Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

WGU D488 Cybersecurity Architecture Engineering CASP+ Comprehensive Final Exam Official Practice Exam Actual Exam 2026/2027 with Detailed Rationales | Complete Exam-Style Questions | Pass Guaranteed – A+ Graded

Puntuación
-
Vendido
-
Páginas
27
Grado
A+
Subido en
30-06-2026
Escrito en
2025/2026

WGU D488 Cybersecurity Architecture Engineering CASP+ Comprehensive Final Exam Official Practice Exam Actual Exam 2026/2027 – Real-Style Exam Questions | 100% Correct Answers | Enterprise Security Architecture | Risk Management | Cryptography | Zero Trust | Cloud Security | Incident Response | Security Operations | Threat Intelligence | Governance Compliance | Detailed Rationales | Graded A+ Verified – Pass Guaranteed – Instant Download

Mostrar más Leer menos
Institución
WGU D488
Grado
WGU D488

Vista previa del contenido

WGU D488 Cybersecurity Architecture
Engineering CASP+ Comprehensive Final
Exam Official Practice Exam Actual Exam
2026/2027 with Detailed Rationales |
Complete Exam-Style Questions | Pass
Guaranteed – A+ Graded
══════════════════════════════════════
SECTION 1: SECURITY ARCHITECTURE & ENGINEERING FOUNDATIONS Q1 – Q10
══════════════════════════════════════

Question 1 of 50

A healthcare organization is migrating its EHR system to a hybrid cloud model. The security
architect must ensure that patient data encrypted at rest in the cloud remains inaccessible to
the cloud provider's administrators while still supporting indexed database queries for clinical
workflows. Which approach satisfies both requirements?

A. Bring Your Own Key (BYOK) with the cloud provider managing key storage and rotation
B. Database-level transparent data encryption using the provider's native key management
service
C. Client-side encryption with deterministic encryption for queryable fields and randomized
encryption for sensitive attributes ✓ CORRECT
D. Tokenization of all PHI fields with an on-premises tokenization server and batch
de-tokenization

Correct Answer: C
Rationale: Client-side encryption with deterministic encryption preserves queryability for
exact-match operations while ensuring the cloud provider never possesses decryption keys,
satisfying both confidentiality and functional requirements. BYOK often still permits the
provider to access keys for operational purposes, which violates the requirement for
exclusive customer control. In regulated hybrid cloud architectures, searchable encryption
techniques are increasingly used to maintain security without sacrificing clinical workflow
functionality.

Question 2 of 50

,A manufacturing company adopts DevSecOps and wants to integrate security testing into the
CI/CD pipeline without creating excessive build delays. The architect recommends a tool that
analyzes source code for vulnerabilities during the compilation phase without executing the
application. Which tool category matches this requirement?

A. Dynamic application security testing (DAST) with automated spidering and form
submission
B. Static application security testing (SAST) with data flow analysis and taint tracking ✓
CORRECT
C. Interactive application security testing (IAST) with runtime instrumentation and
agent-based monitoring
D. Runtime application self-protection (RASP) with embedded policy enforcement and attack
blocking

Correct Answer: B
Rationale: SAST examines source code, bytecode, or binaries without executing the
application, making it ideal for early integration into build pipelines where speed and
developer feedback loops are critical. DAST requires a running application and is typically
deployed in staging or production environments, introducing delays unsuitable for build-phase
integration. CASP+ exam scenarios frequently test the distinction between SAST (white-box,
pre-deployment) and DAST (black-box, runtime) deployment contexts.

Question 3 of 50

A defense contractor is designing a secure facility network that must enforce mandatory
access control (MAC) for all systems processing classified data. The architect needs to
ensure that data classification labels flow automatically between interconnected systems
without manual relabeling at each boundary. Which security architecture best supports this
requirement?

A. Bell-LaPadula with simple security property and *-property for confidentiality enforcement
B. Biba integrity model with strict integrity and invocation properties for data quality
assurance
C. Lattice-based access control with label-based mandatory access control (LBAC) and
trusted label export/import protocols ✓ CORRECT
D. Clark-Wilson model with constrained data items, transformation procedures, and
separation of duties

Correct Answer: C
Rationale: LBAC with trusted label export/import protocols ensures that security labels
propagate consistently across interconnected systems, maintaining MAC enforcement
without manual intervention at network boundaries. The Bell-LaPadula model defines
confidentiality rules but does not inherently specify cross-system label propagation
mechanisms, making it insufficient for this distributed architecture. In classified multi-system

, environments, label interoperability is typically implemented through trusted operating
systems and cross-domain guards that understand lattice-based label semantics.

Question 4 of 50

An e-commerce platform experiences seasonal traffic spikes that require rapid infrastructure
scaling. The security team must ensure that newly provisioned virtual instances
automatically inherit the organization's hardened baseline configuration, vulnerability scan
compliance, and continuous monitoring agent deployment. Which architectural control best
achieves this?

A. Immutable infrastructure with pre-hardened golden images and automated blue-green
deployments
B. Configuration management using agent-based pull models with scheduled enforcement
intervals
C. Infrastructure as Code (IaC) templates with embedded security group rules and user data
scripts
D. Automated image pipeline with CIS benchmarks, vulnerability validation, and orchestrator
integration ✓ CORRECT

Correct Answer: D
Rationale: An automated image pipeline that bakes CIS benchmarks, vulnerability validation,
and monitoring agents into golden images ensures that every provisioned instance starts
from a known-secure state rather than relying on post-deployment configuration. Immutable
infrastructure focuses on deployment strategy rather than image security provenance, and
configuration management alone cannot guarantee initial instance compliance at
provisioning time. Enterprise security architecture for elastic workloads increasingly relies
on secure image factories that integrate with cloud orchestrators to enforce security
baselines before instances accept traffic.

Question 5 of 50

A multinational bank is implementing a zero-trust architecture across its global branches.
The security architect needs to verify device health and user identity before granting access
to the treasury management system, regardless of whether the connection originates from
inside the corporate network or a remote location. Which foundational zero-trust principle
does this scenario best exemplify?

A. Never trust, always verify with dynamic risk-based access decisions ✓ CORRECT
B. Microsegmentation with software-defined perimeters for east-west traffic isolation
C. Least privilege with just-in-time administrative access controls and privilege elevation
workflows
D. Assume breach with continuous monitoring, deception technology, and threat detection
integration

Escuela, estudio y materia

Institución
WGU D488
Grado
WGU D488

Información del documento

Subido en
30 de junio de 2026
Número de páginas
27
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$15.49
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
STUDYACEFILES (self)
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
83
Miembro desde
2 año
Número de seguidores
5
Documentos
2001
Última venta
6 días hace
STUDYACEFILES

Welcome toSTUDYACEFILES store! We specialize in reliable test banks, exam questions with verified answers, practice exams, study guides, and complete exam review materials to help students pass on the first try. Our uploads support Nursing programs, professional certifications, business courses, accounting classes, and college-level exams. All documents are well-organized, accurate, exam-focused, and easy to follow, making them ideal for quizzes, midterms, finals, ATI & HESI prep, NCLEX-style practice, certification exams, and last-minute reviews. If you’re looking for trusted test banks, comprehensive exam prep, and time-saving study resources.

Lee mas Leer menos
3.9

14 reseñas

5
5
4
4
3
4
2
1
1
0

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes