Dumps Cafe WGU-Cybersecurity-Architecture-and-Engineering

Text Material Preview

WGU Cybersecurity
Architecture and
Engineering (KFO1
/D488)
Version: Demo
[ Total Questions: 10]
Web: www.dumpscafe.com
Email: support@dumpscafe.com
WGU
Cybersecurity-Architecture-and-Engineering
https://www.dumpscafe.com
https://www.dumpscafe.com/Braindumps-Cybersecurity-Architecture-and-Engineering.html
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any 
suggestions, please feel free to contact us at feedback@dumpscafe.com
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at and our technical experts will provide support within 24 hours.support@dumpscafe.com
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized 
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
1 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
Category Breakdown
Category Number of Questions
System Security Engineering 2
Cryptography 1
Information Systems and Architecture 5
Security Models and Design 1
Network Security 1
TOTAL 10
Question #:1 - [System Security Engineering]
A company has discovered a vulnerability in its lightweight directory access protocol (LDAP) 
implementation, which could potentially allow unauthorized access to sensitive information. The company 
has decided to implement risk mitigation strategies to reduce the risk associated with this vulnerability.
Which risk mitigation strategy will meet the needs of the company?
Conducting regular security awareness training for employees to prevent social engineering attacks 
targeting LDAP credentials
Regularly backing up data stored in the LDAP server to prevent data loss in the event of a breach
Implementing intrusion detection and prevention systems (IDPS) to monitor for suspicious activities 
and potential LDAP attacks
Implementing strong authentication mechanisms and encryption protocols to secure communication 
between the LDAP server and clients
Answer: D
Explanation
The correct answer is D — Implementing strong authentication mechanisms and encryption protocols to 
secure communication between the LDAP server and clients.
As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, securing LDAP 
communication and strengthening authentication directly addresses vulnerabilities related to unauthorized 
access. Using encryption protocols such as LDAP over SSL (LDAPS) ensures that credentials and sensitive 
data are transmitted securely.
Security awareness training (A) helps against social engineering but does not secure the LDAP system itself. 
Backups (B) are a recovery measure, not a preventive one. IDPS (C) can detect attacks but does not directly 
secure the LDAP server against exploitation.
Reference Extract from Study Guide:
"Implementing strong authentication and encrypting communications for LDAP servers mitigates 
vulnerabilities by preventing unauthorized access and protecting sensitive information during transmission."
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
2 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
A. 
B. 
C. 
D. 
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Services
Question #:2 - [Cryptography]
What allows a user to query information from an online database with a web application without revealing 
what they are viewing?
Private Information Retrieval (PIR)
Homomorphic encryption
Secure Function Evaluation (SFE)
Private Function Evaluation (PFE)
Answer: A
Explanation
Private Information Retrieval (PIR)allows a user to retrieve data from a server without revealingwhich datais 
being requested. It’s aprivacy-preserving protocolprimarily used in secure databases and web applications.
ACM Computing Surveys – Private Information Retrieval:
“PIR enables users to query a database without disclosing the identity of the item being retrieved, maintaining 
the user’s privacy.”
Homomorphic encryption protects data during processing, while PIR protectsaccess patterns.
#WGU Course Alignment:
Domain:Cryptography and Privacy Engineering
Topic:Apply PIR techniques for private querying in databases
Question #:3 - [Information Systems and Architecture]
Which two languages are scripted?
Choose 2 answers
Python
Ada
PHP
C
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
3 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
Answer: A C
Explanation
Scripting languages are designed for integrating and communicating with other programming languages.
Python: A high-level scripting language known for its readability and extensive library support.
PHP: A server-side scripting language used primarily for web development.
References
"Python Crash Course" by Eric Matthes
"PHP and MySQL Web Development" by Luke Welling and Laura Thomson
Question #:4 - [Information Systems and Architecture]
Which item facilitates communication between applications and databases?
Application database
Database driver
Application driver
Database application
Answer: B
Explanation
A database driver is a software component that enables communication between an application and a database.
Function: It acts as a bridge, allowing applications to send queries to the database and retrieve results.
Types: Common database drivers include ODBC (Open Database Connectivity) and JDBC (Java Database 
Connectivity).
References
"Database System Concepts" by Abraham Silberschatz, Henry F. Korth, and S. Sudarshan
"Data Management for Researchers" by Kristin Briney
Top of Form
Question #:5 - [System Security Engineering]
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
4 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
A. 
B. 
C. 
A company is concerned about the potential risks associated with unauthorized modifications to the basic input
/output system (BIOS) firmware on its servers. The company has decided to implement hardening techniques 
and endpoint security controls to mitigate the risk.
Which technique will prevent unauthorized modifications to the BIOS firmware on a server?
BIOS monitoring
Using an intrusion detection system to detect and prevent attacks
Conducting regular backups of the server's data
BIOS protection
Answer: D
Explanation
The correct answer is D — BIOS protection.
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) recommends enabling BIOS protection 
features such as BIOS passwords, secure boot, and firmware write protection to prevent unauthorized changes 
to BIOS firmware. BIOS protection locks the firmware settings to prevent tampering.
BIOS monitoring (A) detects changes but does not prevent them. IDS (B) detects network attacks, not 
firmware changes. Backups (C) protect data but not BIOS integrity.
Reference Extract from Study Guide:
"BIOS protection involves securing firmware with authentication methods and write protections to prevent 
unauthorized modifications at the hardware level."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Hardware and Firmware Security
=============================================
Question #:6 - [Security Models and Design]
A retail company has recently implemented a new point of sale (POS) system that is critical to its business.
Which security control is essential for protecting the availability of the POS system?
Implementing intrusion detection and prevention systems can help detect and prevent unauthorized 
access to the POS system.
Regularly backing up the data stored in the POS system and having a disaster recovery plan can help 
ensure that the system is available in the event of a security incident or system failure.
Enforcing strict access controls can limit the number of userswith access to the POS system and 
prevent unauthorized access.
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
5 of 8Verified Solution - 100% Result
D. 
A. 
B. 
C. 
D. 
Regularly updating the POS system with the latest security patches can help prevent exploitation of 
known vulnerabilities and maintain the system's availability.
Answer: B
Explanation
The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster 
recovery plan can help ensure that the system is available in the event of a security incident or system failure.
As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical 
systems and establishing a disaster recovery plan ensures business continuity and system availability even 
after incidents like hardware failures, cyberattacks, or data corruption.
While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, 
backups and disaster recovery specifically ensure availability.
Reference Extract from Study Guide:
"Data backups and disaster recovery planning are essential controls to ensure system availability during and 
after a security incident or technical failure."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster 
Recovery
=============================================
Question #:7 - [Information Systems and Architecture]
A healthcare provider is developing a disaster recovery plan and wants to determine the longest duration that 
its systems or applications can be down before causing significant damage to the business.
What is the term used to describe this metric?
Recovery time objective (RTO)
Business impact analysis (BIA)
Business continuity planning (BCP)
Disaster recovery (DR)
Answer: A
Explanation
The correct answer is A — Recovery time objective (RTO).
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
6 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RTO is the maximum 
acceptable amount of time that a system, application, or process can be offline after a failure before 
unacceptable consequences occur to the business.
BIA (B) is the process of analyzing impact. BCP (C) is the overall plan for maintaining operations. DR (D) 
refers to the broader recovery effort.
Reference Extract from Study Guide:
"Recovery time objective (RTO) defines the maximum tolerable downtime for critical systems before 
significant business impact occurs."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Recovery Objectives and Disaster 
Recovery Metrics
=============================================
Question #:8 - [Information Systems and Architecture]
A company's website is suddenly redirecting users to a suspicious landing page asking for personal 
information.
What is the most likely cause of the issue?
Exfiltration
Phishing
Tampering
Ransomware
Answer: C
Explanation
The correct answer is C — Tampering.
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials explain that tampering refers to 
unauthorized modifications of systems or data. In this case, the website being altered to redirect users to a 
malicious landing page indicates that an attacker has tampered with the legitimate website code or its DNS 
settings.
Exfiltration (A) refers to stealing data. Phishing (B) involves tricking users but not modifying a website. 
Ransomware (D) encrypts systems for ransom, not cause redirection.
Reference Extract from Study Guide:
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
7 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
"Tampering involves the unauthorized modification of a system or its resources, often to redirect users to 
malicious destinations or to alter functionality in harmful ways."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Categories and Impacts
=============================================
Question #:9 - [Network Security]
An organization is experiencing multiple instances of attempted access from geographicallocations where 
there are no corporate offices or staff.
What should a network administrator do to prevent further access attempts?
Adjust the rule sets within the Security Information and Event Manager (SIEM) tool
Adjust the Domain Name Service (DNS) server A Records
Adjust the main proxy server to only allow specific addresses
Adjust the firewall configuration to drop traffic from these addresses
Answer: D
Explanation
Geo-IP filtering at the firewallis a well-established method of blocking traffic from regions that the 
organization does not do business with or has no legitimate presence in.
NIST SP 800-41 Rev. 1 (Guidelines on Firewalls):
“Firewalls can be configured to block traffic based on geolocation or IP ranges to reduce exposure to known 
hostile regions.”
Firewalls are thefirst line of defensein the network perimeter; adjusting SIEM rules doesn’t actively block 
access.
#WGU Course Alignment:
Domain:Network Security
Topic:Implement firewall filtering rules for geographic and IP-based restrictions
Question #:10 - [Information Systems and Architecture]
WGU - Cybersecurity-Architecture-and-EngineeringPass Exam
8 of 8Verified Solution - 100% Result
A. 
B. 
C. 
D. 
A healthcare provider is required to comply with the Health Insurance Portability and Accountability Act 
(HIPAA), which sets requirements for the protection of patient healthinformation. The provider uses various 
software applications to manage and store patient health information, which must be coded to protect its 
confidentiality and integrity.
Which protocol will meet the needs of this provider?
Wired Equivalent Privacy (WEP)
Advanced Encryption Standard (AES)
Simple Mail Transfer Protocol (SMTP)
Rivest-Shamir-Adleman (RSA)
Answer: B
Explanation
The correct answer is B — Advanced Encryption Standard (AES).
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted 
symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including 
patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient 
for encrypting stored or transmitted healthcare data.
WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an 
asymmetric encryption method typically used for key exchanges, not bulk data encryption.
Reference Extract from Study Guide:
"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing 
strong protection for confidentiality and integrity in HIPAA-regulated environments."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory 
Compliance
=============================================
About dumpscafe.com
dumpscafe.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam 
Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially 
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
 
 
 
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses 
listed below.
Sales: sales@dumpscafe.com
Feedback: feedback@dumpscafe.com
Support: support@dumpscafe.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24 
hours.
https://www.dumpscafe.com
https://www.dumpscafe.com/allproducts.html
https://www.dumpscafe.com/Microsoft-exams.html
https://www.dumpscafe.com/Cisco-exams.html
https://www.dumpscafe.com/Citrix-exams.html
https://www.dumpscafe.com/CompTIA-exams.htmlhttps://www.dumpscafe.com/EMC-exams.html
https://www.dumpscafe.com/ISC-exams.html
https://www.dumpscafe.com/Checkpoint-exams.html
https://www.dumpscafe.com/Juniper-exams.html
https://www.dumpscafe.com/Apple-exams.html
https://www.dumpscafe.com/Oracle-exams.html
https://www.dumpscafe.com/Symantec-exams.html
https://www.dumpscafe.com/VMware-exams.html
mailto:sales@dumpscafe.com
mailto:feedback@dumpscafe.com
mailto:support@dumpscafe.com