WGU D488 OA (Latest 2025/2026 Update) Cybersecurity Architecture & Engineering Objective Assessment | Questions with Verified Answers & Rationale | 100% Correct| Graded A.

WGU D488 OA (Latest 2025/2026 Update)
Cybersecurity Architecture & Engineering
Objective Assessment | Questions with Verified
Answers & Rationale | 100% Correct| Graded A.


Question:
A company wants to provide laptops to its employees so they can work
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-



remotely. What should be implemented to ensure only work applications
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


can be installed on company laptops?
i,- i,- i,- i,- i,-




A - Containerization
i,- i,-




B - Token-based access
i,- i,- i,-




C - Patch repository
i,- i,- i,-




D - Whitelisting?
i,- i,-




Answer:

D - Whitelisting
i,- i,-




Whitelisting ensures that only approved applications can be installed and
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


executed on company laptops.
i,- i,- i,-




Question:

,What should a business use to provide non-repudiation for emails
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


between employees? i,-




A - TLS/SSL
i,- i,-




B - AES-256
i,- i,-




C - S/MIME
i,- i,-




D - IPSec?
i,- i,-




Answer:

C - S/MIME (Secure/Multipurpose Internet Mail Extensions)
i,- i,- i,- i,- i,- i,-




S/MIME provides non-repudiation for emails by using digital signatures.
i,- i,- i,- i,- i,- i,- i,- i,-




Question:

Which strategy is appropriate for a risk management team to determine if
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


a business has insufficient security controls?
i,- i,- i,- i,- i,-




A - Qualitative assessment
i,- i,- i,-




B - Gap assessment
i,- i,- i,-




C - Quantitative risk assessment
i,- i,- i,- i,-




D - Impact assessment?
i,- i,- i,-




Answer:

B - Gap assessment
i,- i,- i,-




A gap assessment identifies the gaps between the current security control
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


and the desired or required levels of security.
i,- i,- i,- i,- i,- i,- i,-

,Question:

An organization has leased office space that is suitable for its computer
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-



equipment so personnel and systems can be relocated if the main office
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


location is unavailable. It currently has some equipment. Which type of
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


site is the organization using?
i,- i,- i,- i,-




A - Cold site
i,- i,- i,-




B - Warm site
i,- i,- i,-




C - Hot site
i,- i,- i,-




D - Mobile site?
i,- i,- i,-




Answer:

B - Warm site
i,- i,- i,-




A warm site is a disaster recovery site that provides a partially equipped
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


facility that can be used to restore critical operations faster than having
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


no equipment at all.
i,- i,- i,-




Question:

A risk assessment consultant is discussing segmentation options with a
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


client. What are a few standard options the consultant could offer? Select
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


the best 2 answers.
i,- i,- i,-




A - VLANs
i,- i,-




B - Transmission Control
i,- i,- i,-

, C - Physical
i,- i,-




D - Access control lists?
i,- i,- i,- i,-




Answer:

A & C; VLANs & Physical
i,- i,- i,- i,- i,-




A network device can perform segmentation logically, for example,
i,- i,- i,- i,- i,- i,- i,- i,- i,-


implementing virtual local area networks (VLANs). A system can bypass i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-



VLANs if an attacker gains access to a trunk port where all VLANs can talk.
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-




Physical segmentation is another type of segmentation more commonly
i,- i,- i,- i,- i,- i,- i,- i,- i,-


found in industrial control systems (ICS) and supervisory control and data
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


acquisition (SCADA) networks. This is where, traditionally, there is an IT
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


and OT (operational technology) network.
i,- i,- i,- i,-




Transmission control is not a type of segmentation. Transmission control
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


defines how a system protects communication channels from infiltration,
i,- i,- i,- i,- i,- i,- i,- i,- i,-


exploitation, and interception. i,- i,-




Access control lists (ACLs) are used to define permissions on a network,
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


file, or object. While they can restrict access to resources, they do not
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


segment a network in the same way as VLANs or physical segmentation.
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-




Question:
Which type of security should a business use on its layer 2 switch to
i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,- i,-


isolate the finance network from other departmental networks?
i,- i,- i,- i,- i,- i,- i,-




A - Virtual Private Network (VPN)
i,- i,- i,- i,- i,-