WGU WGU Cybersecurity Architecture and Engineering (KFO1/D488) Cybersecurity-Architecture-and-Engineering Exam Dumps: Updated Questions & Answers (October 2025)

Before taking disruptive actions,identification and threat classificationmust occur. Cross-referencing againstknown malicious IP lists(e.g., threat intelligence feeds) helps determine if the address is benign, malicious, or compromised.

NIST SP 800-61 Rev. 2 (Computer Security Incident Handling Guide):

“Security teams should validate the threat source by comparing it to blacklists and threat intelligence before containment steps are taken.”

Blocking or rate-limiting prematurely may disrupt legitimate activity, makingintelligence-based comparisonthe prudent first step.

????WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Perform traffic analysis and threat intelligence correlation

The correct answer is D — Implementation of multifactor authentication for all user accounts.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), multifactor authentication (MFA) strengthens identity verification by requiring multiple forms of credentials, significantly reducing the risk of identity theft.

Firewalls (A) and USB port controls (B) improve system security but do not directly prevent identity theft. Vulnerability scanning and patch management (C) address software weaknesses but not user authentication.

Reference Extract from Study Guide:

"Multifactor authentication (MFA) enhances user account security by requiring multiple verification factors, making it significantly harder for attackers to commit identity theft."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Best Practices

Desktops typically have more memory (RAM) and internal storage (hard drives or SSDs) compared to handheld computers. This allows desktops to handle more intensive computingtasks and store larger amounts of data. Handheld devices, on the other hand, prioritize portability and battery life over high storage and memory capacity.

The correct answer is B — Wireless intrusion prevention system (WIPS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a WIPS actively monitors wireless networks for unauthorized access points and malicious activity, such as man-in-the-middle (MITM) attacks. It can automatically detect, alert, and prevent wireless threats in real time, which is exactly what the organization requires to counteract MITM attacks on the wireless network.

A SIEM (A) collects logs and generates alerts but does not prevent wireless attacks. An inline encryptor (C) encrypts data but does not prevent wireless attacks. A Layer 3 switch (D) operates at the network layer and does not prevent wireless-specific threats.

Reference Extract from Study Guide:

"A wireless intrusion prevention system (WIPS) detects and prevents unauthorized access points and malicious wireless activity, including man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless Security and Threat Prevention

=============================================

Next-Generation Firewalls (NGFWs)offer a unified solution that includes traditional packet filtering andadvanced detection featureslike Intrusion Detection and Prevention (IDPS). This makes them the most efficient and scalable option for replacing legacy firewalls in modern environments.

NIST SP 800-94 Rev. 1 (Guide to Intrusion Detection and Prevention Systems):

“NGFWs integrate IDS/IPS features with traffic inspection, enabling detection and prevention of attacks in real time.”

????WGU Course Alignment:

Domain:Security Operations

Topic:Implement detection and prevention solutions (e.g., NGFWs, IDS/IPS)

The correct answer is D — Host-based intrusion detection system (HIDS).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a HIDS monitors individual servers or endpoints for suspicious activity and potential breaches. It provides real-time detection of unauthorized access and unusual behaviors on hosts.

HSM (A) protects cryptographic keys. Two-factor authentication (B) strengthens user authentication but does not monitor server activity. Antivirus tools (C) detect malware but are not designed to detect broader suspicious behaviors.

Reference Extract from Study Guide:

"Host-based intrusion detection systems (HIDS) monitor individual servers for unauthorized activities, unauthorized access attempts, and changes to critical system files."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Intrusion Detection Systems

=============================================

The correct answer is D — Configuring third-party authentication with Security Assertion Markup Language (SAML).

According to the WGU KFO1 / D488 Study Guide, SAML enables Single Sign-On (SSO) and federated identity across different domains by securely exchanging authentication and authorization data between an identity provider (such as an organization's Active Directory Federation Services) and a service provider (such as Azure). This allows on-premises users to log into cloud services using their existing corporate credentials.

TLS (A) provides secure communication but does not manage identity federation. 2FA (B) strengthens authentication but is not about identity federation setup. LDAP (C) is a protocol for accessing directory services, not specifically designed for federation across cloud platforms.

Reference Extract from Study Guide:

"SAML is used to implement Single Sign-On (SSO) and federated identity management, allowing organizations to extend on-premises authentication capabilities to cloud services seamlessly."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Concepts

The correct answer is B — Risk mitigation.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) course content, risk mitigation involves taking steps to reduce either the likelihood or the impact of risks. Since the healthcare provider plans to implement tools to lower the risks identified at the clinic, it is using a mitigation strategy, not avoiding, transferring, or simply accepting the risk.

Risk acceptance (A) means taking no action. Risk transference (C) shifts responsibility elsewhere, such as through insurance. Risk avoidance (D) involves eliminating the risky activity entirely.

Reference Extract from Study Guide:

"Risk mitigation is the process of implementing measures to reduce the likelihood or impact of identified risks, often through security controls or operational changes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Response Strategies

Professional associations are vital for IT professionals because they:

Provide up-to-date training: Offering courses, certifications, and workshops to keep members current with the latest technologies, practices, and industry standards.

Networking opportunities: Facilitating connections with other professionals in the field, which can lead to job opportunities and collaborations.

Professional development: Offering resources and support for career growth and development.

Industry standards and best practices: Providing guidelines and frameworks to ensure high-quality work and ethical practices.

Staying engaged with professional associations helps IT professionals remain knowledgeable and competent in their field.

References

CompTIA, "Advancing the Global IT Industry."

ISACA, "Building a Better Digital World."

A system requirement that involves preventing unauthorized access to data is aSecurityrequirement. Security requirements ensure that the system:

Protects data integrity: Ensuring data is accurate and unchanged by unauthorized users.

Maintains confidentiality: Preventing unauthorized access to sensitive information.

Ensures availability: Making sure that data and resources are available to authorized users when needed.

Security requirements are critical for safeguarding the system against threats and vulnerabilities.

References

Dieter Gollmann, "Computer Security," Wiley.

Ross Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems," Wiley.