPCs)? A. Screened subnet B. Jump box C. NAC lists D. VNET C. NAC lists Which of the following is used to create cloud resources within private networks, similar to traditional data centers? A. VNET B. NAC lists C. Screened subnet D. Jump box A. VNET Which network architecture places two firewalls on either side of a demilitarized zone (DMZ) to control traffic between public networks and protected internal networks? A. VNET B. NAC lists Cybersecurity Cybersecurity C. Screened subnet D. Jump box C. Screened subnet Which of the following is a hardened and closely monitored system used for performing administrative tasks or accessing servers in a protected environment? A. NAC lists B. VNET C. Screened subnet D. Jump box D. Jump box Which method is typically used to filter and manage traffic flow between different VPCs in a cloud environment? A. Jump box B. NAC lists C. Screened subnet D. VNET B. NAC lists What allows for the creation of cloud resources within private networks that parallel the functionality of creating resources in a traditional, privately operated data center? A. VNET B. NAC lists C. Screened subnet D. Jump box A. VNET Which type of network architecture uses two firewalls placed on either side of a demilitarized zone (DMZ), with the edge firewall restricting traffic on the external/public interface and allowing permitted traffic to hosts in the DMZ? A. VNET B. NAC lists C. Screened subnet D. Jump box C. Screened subnet Which mechanism is specifically designed to control traffic between virtual private clouds (VPCs) in a cloud environment? A. NAC lists B. Screened subnet C. VNET D. Jump box A. NAC lists A network administrator is trying to set up network security so that only trusted devices have network access. What solution should the administrator set up? Cybersecurity Cybersecurity A. VPN B. DNSSEC C. NGFW D. NAC D. NAC Which of the following allows for the creation of policies to evaluate connected devices and determine whether they should be granted access to a network? A. VPN B. DNSSEC C. NGFW D. NAC D. NAC What is primarily used to enable remote connectivity for people working from home or to connect branch locations to the enterprise network? A. NAC B. DNSSEC C. VPN D. NGFW C. VPN Which technology helps mitigate DNS spoofing and poisoning attacks by providing a validation process for DNS responses? A. VPN B. DNSSEC C. NGFW D. NAC B. DNSSEC Which solution can inspect higher-level protocols, such as HTTP, to provide more granular protection against malicious traffic? A. NGFW B. NAC C. DNSSEC D. VPN A. NGFW In which scenario would you use Network Access Control (NAC)? A. To secure traffic between remote users and the corporate network. B. To validate DNS responses against spoofing attacks. C. To evaluate devices trying to access the network and apply policies based on their status. D. To provide connectivity between branch locations. Cybersecurity Cybersecurity C. To evaluate devices trying to access the network and apply policies based on their status. A security consultant is reviewing various aspects of security surrounding live virtual machine vulnerabilities on a Type 1 hypervisor. Which of the following should the security consultant cover? (Select all that apply.) 1. VM escape 2. Privilege escalation 3. Live VM migration 4. Data remnants A) 1, 2, 3 B) 1, 2, 4 C) 2, 3, 4 D) 1, 3, 4 A) 1, 2, 3 Which of the following attacks could allow an attacker to gain control of all virtual machines running on the host hardware in a virtualized environment? A. Data remnants B. Privilege escalation C. Live VM migration D. VM escape D. VM escape In a virtualized environment, what is the risk if an attacker successfully gains elevated privileges? A. They could access the host machine and act as an administrator. B. They could migrate VMs without proper deprovisioning. C. They could leave data remnants behind. D. They could create a new hypervisor instance. A. They could access the host machine and act as an administrator. What is a potential risk associated with live virtual machine migration if proper authentication and integrity protocols are not in place? A. Privilege escalation B. Data remnants C. The attacker can migrate VMs to their own machine or a victim machine. D. VM escape C. The attacker can migrate VMs to their own machine or a victim machine. During which process are data remnants most likely to become a concern in a virtualized environment? A. VM escape B. Privilege escalation Cybersecurity Cybersecurity C. Live VM migration D. Deprovisioning D. Deprovisioning Which type of attack is considered highly severe due to its potential to compromise the entire virtualized environment? A. Live VM migration B. Data remnants C. Privilege escalation D. VM escape D. VM escape A cloud engineer is setting up a zero trust architecture in the company's cloud environment but is looking for a standard to base the design on. Which of the following should the engineer use? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. NIST 800-207 D. NIST 800-207 Which NIST publication provides guidance specifically for implementing a Zero Trust Architecture (ZTA)? A. NIST 800-53(Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. NIST 800-207 D. NIST 800-207 Which NIST document should a cloud engineer reference when setting up a zero trust architecture in a cloud environment? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. NIST 800-207 D. NIST 800-207 What is the focus of NIST Special Publication 800-207? A. Incident response guidelines B. Zero Trust Architecture (ZTA) implementation C. Security and privacy controls for federal information systems D. Security awareness training programs B. Zero Trust Architecture (ZTA) implementation Which NIST document addresses security and privacy controls for federal information systems but is not specifically focused on Zero Trust Architecture? Cybersecurity Cybersecurity A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. NIST 800-207 A. NIST 800-53 (Security and Privacy Controls for Information Systems) If a cloud engineer is setting up a Zero Trust Architecture, which NIST document should they avoid as it is focused on incident response? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-207 D. NIST 800-84 B. NIST 800-61 (Computer Security Incident Handling Guide) Which NIST publication is the standard for Zero Trust Architecture, focusing on security based on resources like users, services, and workflows instead of network boundaries? A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-84 D. NIST 800-207 D. NIST 800-207 Which NIST publication outlines the necessary controls for audits of information systems used for certification? A. NIST 800-207 B. NIST 800-53 (Security and Privacy Controls for Information Systems) C. NIST 800-61 (Computer Security Incident Handling Guide) D. NIST 800-84 B. NIST 800-53 (Security and Privacy Controls for Information Systems) What is the focus of NIST SP 800-61? A. Zero Trust Architecture B. Information system audits C. Computer security incident handling D. Test, training, and exercise programs for IT plans C. Computer security incident handling Which NIST publication includes a guide to test, training, and exercise programs for IT plans, along with an after-action report template? A. NIST 800-84 B. NIST 800-61 (Computer Security Incident Handling Guide) C. NIST 800-53 (Security and Privacy Controls for Information Systems) D. NIST 800-207 A. NIST 800-84 Which NIST document is specifically designed to help identify the groups necessary for responding to a security incident? Cybersecurity Cybersecurity A. NIST 800-53 (Security and Privacy Controls for Information Systems) B. NIST 800-207 C. NIST 800-84 D. NIST 800-61 (Computer Security Incident Handling Guide) D. NIST 800-61 (Computer Security Incident Handling Guide) A security architect is setting up their demilitarized zone to place one firewall on each side. What is this type of configuration called? A. Staging environment B. ACLs C. Screened subnet D. Peer-to-peer C. Screened subnet What is the name of the configuration that uses two firewalls placed on either side of the demilitarized zone (DMZ), with the edge firewall restricting traffic on the external/public interface? A. Staging environment B. Screened subnet C. Peer-to-peer D. ACLs B. Screened subnet Which environment is a mirror of the production environment used to test changes to infrastructure, software, and data? A. Screened subnet B. Staging environment C. ACLs D. Peer-to-peer B. Staging environment Which of the following defines how objects can interact with each other within a network? A. ACLs B. Screened subnet C. Peer-to-peer D. Staging environment A. ACLs In what type of network do nodes self-organize to provide services typically associated with client-server networks? A. ACLs B. Peer-to-peer C. Screened subnet D. Staging environment Cybersecurity Cybersecurity B. Peer-to-peer Which configuration is typically used to secure a demilitarized zone (DMZ) by placing firewalls on both the external and internal sides? A. Peer-to-peer B. ACLs C. Screened subnet D. Staging environment C. Screened subnet A security analyst is attempting to create efficiencies by automating certain tasks defined in the security playbook. Which automation tool would help the analyst accomplish this? A. SOAR (Security orchestration, automation, and response) B. Bootstrapping C. Autoscaling D. VDI A. SOAR (Security orchestration, automation, and response) Which tool automates routine tasks typically performed by security personnel in response to a security incident? A. Autoscaling B. SOAR (Security orchestration, automation, and response) C. Bootstrapping D. VDI (Virtual desktop infrastructure) B. SOAR (Security orchestration, automation, and response) What describes the set of automated tasks performed as part of deploying an instance, typically related to system administration? A. SOAR (Security orchestration, automation, and response) B. Bootstrapping C. VDI (Virtual desktop infrastructure) D. Autoscaling B. Bootstrapping Which tool allows for applying policies that define minimum and maximum capacity for scaling resources? A. Bootstrapping B. VDI (Virtual desktop infrastructure) C. Autoscaling D. SOAR (Security orchestration, automation, and response) C. Autoscaling What uses desktop virtualization to separate the personal computing environment from the user's physical machine? A. VDI (Virtual desktop infrastructure) Cybersecurity Cybersecurity B. SOAR (Security orchestration, automation, and response) C. Autoscaling D. Bootstrapping A. VDI (Virtual desktop infrastructure) Which solution is specifically designed to automate security incident responses, helping reduce the workload on security personnel? A. SOAR (Security orchestration, automation, and response) B. Bootstrapping C. VDI (Virtual desktop infrastructure) D. Autoscaling A. SOAR (Security orchestration, automation, and response) A security engineer is setting up a security solution that can enforce mandatory access controls between two connected sites. Which of the following should the engineer implement? A. Directory services B. IdP (identity provider) C. CDS (Cross Domain Solutions) D. Nackles (NAC Lists) C. CDS (Cross Domain Solutions) Which of the following operates as a guardian between two connected sites, enforcing mandatory access controls and interpreting data sensitivity levels? A. IdP (identity provider) B. Directory services C. NAC lists (Nackles) D. CDS (Cross Domain Solutions) D. CDS (Cross Domain Solutions) What provides privilege management and authorization by storing information about users, computers, security groups/roles, and services on an enterprise network? A. Directory services B. NAC lists (Nackles) C. CDS (Cross Domain Solutions) D. IdP (identity provider) A. Directory services Which service allows users to access various service providers (SPs) by authenticating the user and granting a token for access? A. CDS (Cross Domain Solutions) B. NAC lists (Nackles) C. Directory services D. IdP (identity provider) D. IdP (identity provider) Cybersecurity Cybersecurity In a cloud environment, what controls inbound and outbound traffic between networks, particularly between virtual private clouds (VPCs)? A. CDS (Cross Domain Solutions) B. NAC lists (Nackles) C. Directory services D. IdP (identity provider) B. NAC lists (Nackles) Which solution is typically associated with military establishments and enforces mandatory access controls between connected sites? A. IdP (identity provider) B. Directory services C. NAC lists (Nackles) D. CDS (Cross Domain Solutions) D. CDS (Cross Domain Solutions) A cloud architect is analyzing the benefits of a Content Delivery Network (CDN) to assess the potential value to their organization. Which of the following are benefits of a CDN? (Select all that apply.) 1. Horizontal scalability 2. Vertical scalability 3. DDoS protection 4. Improved customer experience A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 C) 1, 3, 4 Which of the following is a benefit of a Content Delivery Network (CDN) by adding servers to help process the same workload? A. Vertical scalability B. Horizontal scalability C. Improved website security D. Vertical redundancy B. Horizontal scalability How does a CDN help improve security in a cloud environment? A. By increasing vertical scalability B. By improving redundancy C. By providing DDoS protection D. By adding more memory to a server C. By providing DDoS protection Cybersecurity Cybersecurity Which of the following is NOT an example of a benefit provided by a CDN? A. Vertical scalability B. Improved customer experience C. DDoS protection D. Horizontal scalability A. Vertical scalability What is one of the primary ways a CDN improves the customer experience? A. By adding memory to existing servers B. By reducing costs and scaling vertically C. By improving website load times D. By implementing vertical scaling to add additional storage C. By improving website load times What type of scalability does a CDN represent, where additional servers are added to help handle the same workload? A. Vertical scalability B. Redundant scaling C. Horizontal scalability D. Cloud scaling C. Horizontal scalability A young technician is in charge of the security awareness program for an organization and begins looking at common attack vectors. Which tools are best suited to help defend against social engineering attacks? A. Firewall B. Email Security C. Web Application Firewall D. DDoS Protection B. Email Security Which tool is most effective in defending against social engineering attacks, especially since attackers use it to directly access staff and employees? A. Web Application Firewall B. Firewall C. Email Security D. DDoS Protection C. Email Security Which security tool provides a foundational level of protection for a network by blocking or allowing traffic based on pre-configured rules? A. Email Security B. Web Application Firewall C. Firewall D. DDoS Protection Cybersecurity Cybersecurity C. Firewall Which type of firewall can identify and filter out malicious traffic using sophisticated rules, specifically for web-based attacks? A. DDoS Protection B. Web Application Firewall C. Firewall D. Email Security B. Web Application Firewall What type of attack aims to overwhelm a target with traffic, disrupting normal traffic flow to a server or service? A. Social Engineering B. DDoS C. Email Phishing D. Web Exploits B. DDoS Which type of security tool would be least effective at preventing social engineering attacks but is crucial for defending against web-based attacks? A. Email Security B. Web Application Firewall C. DDoS Protection D. Firewall B. Web Application Firewall A solutions architect is designing a security architecture for a nuclear power plant facility. Which of the following would be the best design? A. Jump box B. Guest environment C. Peer-to-peer D. Air gap D. Air gap Which security design provides an empty area surrounding a high-value asset, disconnecting it from any network and making it easier to detect unauthorized attempts? A. Peer-to-peer B. Jump box C. Guest environment D. Air gap D. Air gap What type of system is highly hardened, closely monitored, and typically used to perform administrative tasks or access servers in a secured environment? A. Guest environment B. Air gap Cybersecurity Cybersecurity C. Jump box D. Peer-to-peer C. Jump box Which type of environment is designed to be used by visitors, such as the public or vendors? A. Guest environment B. Peer-to-peer C. Air gap D. Jump box A. Guest environment Which of the following refers to a decentralized network where participating nodes self organize to provide services typically found in client-server networks? A. Guest environment B. Peer-to-peer C. Jump box D. Air gap B. Peer-to-peer Which security design would be most appropriate for protecting a high-value asset in a sensitive facility, such as a nuclear power plant, by isolating it from any network? A. Peer-to-peer B. Jump box C. Air gap D. Guest environment C. Air gap A security architect is designing a strategy to help continue operating in the face of a cyber-attack. Which of the following will help to accomplish this objective? (Select all that apply.) 1. Heterogeneity 2. Clustering 3. COA development 4. Migrating to the cloud A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 A) 1, 2, 3 Which strategy involves using diverse, non-similar components to create a barrier that complicates an adversary's attempts to infiltrate before detection? A. Clustering B. COA development Cybersecurity Cybersecurity C. Heterogeneity D. Migrating to the cloud C. Heterogeneity Which approach involves multiple redundant processing nodes that share data and accept connections to provide redundancy in case of failure? A. COA development B. Heterogeneity C. Clustering D. Migrating to the cloud C. Clustering What part of a resilience strategy involves preparing specific responses to potential events, ensuring the organization is ready to act when necessary? A. Clustering B. Heterogeneity C. COA development D. Migrating to the cloud C. COA development Which option, while often seen as a modern solution, does not by itself ensure security without a proper defense-in-depth strategy? A. Heterogeneity B. Clustering C. COA development D. Migrating to the cloud D. Migrating to the cloud Which concept creates a blend of complexity through diversity, slowing down an attacker's progress and granting more time for detection? A. COA development B. Clustering C. Heterogeneity D. Migrating to the cloud C. Heterogeneity A website administrator is setting up a cluster of web servers and wants to ensure that if one server goes down, the system in place will route the traffic through the others. Which network appliance should the administrator use? A. Firewall B. Load balancer C. Router D. NAT gateway B. Load balancer Which network appliance is used to provide fault tolerance by re-directing traffic when one server in a group becomes inoperable? Cybersecurity Cybersecurity A. NAT gateway B. Firewall C. Router D. Load balancer D. Load balancer Which device provides foundational protection for a network by blocking or allowing traffic based on pre-configured rules? A. Firewall B. Router C. Load balancer D. NAT gateway A. Firewall Which device forwards traffic between subnets by inspecting IP addresses and operates at layer 3 of the OSI model? A. Firewall B. Load balancer C. Router D. NAT gateway C. Router What allows connectivity between private subnets, or Virtual Private Clouds (VPC), and the Internet? A. Router B. Load balancer C. NAT gateway D. Firewall C. NAT gateway Which network device would you use to ensure that traffic continues to flow to a functional web server when another server in a cluster goes down? A. Router B. Load balancer C. Firewall D. NAT gateway B. Load balancer A Linux administrator is configuring ModSecurity for Apache servers. Which type of attacks should the administrator set rule configurations? (Select all that apply.) 1. File inclusion 2. Geoblocking 3. Directory traversal 4. Cleartext protocols Cybersecurity Cybersecurity A) 1, 2 B) 1, 3 C) 1, 4 D) 2, 4 B) 1, 3 What type of web application firewall is commonly used with Apache servers to help defend against application layer attacks? A. NAT gateway B. ModSecurity C. Geoblocking D. Traditional firewall B. ModSecurity Which of the following is an application layer attack that ModSecurity can help protect against? A. Geoblocking B. File inclusion C. Cleartext protocols D. NAT traversal B. File inclusion Which type of attack involves accessing directories outside of the web root and can be mitigated by a web application firewall like ModSecurity? A. Directory traversal B. Geoblocking C. Cleartext protocols D. Protocol spoofing A. Directory traversal Which of the following is NOT typically defended against by ModSecurity as it is a network layer defense? A. Directory traversal B. File inclusion C. Geoblocking D. Application spoofing C. Geoblocking What layer of the OSI model do web application firewalls like ModSecurity focus on when defending against attacks? A. Application layer B. Network layer C. Transport layer D. Data link layer A. Application layer Cybersecurity Cybersecurity A systems administrator has been running a data center full of physical servers for a small company but is worried about ensuring operations. The administrator begins assessing various Type 1 hypervisors for future migration. What are some major Type 1 hypervisors the sysadmin can evaluate for future migration? (Select all that apply.) 1. ESXi 2. Hyper-V 3. Windows Server 4. XEN A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 B) 1, 2, 4 Which of the following is a popular bare metal Type 1 hypervisor that allows multiple operating systems to run simultaneously on a single computer? A. Windows Server B. XEN C. ESXi D. Hyper-V C. ESXi What is Microsoft's solution for a Type 1 hypervisor that allows a systems administrator to perform a physical to virtual migration? A. Windows Server B. Hyper-V C. ESXi D. XEN B. Hyper-V Which Type 1 hypervisor is provided by Citrix and requires the hardware to support both the hypervisor and the guest operating systems? A. ESXi B. XEN C. Hyper-V D. Windows Server B. XEN Which of the following is NOT a Type 1 hypervisor but instead an operating system that includes the option to install Microsoft's Type 1 hypervisor? A. XEN B. Hyper-V C. ESXi D. Windows Server Cybersecurity Cybersecurity D. Windows Server Which Type 1 hypervisor would you choose if you're looking for a bare metal solution from VMware that supports multiple virtual machines running on a single physical machine? A. Hyper-V B. Windows Server C. XEN D. ESXi D. ESXi An administrator creates a SPAN port that feeds traffic to a security tool. The security tool monitors suspicious network traffic and does not block traffic. What type of tool is used? A. NIPS (network intrusion prevention system) B. NIDS (network intrusion detection system) C. FIM (File Integrity Monitoring) D. DLP (Data Loss Prevention) B. NIDS (network intrusion detection system) Which security tool monitors network traffic from a SPAN (switched port analyzer) port but does not block traffic, instead analyzing it for suspicious activity? A. NIPS (network intrusion prevention system) B. FIM (File Integrity Monitoring) C. NIDS (network intrusion detection system) D. DLP (Data Loss Prevention) C. NIDS (network intrusion detection system) What type of security tool actively blocks malicious traffic and must be placed inline with network traffic to be effective? A. DLP (Data Loss Prevention) B. NIPS (network intrusion prevention system) C. FIM (File Integrity Monitoring) D. NIDS (network intrusion detection system) B. NIPS (network intrusion prevention system) Which tool evaluates operating system files, such as the Windows registry, to identify any unauthorized changes? A. NIDS (network intrusion detection system) B. FIM (File Integrity Monitoring) C. NIPS (network intrusion prevention system) D. DLP (Data Loss Prevention) B. FIM (File Integrity Monitoring) Which software solution is designed to detect and prevent sensitive information from being used, transmitted, or stored inappropriately? Cybersecurity Cybersecurity A. NIPS (network intrusion prevention system) B. FIM (File Integrity Monitoring) C. DLP (Data Loss Prevention) D. NIDS (network intrusion detection system) C. DLP (Data Loss Prevention) What is the key difference between a NIDS (network intrusion detection system)and a NIPS (network intrusion prevention system)? A. NIDS is a monitoring tool, while NIPS can actively block traffic. B. NIPS monitors traffic through a SPAN port, while NIDS blocks traffic. C. NIDS focuses on data loss prevention, while NIPS focuses on file integrity monitoring. D. NIDS operates at the application layer, while NIPS operates at the transport layer. A. NIDS is a monitoring tool, while NIPS can actively block traffic. A security code reviewer is setting up an environment for an organization that can analyze third-party libraries. Which type of environment should the reviewer set up? A. Development B. QA (Quality Assurance) C. Production D. Sandbox D. Sandbox Which type of environment is ideal for testing unknown third-party code and is also referred to as a malware analysis server? A. Development B. QA (Quality Assurance) C. Sandbox D. Production C. Sandbox Which environment is typically used in the early stages of testing, allowing developers to perform broad testing and proof of concept evaluations? A. Production B. QA (Quality Assurance) C. Sandbox D. Development D. Development Which environment should mirror the production environment to ensure the highest levels of compatibility for testing purposes? A. QA (Quality Assurance) B. Sandbox C. Development D. Production A. QA (Quality Assurance) Cybersecurity Cybersecurity What is the live environment used by staff, employees, customers, and other stakeholders on a day-to-day basis? A. Sandbox B. QA (Quality Assurance) C. Development D. Production D. Production Which environment would a security code reviewer set up to safely analyze third-party libraries and code without risking the main systems? A. QA (Quality Assurance) B. Development C. Sandbox D. Production C. Sandbox A systems administrator is working with a developer to upgrade to the latest version of Java, but first, the sysadmin wants to see whether changes in code have caused previously existing functionality to fail. What is this called? A. Unit test B. Regression test C. Integration test D. Solution design B. Regression test What type of test is designed to check whether changes in code have caused previously existing functionality to fail? A. Unit test B. Regression test C. Integration test D. Solution design B. Regression test Which test ensures that a particular block of code performs the exact action intended and provides the exact output expected? A. Regression test B. Integration test C. Unit test D. Solution design C. Unit test What type of test is performed to ensure that individual components of a system interact correctly when tested together? A. Unit test B. Regression test Cybersecurity Cybersecurity C. Integration test D. Solution design C. Integration test Which phase of the software development life cycle incorporates secure coding patterns and best practice guidance from organizations like OWASP? A. Regression test B. Unit test C. Integration test D. Solution design D. Solution design When a developer writes a simple "pass/no pass" test for code, what type of test is being performed? A. Regression test B. Integration test C. Unit test D. Solution design C. Unit test A systems engineer is working in conjunction with security and has set up a data loss prevention solution. The engineer wants to set a remediation action that will quarantine and replace files with a file describing the policy violation and how the user can release it. What should the systems engineer choose? A. Alert B. Block C. Quarantine D. Tombstone D. Tombstone Which remediation action quarantines the original file and replaces it with a file describing the policy violation and how the user can release it? A. Alert B. Block C. Quarantine D. Tombstone D. Tombstone What does the alert mode do in a data loss prevention solution? A. Quarantines the file and replaces it with a policy violation notice B. Allows copying but records an incident and may alert an administrator C. Prevents copying of the file but allows continued access D. Encrypts the file or moves it to a quarantine area B. Allows copying but records an incident and may alert an administrator Which remediation action prevents the user from copying a file but still allows them access to it, logging the violation? Cybersecurity Cybersecurity A. Quarantine B. Block C. Tombstone D. Alert B. Block What happens to a file when it is quarantined in a data loss prevention system? A. The file is deleted permanently B. The file is replaced with a policy violation notice C. The user is denied access to the original file, which may be encrypted or moved D. The user can copy the file, but an incident is logged C. The user is denied access to the original file, which may be encrypted or moved Which action replaces the original file with a notice that describes the policy violation and how it can be released? A. Quarantine B. Tombstone C. Alert D. Block B. Tombstone A penetration tester is attempting to target core mechanisms that enable integration and orchestration of the entire information systems and technology landscape. Which of the following should the pen tester pursue? A. Containers B. APIs (Application Programming Interfaces) C. SOAR (Security orchestration, automation, and response) D. IdP (identity provider) B. APIs (Application Programming Interfaces) Which of the following provides the core mechanisms that enable integration and orchestration of the entire information systems and technology landscape? A. Containers B. APIs (Application Programming Interfaces) C. SOAR (Security orchestration, automation, and response) D. IdP (identity provider) B. APIs (Application Programming Interfaces) What technology enables applications to run virtual instances independently from the traditional hypervisor virtual machine approach? A. SOAR (Security orchestration, automation, and response) B. Containers C. APIs (Application Programming Interfaces) D. IdP (identity provider) B. Containers Cybersecurity Cybersecurity Which solution automates routine security tasks and responses to security incidents? A. APIs (Application Programming Interfaces) B. IdP (identity provider) C. SOAR (Security orchestration, automation, and response) D. Containers C. SOAR (Security orchestration, automation, and response) What system allows users to authenticate and gain access to various service providers by issuing a token? A. Containers B. APIs (Application Programming Interfaces) C. SOAR (Security orchestration, automation, and response) D. IdP (identity provider) D. IdP (identity provider) APIs play a major role in interacting with which technology that allows applications to run independently in virtual instances? A. SOAR (Security orchestration, automation, and response) B. IdP (identity provider) C. Containers D. Traditional VMs C. Containers A software development manager wants to integrate a development model for a company that will allow them to release small blocks of well-tested code to bring functionality to the business as soon as possible. What is this method called? A. Spiral B. Waterfall C. SecDevOps D. Agile D. Agile Which development model uses iterative processes to release well-tested code in smaller blocks, with development and provisioning tasks conceived as continuous? A. Spiral B. Agile C. Waterfall D. SecDevOps B. Agile Which method combines approaches like incremental and waterfall into a hybrid model for software development? A. Agile B. Waterfall Cybersecurity Cybersecurity C. SecDevOps D. Spiral D. Spiral Which method involves a series of phases where each phase starts only when all tasks from the previous phase are completed, creating a cascading effect? A. Waterfall B. Agile C. Spiral D. SecDevOps A. Waterfall Which of the following places security at the forefront of development efforts but is not considered a software development method itself? A. Agile B. SecDevOps C. Spiral D. Waterfall B. SecDevOps Which development method focuses on releasing small, well-tested code blocks as quickly as possible to bring functionality to the business? A. Spiral B. SecDevOps C. Agile D. Waterfall C. Agile A vulnerability manager is onboarding developers to the vulnerability management program and wants to focus on integrating security from the very beginning. What is the first step of the software development lifecycle the manager should integrate? A. Requirements gathering B. Solution design C. Test formulation D. Code testing A. Requirements gathering What is the first step of the software development life cycle (SDLC) that identifies policy, standard, and regulatory requirements governing how software operates? A. Solution design B. Code testing C. Requirements gathering D. Test formulation C. Requirements gathering Which step in the SDLC incorporates secure coding patterns and best practices, such as those from the Open Web Application Security Project (OWASP)? Cybersecurity Cybersecurity A. Test formulation B. Requirements gathering C. Code testing D. Solution design D. Solution design During which SDLC phase are Static Code Analysis tools, linters, and automated unit tests used to identify vulnerabilities while writing code? A. Code testing B. Solution design C. Test formulation D. Requirements gathering C. Test formulation What phase of the SDLC uses Dynamic Code Analysis tools to evaluate application security and test for known vulnerabilities? A. Requirements gathering B. Solution design C. Code testing D. Test formulation C. Code testing At what point in the SDLC should security policies, standards, and regulatory requirements be identified to ensure compliance? A. Test formulation B. Requirements gathering C. Solution design D. Code testing B. Requirements gathering A digital manga artist is meeting with a security professional to control how consumers use digital content after it is published. Which solution should the security professional recommend? A. Watermarking B. Data Loss Detection C. DRM (Digital rights management) D. DLP (Data loss prevention) C. DRM (Digital rights management) Which solution controls how consumers use digital content after it is published? A. Watermarking B. Data Loss Detection C. DRM (Digital rights management) D. DLP (Data loss prevention) C. DRM (Digital rights management) Cybersecurity Cybersecurity What method clearly identifies the classification, use, and licensing terms of digital content but does not control how consumers use the data? A. Watermarking B. DRM (Digital rights management) C. Data Loss Detection D. DLP A. Watermarking Which security solution aims to prevent data loss and protect data from unauthorized disclosure, while also trying to identify if and when data loss occurs? A. DLP (Data loss prevention) B. Watermarking C. DRM (Digital rights management) D. Data Loss Detection D. Data Loss Detection What type of product automates the discovery and classification of data types and enforces rules to ensure that data is not viewed or transferred without proper authorization? A. DRM (Digital rights management) B. DLP (Data loss prevention) C. Data Loss Detection D. Watermarking B. DLP (Data loss prevention) Which solution is designed to ensure that digital content is only accessed or used in specific, authorized ways by consumers? A. DRM (Digital rights management) B. Data Loss Detection C. Watermarking D. DLP (Data loss prevention) A. DRM (Digital rights management) A security architect is setting up various security mechanisms for a retail company that handles a considerable amount of credit card processing. What industry-standard data masking technique should the security architect recommend? A. Scrubbing B. Tokenization C. Anonymization D. Integrity management B. Tokenization Which industry-standard data masking technique is recommended for credit card processing, where a token represents sensitive data records such as a credit card number? Cybersecurity Cybersecurity A. Scrubbing B. Tokenization C. Anonymization D. Integrity management B. Tokenization What data integrity control mechanism is used to locate invalid, obsolete, redundant, or outdated data from a database or data warehouse? A. Tokenization B. Scrubbing C. Anonymization D. Integrity management B. Scrubbing Which method involves removing information that can uniquely identify an individual from data so that it can be shared without violating privacy laws and regulations? A. Tokenization B. Scrubbing C. Anonymization D. Integrity management C. Anonymization What does data integrity management focus on ensuring? A. Data is anonymized to protect privacy B. Data is in the proper state and accurate C. Data is represented by tokens for security D. Data is scrubbed of obsolete or invalid records B. Data is in the proper state and accurate Which technique is used to secure sensitive information, such as credit card numbers, by replacing the data with a non-sensitive token? A. Scrubbing B. Tokenization C. Anonymization D. Integrity management B. Tokenization A security architect for a university wants to set up a federation method commonplace in their industry. Which of the following is routinely known for being used by universities? A. Shibboleth B. Transitive trust C. OpenID D. SAML (Security Assertion Markup Language) A. Shibboleth Which federated identity method, based on SAML, is commonly used by universities and public service organizations? Cybersecurity Cybersecurity A. OpenID B. Shibboleth C. Transitive trust D. SAML (Security Assertion Markup Language) B. Shibboleth What describes a relationship where if resource A trusts resource B, and resource B trusts resource C, then resource A automatically trusts resource C? A. SAML (Security Assertion Markup Language) B. Shibboleth C. Transitive trust D. OpenID C. Transitive trust Which method allows users to authenticate with certain websites using a single account, enabling them to retain a single login for all participating sites? A. OpenID B. Shibboleth C. Transitive trust D. SAML (Security Assertion Markup Language) A. OpenID What solution implements user identity assertions and transmits attestations between the principal, the relying party, and the identity provider? A. Transitive trust B. OpenID C. Shibboleth D. SAML (Security Assertion Markup Language) D. SAML (Security Assertion Markup Language) A developer is looking for a solution that will help to detect flaws, bugs, errors, and defects in applications running in production environments. What is this method called? A. Continuous integration B. Continuous delivery C. Continuous deployment D. Continuous monitoring D. Continuous monitoring Which process detects flaws, bugs, errors, and defects in applications running in production environments? A. Continuous integration B. Continuous delivery C. Continuous deployment D. Continuous monitoring D. Continuous monitoring Cybersecurity Cybersecurity What principle encourages developers to commit and test updates frequently, sometimes multiple times a day? A. Continuous delivery B. Continuous integration C. Continuous monitoring D. Continuous deployment B. Continuous integration Which method focuses on testing all the infrastructure that supports the application, including networking, database functionality, and security? A. Continuous delivery B. Continuous monitoring C. Continuous integration D. Continuous deployment A. Continuous delivery What process involves making changes to the production environment using configuration management platforms to support newly updated applications? A. Continuous integration B. Continuous monitoring C. Continuous deployment D. Continuous delivery C. Continuous deployment Which continuous process is often associated with detecting security vulnerabilities, but can also be used by developers to find issues while generating new code? A. Continuous monitoring B. Continuous integration C. Continuous deployment D. Continuous delivery A. Continuous monitoring A storage administrator is evaluating various components of the data life cycle to refine processes and enhance security. What are the first three steps of the data life cycle? (Select all that apply.) 1. Create 2. Store 3. Archive 4. Use A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 B) 1, 2, 4 Cybersecurity Cybersecurity What is the first step of the data life cycle, involving the creation of files, manual data entry, data interfaces, and more? A. Use B. Store C. Create D. Archive C. Create Which step in the data life cycle involves defining the locations used to house data, such as databases and file systems, and implementing mechanisms for data protection? A. Store B. Create C. Use D. Archive A. Store What is the third step of the data life cycle that describes how data supports operational needs and objectives? A. Create B. Archive C. Use D. Store C. Use Which step is not part of the first three steps of the data life cycle but occurs later when data is no longer used regularly and is stored to reduce costs and complexity? A. Archive B. Use C. Create D. Store A. Archive Which of the following steps directly supports operational needs by utilizing data? A. Store B. Use C. Create D. Archive B. Use A security manager is looking for a solution that contains software to monitor and report the day-to-day operations of an enterprise and the status of various resources and activities. Which of the following should the security manager consider? A. CMDB (configuration management database) B. CMS (content management system) Cybersecurity Cybersecurity C. ERP (enterprise resource planning) D. CRM (customer relationship management) C. ERP (enterprise resource planning) Which solution contains software that monitors daily operations of an enterprise and reports on the status of various resources and activities? A. CMS (Content Management System) B. CMDB (Configuration Management Database) C. ERP (Enterprise Resource Planning) D. CRM (Customer Relationship Management) C. ERP (Enterprise Resource Planning) What type of database contains information on assets and components within an enterprise's IT environment? A. ERP (Enterprise Resource Planning) B. CMDB (Configuration Management Database) C. CMS (Content Management System) D. CRM (Customer Relationship Management) B. CMDB (Configuration Management Database) Which system enables non-technical users to create, manage, and modify content on a website? A. CRM (Customer Relationship Management) B. CMDB (Configuration Management Database) C. ERP (Enterprise Resource Planning) D. CMS (Content Management System) D. CMS (Content Management System) What platform helps a company manage relationships with customers by providing data about those customers? A. CRM (Customer Relationship Management) B. ERP (Enterprise Resource Planning) C. CMS (Content Management System) D. CMDB (Configuration Management Database) A. CRM (Customer Relationship Management) Which solution provides day-to-day monitoring and reporting on various operational resources and activities within an enterprise? A. CMDB (Configuration Management Database) B. ERP (Enterprise Resource Planning) C. CRM (Customer Relationship Management) D. CMS (Content Management System) B. ERP (Enterprise Resource Planning) A security engineer is looking at various methods to use identity proofing. Which of the following are identity proofing methods? (Select all that apply.) Cybersecurity Cybersecurity 1. Diameter 2. 2FA (Two-Factor Authentication) 3. Out-of-band mechanisms 4. TOTP (Time-Based One-Time Password) A) 1, 2, 3 B) 1, 2, 4 C) 1, 3, 4 D) 2, 3, 4 D) 2, 3, 4 Which identity proofing method combines something a user knows, like a password, with an ownership-based smart card or biometric identifier? A. TOTP (Time-Based One-Time Password) B. Out-of-band mechanisms C. Diameter D. 2FA (Two-Factor Authentication) D. 2FA (Two-Factor Authentication) Which identity proofing method generates a software token on a server and sends it to a resource assumed to be safely controlled by the user? A. 2FA (Two-Factor Authentication) B. Out-of-band mechanisms C. TOTP (Time-Based One-Time Password) D. Diameter B. Out-of-band mechanisms What identity proofing method is a refinement of the Hashed Message Authentication Code One-Time Password (HOTP)? A. Diameter B. Out-of-band mechanisms C. TOTP (Time-Based One-Time Password) D. 2FA (Two-Factor Authentication) C. TOTP (Time-Based One-Time Password) Which protocol improves upon RADIUS (Remote Authentication Dial-in User Service) by addressing some of its weaknesses but is not commonly used as an identity proofing method? A. Diameter B. 2FA (Two-Factor Authentication) C. TOTP (Time-Based One-Time Password) D. Out-of-band mechanisms A. Diameter Which identity proofing method involves a combination of two factors, such as something a user knows and something a user has, for authentication? Cybersecurity Cybersecurity A. Diameter B. TOTP (Time-Based One-Time Password) C. Out-of-band mechanisms D. 2FA (Two-Factor Authentication) D. 2FA (Two-Factor Authentication) A security architect is setting up access control and needs the most fine-grained type of access control model. Which one should the security architect use? A. MAC (Mandatory Access Control) B. ABAC (Attribute-Based Access Control) C. DAC (Discretionary Access Control) D. RBAC (Role-Based Access Control) B. ABAC (Attribute-Based Access Control) Which access control model is the most fine-grained, making access decisions based on subject, object, and context-sensitive attributes? A. MAC (Mandatory Access Control) B. ABAC (Attribute-Based Access Control) C. DAC (Discretionary Access Control) D. RBAC (Role-Based Access Control) B. ABAC (Attribute-Based Access Control) Which access control model refers to security clearance levels and assigns labels to both objects and subjects to control access? A. ABAC (Attribute-Based Access Control) B. DAC (Discretionary Access Control) C. RBAC (Role-Based Access Control) D. MAC (Mandatory Access Control) D. MAC (Mandatory Access Control) Which access control model emphasizes the resource owner's ability to control access, where the owner is typically the creator of the file or service? A. MAC (Mandatory Access Control) B. ABAC (Attribute-Based Access Control) C. DAC (Discretionary Access Control) D. RBAC (Role-Based Access Control) C. DAC (Discretionary Access Control) What access control model is based on centralized control where organizational roles are defined, and subjects are assigned to those roles? A. ABAC (Attribute-Based Access Control) B. RBAC (Role-Based Access Control) C. DAC (Discretionary Access Control) D. MAC (Mandatory Access Control) B. RBAC (Role-Based Access Control) Cybersecurity Cybersecurity Which access control model allows for access decisions to be based on system-wide attributes as well as context-sensitive attributes? A. RBAC (Role-Based Access Control) B. DAC (Discretionary Access Control) C. MAC (Mandatory Access Control) D. ABAC (Attribute-Based Access Control) D. ABAC (Attribute-Based Access Control) A security architect is reviewi

Show more Read less
Institution
WGU D488 Cybersecurity Architecture
Course
WGU D488 Cybersecurity Architecture

Content preview

Cybersecurity




WGU D488 Cybersecurity Architecture
and Engineering Questions and Correct
Answers Exam 2026
What could cause Business Continuity and Disaster Recovery (BCDR) development
work to come to a halt, even if plans are in place?

A. Lack of leadership support for dedicating resources to testing activities
B. Incomplete system inventory
C. Unavailable staff resources
D. Inadequate metrics
A. Lack of leadership support for dedicating resources to testing activities
What must key strategic objectives and metrics development include to measure
operational success effectively?

A. Testing activities
B. Staff resources
C. Leadership support
D. Business Continuity and Disaster Recovery (BCDR) activities
D. Business Continuity and Disaster Recovery (BCDR) activities
A major retail company needs to set up alternate sites so that despite any unforeseen
circumstances, the business has as little impact on its operation as possible. Which of
the following would be the best setup?

A. Cold site
B. Warm site
C. Hot site
D. Mobile site
C. Hot site
Which type of alternate site provides close to real-time activation with little to no service
disruption but is the most expensive and complicated to implement?

A. Cold site
B. Warm site
C. Hot site
D. Mobile site
C. Hot site
What type of alternate site is simply a facility under the organization's control but lacks
pre-established information system capability?



Cybersecurity

,Cybersecurity


A. Warm site
B. Cold site
C. Hot site
D. Mobile site
B. Cold site
Which type of alternate site includes a scaled-down data center that can run critical
systems and software but is not as immediately operational as a hot site?

A. Cold site
B. Warm site
C. Hot site
D. Mobile site
B. Warm site
What type of alternate site can be described as a "data center in a box" and is
commonly used by the military?

A. Hot site
B. Warm site
C. Cold site
D. Mobile site
D. Mobile site
A military unit is going into a foreign country and setting up a small data center for their
operations but wants to have an alternate option that is flexible and versatile. Which of
the following options would best suit their needs?

A. Cold site
B. Warm site
C. Hot site
D. Mobile site
D. Mobile site
A disaster recovery planner needs to focus prioritization efforts around operational
impact. The disaster recovery planner should focus on which system?

A. Demilitarized Zone
B. External systems
C. Systems with critical vulnerabilities
D. Mission critical systems
D. Mission critical systems
Which systems are most important for operational continuity and should be prioritized in
disaster recovery planning?

A. External systems
B. Systems with critical vulnerabilities
C. Demilitarized Zone (DMZ) systems
D. Mission critical systems
D. Mission critical systems

Cybersecurity

,Cybersecurity


Why is it important to collaborate with business units when identifying mission critical
systems?

A. To determine the most critical vulnerabilities
B. To ensure that DMZ systems are prioritized
C. To gauge the operational impacts of an outage
D. To properly categorize external systems
C. To gauge the operational impacts of an outage
Why might Demilitarized Zone (DMZ) systems, despite their extra risk factor, not be
prioritized over mission critical systems in disaster recovery planning?

A. They are always more secure than mission critical systems
B. They are not essential for keeping operations running
C. They are external systems and not part of the internal network
D. They have fewer critical vulnerabilities
B. They are not essential for keeping operations running
What should be the top priority in disaster recovery planning over systems with critical
vulnerabilities?

A. Demilitarized Zone (DMZ) systems
B. Mission critical systems
C. External systems
D. Less critical vulnerabilities
B. Mission critical systems
A security architect is looking for examples of standards and regulations with
descriptions of Business Continuity and Disaster Recovery (BCDR) capabilities. Which
of the following are examples? (Select all that apply.)

1. SOX (Sarbanes-Oxley Act)
2. GLBA (Gramm-Leach-Bliley Act)
3. DRaaS (Disaster Recovery as a Service)
4. FFIEC (Federal Financial Institutions Examination Council)

A) 1, 2, 3
B) 1, 2, 4
C) 1, 3, 4
D) 2, 3, 4
B) 1, 2, 4
Which act related to fraudulent accounting includes descriptions of Business Continuity
and Disaster Recovery (BCDR) capabilities?

A. GLBA (Gramm-Leach-Bliley Act)
B. DRaaS (Disaster Recovery as a Service)
C. SOX (Sarbanes-Oxley Act)
D. FFIEC (Federal Financial Institutions Examination Council)
C. SOX (Sarbanes-Oxley Act)

Cybersecurity

, Cybersecurity


Which act related to personal financial information includes requirements for Business
Continuity and Disaster Recovery (BCDR) capabilities?

A. SOX (Sarbanes-Oxley Act)
B. GLBA (Gramm-Leach-Bliley Act)
C. DRaaS (Disaster Recovery as a Service)
D. FFIEC (Federal Financial Institutions Examination Council)
B. GLBA (Gramm-Leach-Bliley Act)
Which council provides guidelines and standards for financial institutions, including
Business Continuity and Disaster Recovery (BCDR) capabilities?

A. SOX (Sarbanes-Oxley Act)
B. GLBA (Gramm-Leach-Bliley Act)
C. DRaaS (Disaster Recovery as a Service)
D. FFIEC (Federal Financial Institutions Examination Council)
D. FFIEC (Federal Financial Institutions Examination Council)
Which of the following is not a standard or regulation but a mechanism to achieve
Business Continuity and Disaster Recovery (BCDR) capabilities using public cloud
services?

A. SOX (Sarbanes-Oxley Act)
B. GLBA (Gramm-Leach-Bliley Act)
C. FFIEC (Federal Financial Institutions Examination Council)
D. DRaaS (Disaster Recovery as a Service)
D. DRaaS (Disaster Recovery as a Service)
A security analyst is setting up documents for the outputs of the test or incident, along
with recommendations based on the outputs and findings. Which standard should the
analyst reference?

A. NIST 800-53 (Security and Privacy Controls for Information Systems)
B. NIST 800-61 (Computer Security Incident Handling Guide)
C. NIST 800-84
D. ISO standard 15408
C. NIST 800-84
Which NIST Special Publication provides a guide to test, training, and exercise
programs for IT plans and includes an after-action report template to help with
documentation and findings?

A. NIST 800-53 (Security and Privacy Controls for Information Systems)
B. NIST 800-61 (Computer Security Incident Handling Guide)
C. NIST 800-84
D. ISO standard 15408
C. NIST 800-84
Which NIST Special Publication outlines necessary controls for audits of information
systems used for certification, focusing on security and privacy?



Cybersecurity

Written for

Institution
WGU D488 Cybersecurity Architecture
Course
WGU D488 Cybersecurity Architecture

Document information

Uploaded on
March 22, 2026
Number of pages
153
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

  • wgu d488
$21.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
AlexScorer
2.5
(2)

Get to know the seller

Seller avatar
AlexScorer Chamberlain College Of Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
10
Member since
1 year
Number of followers
0
Documents
1814
Last sold
1 month ago
Best Scorers Review Guide

Hesitate not to get 100% Recent updated and Verified Documents .Total Guarantee to success

2.5

2 reviews

5
0
4
1
3
0
2
0
1
1

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions