WGU D488 Cybersecurity Architecture and Engineering
Oa/ Wgu D488 Objective Assessment Actual Questions
And Verified Solutions Already Grade A+.
Which type of security should a business use on its layer 2 switch to isolate
the finance network from other departmental networks?
A - Virtual Private Network (VPN)
B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - ANSWER: C - Virtual Local Area
Network (VLAN)
VLANs allow companies to logically segment network traffic, ensuring devices
on different VLANs cannot communicate unless otherwise specified in a layer
3 device like a router.
Which type of software testing should be used when there has been a change
within the existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - ANSWER: A - Regression Testing
Regression testing ensures that recent changes within the environment have
not introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password that may
match common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - ANSWER: B - Password Auditing
,Password auditing allows for existing passwords to be compared against
known weak passwords to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide
a password, memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - ANSWER: A - Multi-factor authentication
MFA enhances security by requiring multiple forms of authentication,
therefore reducing the risk of unauthorized access.
A network technician is asked by their manager to update security to block
several known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - ANSWER: B - Firewall rules
Firewall rules can be set up to deny traffic coming from known malicious IP
addresses.
On a shopping website, there is a 500-millisecond delay when the authorized
payment button is selected for purchases. Attackers have been running a
script to alter the final payment that takes 200 milliseconds. Which
vulnerability on the website is being targeted by the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - ANSWER: D - Race Condition
,A race condition occurs when multiple processes or actions are executed
simultaneously, and the outcome depends on the sequence or timing of
events.
A company wants to provide laptops to its employees so they can work
remotely. What should be implemented to ensure only work applications can
be installed on company laptops?
A - Containerization
B - Token-based access
C - Patch repository
D - Whitelisting - ANSWER: D - Whitelisting
Whitelisting ensures that only approved applications can be installed and
executed on company laptops.
What should a business use to provide non-repudiation for emails between
employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - ANSWER: C - S/MIME (Secure/Multipurpose Internet Mail
Extensions)
S/MIME provides non-repudiation for emails by using digital signatures.
Which strategy is appropriate for a risk management team to determine if a
business has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - ANSWER: B - Gap assessment
A gap assessment identifies the gaps between the current security control and
the desired or required levels of security.
, An organization has leased office space that is suitable for its computer
equipment so personnel and systems can be relocated if the main office
location is unavailable. It currently has some equipment. Which type of site is
the organization using?
A - Cold site
B - Warm site
C - Hot site
D - Mobile site - ANSWER: B - Warm site
A warm site is a disaster recovery site that provides a partially equipped
facility that can be used to restore critical operations faster than having no
equipment at all.
A risk assessment consultant is discussing segmentation options with a
client. What are a few standard options the consultant could offer? Select the
best 2 answers.
A - VLANs
B - Transmission Control
C - Physical
D - Access control lists - ANSWER: A & C; VLANs & Physical
A network device can perform segmentation logically, for example,
implementing virtual local area networks (VLANs). A system can bypass
VLANs if an attacker gains access to a trunk port where all VLANs can talk.
Physical segmentation is another type of segmentation more commonly found
in industrial control systems (ICS) and supervisory control and data
acquisition (SCADA) networks. This is where, traditionally, there is an IT and
OT (operational technology) network.
Transmission control is not a type of segmentation. Transmission control
defines how a system protects communication channels from infiltration,
exploitation, and interception.
Oa/ Wgu D488 Objective Assessment Actual Questions
And Verified Solutions Already Grade A+.
Which type of security should a business use on its layer 2 switch to isolate
the finance network from other departmental networks?
A - Virtual Private Network (VPN)
B - Internet Protocol Security (IPSec)
C - Virtual Local Area Network (VLAN)
D - Remotely Triggered Black Hole (RTBH) - ANSWER: C - Virtual Local Area
Network (VLAN)
VLANs allow companies to logically segment network traffic, ensuring devices
on different VLANs cannot communicate unless otherwise specified in a layer
3 device like a router.
Which type of software testing should be used when there has been a change
within the existing environment?
A - Regression Testing
B - Penetration Testing
C - Requirements Testing
D - Release Testing - ANSWER: A - Regression Testing
Regression testing ensures that recent changes within the environment have
not introduced new defects or broken existing functionality.
Which security technique should be used to detect a weak password that may
match common dictionary words?
A - Password Spraying
B - Password Auditing
C - Password Guessing
D - Password History - ANSWER: B - Password Auditing
,Password auditing allows for existing passwords to be compared against
known weak passwords to help determine the security of a credential.
What should an organization implement if it wants users of their site to provide
a password, memorable word, and pin?
A - Multi-factor authentication (MFA)
B - Two-factor authentication (2FA)
C - Two-step verification
D - Single-factor authentication - ANSWER: A - Multi-factor authentication
MFA enhances security by requiring multiple forms of authentication,
therefore reducing the risk of unauthorized access.
A network technician is asked by their manager to update security to block
several known bad actor IP addresses.
A - Signature rules
B - Firewall rules
C - Behavior rules
D - Data loss prevention (DLP) rules - ANSWER: B - Firewall rules
Firewall rules can be set up to deny traffic coming from known malicious IP
addresses.
On a shopping website, there is a 500-millisecond delay when the authorized
payment button is selected for purchases. Attackers have been running a
script to alter the final payment that takes 200 milliseconds. Which
vulnerability on the website is being targeted by the attackers?
A - Buffer Overflow
B - Integer Overflow
C - Broken Authentication
D - Race Condition - ANSWER: D - Race Condition
,A race condition occurs when multiple processes or actions are executed
simultaneously, and the outcome depends on the sequence or timing of
events.
A company wants to provide laptops to its employees so they can work
remotely. What should be implemented to ensure only work applications can
be installed on company laptops?
A - Containerization
B - Token-based access
C - Patch repository
D - Whitelisting - ANSWER: D - Whitelisting
Whitelisting ensures that only approved applications can be installed and
executed on company laptops.
What should a business use to provide non-repudiation for emails between
employees?
A - TLS/SSL
B - AES-256
C - S/MIME
D - IPSec - ANSWER: C - S/MIME (Secure/Multipurpose Internet Mail
Extensions)
S/MIME provides non-repudiation for emails by using digital signatures.
Which strategy is appropriate for a risk management team to determine if a
business has insufficient security controls?
A - Qualitative assessment
B - Gap assessment
C - Quantitative risk assessment
D - Impact assessment - ANSWER: B - Gap assessment
A gap assessment identifies the gaps between the current security control and
the desired or required levels of security.
, An organization has leased office space that is suitable for its computer
equipment so personnel and systems can be relocated if the main office
location is unavailable. It currently has some equipment. Which type of site is
the organization using?
A - Cold site
B - Warm site
C - Hot site
D - Mobile site - ANSWER: B - Warm site
A warm site is a disaster recovery site that provides a partially equipped
facility that can be used to restore critical operations faster than having no
equipment at all.
A risk assessment consultant is discussing segmentation options with a
client. What are a few standard options the consultant could offer? Select the
best 2 answers.
A - VLANs
B - Transmission Control
C - Physical
D - Access control lists - ANSWER: A & C; VLANs & Physical
A network device can perform segmentation logically, for example,
implementing virtual local area networks (VLANs). A system can bypass
VLANs if an attacker gains access to a trunk port where all VLANs can talk.
Physical segmentation is another type of segmentation more commonly found
in industrial control systems (ICS) and supervisory control and data
acquisition (SCADA) networks. This is where, traditionally, there is an IT and
OT (operational technology) network.
Transmission control is not a type of segmentation. Transmission control
defines how a system protects communication channels from infiltration,
exploitation, and interception.
