Verified Cybersecurity-Architecture-and-Engineering dumps Q As - 100% Pass from GuideTorrent Pass Cybersecurity-Architecture-and-Engineering Exam in First Attempt Guaranteed 2025 Dumps! NEW QUESTION # 96 A corporate website is currently being redesigned, which leaves it vulnerable to security threats. Management does not want to provide an attacker with any information about the web server. Which strategy [...]

All Products Contact now

Verified Cybersecurity-Architecture-and-Engineering dumps Q&As - 100% Pass from GuideTorrent [Q96-Q118]

Share

Verified Cybersecurity-Architecture-and-Engineering dumps Q&As - 100% Pass from GuideTorrent

Pass Cybersecurity-Architecture-and-Engineering Exam in First Attempt Guaranteed 2025 Dumps!

NEW QUESTION # 96
A corporate website is currently being redesigned, which leaves it vulnerable to security threats. Management does not want to provide an attacker with any information about the web server. Which strategy should be used to prevent an attacker from gaining unauthorized information?

  • A. Enabling Hypertext Transfer Protocol Secure (HTTPS) over Domain Name Service (DNS)
  • B. Using HTTPS for all page and content requests
  • C. Becoming PCI-DSS compliant and certified
  • D. Obfuscating error messages on the site or within the Uniform Resource Locator (URL)

Answer: D

Explanation:
Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.
OWASP Secure Coding Practices - Error Handling and Logging:
"Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details." HTTPS secures transport, but doesn't addressinformation disclosurevia error output.
#WGU Course Alignment:
Domain:Information Systems and Architecture
Topic:Implement secure design practices (e.g., error handling, obfuscation)


NEW QUESTION # 97
A large multinational corporation maintains a complex network of data centers across the world.
Which type of disaster recovery site will ensure business continuity in case of a disaster?

  • A. A mobile data center that can be deployed to the disaster zone
  • B. A remote location with cloud-based backups
  • C. A secondary location with basic backup hardware and software
  • D. A fully equipped hot site with up-to-date hardware and software

Answer: D

Explanation:
The correct answer is B - A fully equipped hot site with up-to-date hardware and software.
As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.
Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.
Reference Extract from Study Guide:
"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning


NEW QUESTION # 98
A company wants to secure its computer systems and prevent any unauthorized access to its network. The company wants to implement a security solution that can restrict network traffic to only approved services and applications.
Which security technology will meet the needs of this company?

  • A. Host-based firewall
  • B. Antivirus tools
  • C. Two-factor authentication
  • D. Hardware security module (HSM)

Answer: A

Explanation:
The correct answer is C - Host-based firewall.
According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, a host-based firewall enforces traffic control policies at the endpoint level. It can allow or deny traffic based on application, port, IP address, and protocol rules, restricting access to only approved services and applications on a system.
Antivirus tools (A) detect malware but do not control network traffic. Two-factor authentication (B) secures user access but does not manage network traffic. HSMs (D) handle encryption keys, not network access control.
Reference Extract from Study Guide:
"Host-based firewalls restrict traffic at the system level, permitting only authorized services and applications, enhancing endpoint security."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Protection and Firewalls


NEW QUESTION # 99
What are two roles of a DNS?
Choose 2 answers

  • A. Storing the IP address
  • B. Sending packets along a pathway that connects it to the Internet
  • C. Creating IP addresses if it cannot find an alias
  • D. Translating an IP alias to an actual IP address

Answer: A,D

Explanation:
* The Domain Name System (DNS) has several key roles, including:
* Storing the IP addresses associated with domain names.
* Translating human-readable domain names (aliases) into IP addresses that computers use to identify each other on the network.
* The other options:
* Creating IP addresses if it cannot find an alias is incorrect; DNS does not create IP addresses.
* Sending packets along a pathway that connects it to the Internet is the role of routers and not DNS.
* Therefore, storing the IP address and translating an IP alias to an actual IP address are the correct roles of DNS.
References:
* "DNS and BIND" by Paul Albitz and Cricket Liu, which details the functions and roles of DNS.
* "The Practice of System and Network Administration" by Thomas Limoncelli, Christina Hogan, and Strata Chalup, which explains DNS operations.


NEW QUESTION # 100
A company wants to secure its computer systems and prevent any unauthorized access to its network. The company wants to implement a security solution that can restrict network traffic to only approved services and applications.
Which security technology will meet the needs of this company?

  • A. Host-based firewall
  • B. Antivirus tools
  • C. Two-factor authentication
  • D. Hardware security module (HSM)

Answer: A

Explanation:
The correct answer is C - Host-based firewall.
According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, a host-based firewall enforces traffic control policies at the endpoint level. It can allow or deny traffic based on application, port, IP address, and protocol rules, restricting access to only approved services and applications on a system.
Antivirus tools (A) detect malware but do not control network traffic. Two-factor authentication (B) secures user access but does not manage network traffic. HSMs (D) handle encryption keys, not network access control.
Reference Extract from Study Guide:
"Host-based firewalls restrict traffic at the system level, permitting only authorized services and applications, enhancing endpoint security."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Protection and Firewalls


NEW QUESTION # 101
A large healthcare provider is acquiring a small clinic and has identified a full understanding of the clinic's organizational risks. The large provider has several tools it can implement to reduce the clinic's identified risks.
Which type of risk response should the healthcare provider use?

  • A. Risk transference
  • B. Risk acceptance
  • C. Risk avoidance
  • D. Risk mitigation

Answer: D

Explanation:
The correct answer is B - Risk mitigation.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, risk mitigation involves taking steps to reduce either the likelihood or the impact of risks. Since the healthcare provider plans to implement tools to lower the risks identified at the clinic, it is using a mitigation strategy, not avoiding, transferring, or simply accepting the risk.
Risk acceptance (A) means taking no action. Risk transference (C) shifts responsibility elsewhere, such as through insurance. Risk avoidance (D) involves eliminating the risky activity entirely.
Reference Extract from Study Guide:
"Risk mitigation is the process of implementing measures to reduce the likelihood or impact of identified risks, often through security controls or operational changes."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies


NEW QUESTION # 102
After a recent security assessment, it was discovered that many company devices have unnecessary ports opened to the network.
What should the company configure to fix this?

  • A. Intrusion detection system
  • B. Intrusion prevention system
  • C. Web application firewall
  • D. Device hardening

Answer: D

Explanation:
The correct answer is C - Device hardening.
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that device hardening involves reducing vulnerabilities by disabling unnecessary services, ports, and features. Closing unneeded network ports minimizes the attack surface and strengthens device security.
An intrusion prevention system (A) monitors and blocks threats but does not close ports directly. A web application firewall (B) protects web apps, not device configurations. An intrusion detection system (D) only alerts but does not proactively secure devices.
Reference Extract from Study Guide:
"Device hardening minimizes vulnerabilities by disabling unnecessary services and ports, securing the system against network-based attacks."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Device Hardening and Secure Configuration


NEW QUESTION # 103
The DevSecOps team for an organization manages a continuous integration and continuous deployment (CI
/CD) pipeline for a three-tier web application. Management has asked the team to perform a series of comprehensive post-deployment tests to make sure that all of the components of the application can interact and function properly.
What should the team recommend?

  • A. Integration testing
  • B. Static code analysis
  • C. Package scanning
  • D. Dynamic code analysis

Answer: A

Explanation:
The correct answer is C - Integration testing.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), integration testing verifies that different modules or components of an application work together as intended. This type of testing is essential after deployment to ensure the overall system functions correctly across all tiers (e.g., web, application, and database layers).
Static code analysis (A) examines source code without execution. Dynamic code analysis (B) tests running code for vulnerabilities but not necessarily component interaction. Package scanning (D) reviews third-party libraries for vulnerabilities but does not test integration.
Reference Extract from Study Guide:
"Integration testing verifies that multiple components of an application function correctly when combined, ensuring end-to-end system reliability post-deployment."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Software Development and Testing


NEW QUESTION # 104
What is one purpose of an End User License Agreement?

  • A. Allow customers to legally distribute the application to other users
  • B. Allow customers to legally modify and compile the source code
  • C. Allow customers to legally use the software
  • D. Allow customers to legally create and sell a new version of the software

Answer: C

Explanation:
* AnEnd User License Agreement (EULA)is a legal contract between the software manufacturer and the user.
* The primary purpose of a EULA is togrant the user the right to use the software.
* It outlines the terms and conditions under which the software can be used.
* This can include restrictions on installation, distribution, and modification.
* The EULA helps protect the intellectual property rights of the software creator.
References:
* "Software Licensing Handbook" by Jeffrey I. Gordon.
* "Intellectual Property and Open Source" by Van Lindberg.


NEW QUESTION # 105
Which is true about access rights?

  • A. They are part of the System Development Life Cycle.
  • B. They are defined by the machine language.
  • C. They require the use of a compiler.
  • D. They limit users to permitted items.

Answer: D

Explanation:
Access rights are critical components of access control mechanisms in information security. They specify what actions users or systems can perform on specific resources, limiting them to only permitted items.
* Definition: Access rights, also known as permissions, are rules that define the allowed actions on a resource (e.g., read, write, execute).
* Implementation: Access rights are typically implemented using Access Control Lists (ACLs), Role-Based Access Control (RBAC), or other access control models.
* Purpose: The main goal is to enforce the principle of least privilege, ensuring that users can only access the resources necessary for their role.
References
* NIST Special Publication 800-53
* ISO/IEC 27001:2013
* "Computer Security: Principles and Practice" by William Stallings


NEW QUESTION # 106
Which action should an IT department take if an organization decides to expand its business by selling products online?

  • A. Market the company's products or services
  • B. Ensure that the strategic goals aligned with the organization's mission statement
  • C. Manage capital to ensure a successful website
  • D. Make sure the website can handle e-commerce transactions

Answer: D

Explanation:
When an organization decides to expand its business by selling products online, the IT department needs to ensure that the website is equipped to handle e-commerce transactions. This involves:
* Setting up a secure online payment system: Ensuring that payment gateways and encryption methods are in place to protect sensitive customer data.
* Scalability: Making sure the website infrastructure can handle increased traffic and transaction volumes without compromising performance.
* Integration: Ensuring the e-commerce platform is integrated with the organization's existing systems, such as inventory management, order fulfillment, and customer relationship management (CRM) systems.
* Compliance: Adhering to regulatory requirements and industry standards for online transactions, such as PCI DSS compliance for payment processing.
Therefore, making sure the website can handle e-commerce transactions is crucial for a successful online business expansion.
References
* Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.
* Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.


NEW QUESTION # 107
What is a common characteristic of a proprietary software license?

  • A. A business gains the right to use the software.
  • B. A business gains the right to distribute the software freely.
  • C. A business gains the right to modify the software's source code.
  • D. A business gains the right to own the software.

Answer: A

Explanation:
* Aproprietary software licensetypically grants a business or user theright to usethe software.
* Unlike open-source licenses, proprietary licenses do not usually allow modification, redistribution, or reverse engineering.
* The software remains the property of the company that created it, and the licensee is only granted specific, limited rights.
* Examples:Many enterprise software applications come with proprietary licenses that specify the terms of use.
References:
* "Open Source Licensing: Software Freedom and Intellectual Property Law" by Lawrence Rosen.
* "Proprietary Software Licenses Explained" from Software Engineering Institute.


NEW QUESTION # 108
What is a characteristic of algorithms?

  • A. No starting or stopping point
  • B. Random instructions
  • C. Unambiguous rules
  • D. Constantly changing

Answer: C

Explanation:
An algorithm is a defined set of step-by-step procedures or a set of rules to be followed to perform a specific task or solve a problem. Here are the characteristics that describe an algorithm:
* Unambiguous rules: Each step of an algorithm must be clearly defined and unambiguous. There should be no confusion in interpreting the instructions.
* Definiteness: The algorithm should have a clear starting and stopping point, leading to a precise output after a finite number of steps.
* Finiteness: Algorithms must terminate after a finite number of steps. They cannot run indefinitely.
* Input and Output: An algorithm should take zero or more inputs and produce at least one output.
Therefore, the correct answer is "Unambiguous rules," as it directly reflects the essential characteristic of an algorithm being precise and clear in its steps.
References
* Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, "Introduction to Algorithms," MIT Press.
* Donald E. Knuth, "The Art of Computer Programming," Addison-Wesley.


NEW QUESTION # 109
An employee needs to execute a program from the command line.
Which peripheral device should be used?

  • A. Hard drive
  • B. Keyboard
  • C. Speaker
  • D. Printer

Answer: B

Explanation:
* The employee needs to execute a program from the command line, which requires inputting commands into the computer.
* The primary device for inputting commands is the keyboard.
* Other options like the hard drive, speaker, and printer are not used for inputting commands.
* The hard drive is used for data storage.
* The speaker outputs sound.
* The printer outputs documents.
* Therefore, the correct peripheral device for this task is the keyboard.
References:
* "Computer Fundamentals" by Anita Goel, which discusses input devices and their uses.
* "The Principles of Information Systems" by Ralph Stair and George Reynolds, which details peripheral devices and their functions.


NEW QUESTION # 110
A company is preparing to test its disaster recovery plan, which includes procedures for restoringcritical systems in the event of a disruption. The company wants to conduct a test that is as close to a real disaster as possible without actually disrupting business operations.
Which disaster recovery test will meet the needs of the company?

  • A. Parallel simulation test
  • B. Tabletop exercise
  • C. Full interruption test
  • D. Walk-through test

Answer: A

Explanation:
The correct answer is B - Parallel simulation test.
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) defines a parallel simulation test as simulating a disaster recovery process where systems are restored at an alternate site without actually taking the primary systems offline. It allows organizations to test full restoration capabilities while avoiding disruption of live operations.
Walk-throughs (A) and tabletop exercises (D) are lower-impact simulations. Full interruption tests (C) would stop operations, which the company wants to avoid.
Reference Extract from Study Guide:
"Parallel simulation tests validate the ability to recover and operate critical systems at an alternate site without affecting primary business operations."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing Types


NEW QUESTION # 111
A company has discovered a vulnerability in its lightweight directory access protocol (LDAP) implementation, which could potentially allow unauthorized access to sensitive information. The company has decided to implement risk mitigation strategies to reduce the risk associated with this vulnerability.
Which risk mitigation strategy will meet the needs of the company?

  • A. Regularly backing up data stored in the LDAP server to prevent data loss in the event of a breach
  • B. Implementing strong authentication mechanisms and encryption protocols to secure communication between the LDAP server and clients
  • C. Conducting regular security awareness training for employees to prevent social engineering attacks targeting LDAP credentials
  • D. Implementing intrusion detection and prevention systems (IDPS) to monitor for suspicious activities and potential LDAP attacks

Answer: B

Explanation:
The correct answer is D - Implementing strong authentication mechanisms and encryption protocols to secure communication between the LDAP server and clients.
As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, securing LDAP communication and strengthening authentication directly addresses vulnerabilities related to unauthorized access. Using encryption protocols such as LDAP over SSL (LDAPS) ensures that credentials and sensitive data are transmitted securely.
Security awareness training (A) helps against social engineering but does not secure the LDAP system itself.
Backups (B) are a recovery measure, not a preventive one. IDPS (C) can detect attacks but does not directly secure the LDAP server against exploitation.
Reference Extract from Study Guide:
"Implementing strong authentication and encrypting communications for LDAP servers mitigates vulnerabilities by preventing unauthorized access and protecting sensitive information during transmission."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Services


NEW QUESTION # 112
A company recently updated its disaster recovery plan (DRP) to ensure business continuity in the event of a disruptive incident.
Which step will ensure the effectiveness of the DRP?

  • A. Training employees on their roles and responsibilities during a disaster
  • B. Reviewing and updating the DRP regularly to ensure it remains relevant
  • C. Performing a risk assessment of the company's information assets
  • D. Developing and implementing a testing plan for the DRP

Answer: D

Explanation:
The correct answer is A - Developing and implementing a testing plan for the DRP.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), testing the disaster recovery plan is critical to ensuring that it is functional and effective when an actual disruptive event occurs. Regularly scheduled DRP testing validates that recovery processes work as intended and that personnel are familiar with their responsibilities.
Reviewing (B) and training (D) are important but are supplementary activities. Risk assessment (C) is important for planning but does not test the DRP.
Reference Extract from Study Guide:
"Testing and exercising disaster recovery plans ensure operational readiness and reveal gaps or weaknesses that can be corrected before an actual event occurs."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery Testing and Validation


NEW QUESTION # 113
Management has asked its networking team to recommend a solution for direct communication between multiple virtual networks in the cloud. The solution must utilize the least amount of administrative effort.

  • A. Remote Desktop Protocol (RDP)
  • B. Virtual network peering
  • C. Domain Name System (DNS)
  • D. Virtual Local Area Network (VLAN)

Answer: B

Explanation:
Virtual Network Peeringallows two or more virtual networks to communicate through private IP addresses, enabling seamless traffic flow across resources in different networks withminimal configuration overhead.
Microsoft Azure Documentation (Network Peering):
"Virtual network peering seamlessly connects Azure virtual networks. The networks appear as one for connectivity purposes, and traffic is routed through Microsoft's backbone infrastructure." Unlike VPNs or complex routing configurations,peeringis simple,requires no downtime, and doesn't need encryption if networks are internal.
#WGU Course Alignment:
Domain:Information Systems and Architecture
Topic:Cloud architecture, network segmentation, and inter-VNET connectivity


NEW QUESTION # 114
What signals the development of scope creep?

  • A. An extension to the deadline of the project is requested.
  • B. Many unplanned features have been added to the original project.
  • C. Programmers are focused on a single feature.
  • D. The product does not satisfy all the requirements of the plan.

Answer: B

Explanation:
The development of scope creep is often signaled by the addition of many unplanned features to the original project. This indicates that the project scope is expanding beyond its initial boundaries. Key indicators include:
* Uncontrolled changesto the project scope.
* Continuous new requestsfrom stakeholders that were not part of the original requirements.
* Increased project complexityand difficulty in managing the project timeline and resources.
Scope creep can lead to delays, budget overruns, and project failure if not managed properly.
References
* Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.
* Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.


NEW QUESTION # 115
An application team manages a large farm of web servers on virtual machines in the cloud. The team wants to reduce the server load by caching static content. Adding a second layer of protection is also a requirement.
What should this team recommend in this scenario?

  • A. Firewall rule changes
  • B. Intrusion detection system (IDS)
  • C. Network address translation (NAT)
  • D. Reverse proxy

Answer: D

Explanation:
The correct answer is C - Reverse proxy.
As per the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, a reverse proxy server acts on behalf of web servers by caching static content (such as images, scripts, and HTML files), significantly reducing server load. It also provides an additional layer of protection by hiding the backend servers from direct exposure to clients and enabling centralized application of security policies such as SSL termination and Web Application Firewall (WAF) integration.
Firewall rule changes (A) manage access control but do not handle caching or reduce load. An IDS (B) monitors for intrusions but doesn't offload traffic or cache content. NAT (D) translates IP addresses but doesn't cache content or add a protection layer.
Reference Extract from Study Guide:
"A reverse proxy server provides caching capabilities for static content and acts as a protective intermediary between client requests and backend servers, thus reducing server load and enhancing security."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Network Design Concepts


NEW QUESTION # 116
An organization sends customers e-mail messages based on their purchase patterns.
Which characteristic of quality data does this represent?

  • A. Thorough
  • B. Timely
  • C. Accurate
  • D. Relevant

Answer: D

Explanation:
The characteristic of quality data represented here is relevance. When an organization sends customers email messages based on their purchase patterns, it ensures that the information is relevant to the customers' interests and needs. Relevant data is tailored to the specific context in which it is used, enhancing its value and effectiveness.


NEW QUESTION # 117
Which risk management strategy will ensure the secure configuration and deployment of a new supply chain management system and prevent identity theft?

  • A. Configuration of the system to disable all universal serial bus (USB) ports on all workstations
  • B. Implementation of multifactor authentication for all user accounts
  • C. Use of a strict firewall policy to restrict access to the system's server
  • D. Implementation of regular vulnerability scans and patch management

Answer: B

Explanation:
The correct answer is D - Implementation of multifactor authentication for all user accounts.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), multifactor authentication (MFA) strengthens identity verification by requiring multiple forms of credentials, significantly reducing the risk of identity theft.
Firewalls (A) and USB port controls (B) improve system security but do not directly prevent identity theft.
Vulnerability scanning and patch management (C) address software weaknesses but not user authentication.
Reference Extract from Study Guide:
"Multifactor authentication (MFA) enhances user account security by requiring multiple verification factors, making it significantly harder for attackers to commit identity theft."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Best Practices


NEW QUESTION # 118
......

Cybersecurity-Architecture-and-Engineering Dumps Full Questions - Exam Study Guide: https://examcollection.guidetorrent.com/Cybersecurity-Architecture-and-Engineering-dumps-questions.html

Related Articles

more
WGU Cybersecurity-Architecture-and-Engineering Certification Practice Exam