WGU D342 Cybersecurity Architecture
and Engineering Assessment 2026/2027
– Verified Q&As with Detailed
Rationales (Test Bank Bundle - 40
Questions)
---
*QUESTION 1:*
What is the primary goal of cybersecurity architecture?
A) To design and implement secure systems and networks
B) To attack other systems
C) To ignore security threats
D) To reduce system availability
> 🎯 *CORRECT ANSWER:* A) To design and implement secure systems and networks
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Cybersecurity architecture focuses on designing secure systems.
> * *Why Distractors Fail:* Attacking, ignoring threats, and reducing availability are not goals.
> * *Core Takeaway:* Cybersecurity architecture designs secure systems.
---
*QUESTION 2:*
,A security architect is using a defense-in-depth strategy. This involves:
A) Multiple layers of security controls
B) A single layer of security
C) No security
D) Only physical security
> 🎯 *CORRECT ANSWER:* A) Multiple layers of security controls
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Defense-in-depth uses multiple layers.
> * *Why Distractors Fail:* Single layer, no security, and only physical are not defense-in-depth.
> * *Core Takeaway:* Defense-in-depth uses multiple layers.
---
*QUESTION 3:*
A security architect is using the zero trust model. What is the key principle?
A) "Never trust, always verify"
B) "Trust but verify"
C) "Trust all internal traffic"
D) "Verify only external traffic"
> 🎯 *CORRECT ANSWER:* A) "Never trust, always verify"
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Zero trust assumes no implicit trust.
> * *Why Distractors Fail:* Other statements do not reflect zero trust.
> * *Core Takeaway:* Zero trust requires continuous verification.
---
, *QUESTION 4:*
A security architect is using a secure access service edge (SASE) framework. What does SASE combine?
A) Networking and security functions
B) Networking and storage
C) Security and storage
D) Storage and compute
> 🎯 *CORRECT ANSWER:* A) Networking and security functions
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* SASE combines networking and security.
> * *Why Distractors Fail:* Storage and compute are not part of SASE.
> * *Core Takeaway:* SASE combines networking and security.
---
*QUESTION 5:*
A security architect is using a security information and event management (SIEM) system. What is the
purpose?
A) To collect and analyze security event data
B) To assign IP addresses
C) To resolve domain names
D) To filter traffic
> 🎯 *CORRECT ANSWER:* A) To collect and analyze security event data
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* SIEM collects and analyzes events.
> * *Why Distractors Fail:* DHCP assigns IPs; DNS resolves names; firewalls filter traffic.
> * *Core Takeaway:* SIEM collects and analyzes events.
and Engineering Assessment 2026/2027
– Verified Q&As with Detailed
Rationales (Test Bank Bundle - 40
Questions)
---
*QUESTION 1:*
What is the primary goal of cybersecurity architecture?
A) To design and implement secure systems and networks
B) To attack other systems
C) To ignore security threats
D) To reduce system availability
> 🎯 *CORRECT ANSWER:* A) To design and implement secure systems and networks
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Cybersecurity architecture focuses on designing secure systems.
> * *Why Distractors Fail:* Attacking, ignoring threats, and reducing availability are not goals.
> * *Core Takeaway:* Cybersecurity architecture designs secure systems.
---
*QUESTION 2:*
,A security architect is using a defense-in-depth strategy. This involves:
A) Multiple layers of security controls
B) A single layer of security
C) No security
D) Only physical security
> 🎯 *CORRECT ANSWER:* A) Multiple layers of security controls
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Defense-in-depth uses multiple layers.
> * *Why Distractors Fail:* Single layer, no security, and only physical are not defense-in-depth.
> * *Core Takeaway:* Defense-in-depth uses multiple layers.
---
*QUESTION 3:*
A security architect is using the zero trust model. What is the key principle?
A) "Never trust, always verify"
B) "Trust but verify"
C) "Trust all internal traffic"
D) "Verify only external traffic"
> 🎯 *CORRECT ANSWER:* A) "Never trust, always verify"
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* Zero trust assumes no implicit trust.
> * *Why Distractors Fail:* Other statements do not reflect zero trust.
> * *Core Takeaway:* Zero trust requires continuous verification.
---
, *QUESTION 4:*
A security architect is using a secure access service edge (SASE) framework. What does SASE combine?
A) Networking and security functions
B) Networking and storage
C) Security and storage
D) Storage and compute
> 🎯 *CORRECT ANSWER:* A) Networking and security functions
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* SASE combines networking and security.
> * *Why Distractors Fail:* Storage and compute are not part of SASE.
> * *Core Takeaway:* SASE combines networking and security.
---
*QUESTION 5:*
A security architect is using a security information and event management (SIEM) system. What is the
purpose?
A) To collect and analyze security event data
B) To assign IP addresses
C) To resolve domain names
D) To filter traffic
> 🎯 *CORRECT ANSWER:* A) To collect and analyze security event data
> 💡 *CLINICAL RATIONALE:*
> * *Why It's Right:* SIEM collects and analyzes events.
> * *Why Distractors Fail:* DHCP assigns IPs; DNS resolves names; firewalls filter traffic.
> * *Core Takeaway:* SIEM collects and analyzes events.