WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

ChaChais a modern, high-performancestream cipherderived from Salsa20, known for its resistance to timing attacks and its use inTLS 1.3 and mobile securitydue to its efficiency and security. When paired withPoly1305, it provides bothencryption and authentication.

RFC 8439 (ChaCha20 and Poly1305 for IETF Protocols):

“ChaCha20 is a secure cipher designed for high-speed software implementations. It is robust against side-channel and cryptanalytic attacks and is used in conjunction with Poly1305 for authenticated encryption.”

CBC, ECB, and CTR are block cipher modes, not stream ciphers.

🔹WGU Course Alignment:

Domain:Cryptography

Topic:Identify secure and modern stream ciphers for real-time encryption

AHost-based Intrusion Detection and Prevention System (HIDPS)can detect unauthorized activity or suspicious changesat the OS level, including those specifically targetingLinux kernel modules, services, or rootkits.

NIST SP 800-94 Rev. 1:

“HIDPS software runs on individual hosts or devices in the network, analyzing inbound and outbound packets and alerting administrators to suspicious activity.”

HIDPS is especially effective in server environments wherekernel-level visibilityis critical.

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement and monitor HIDPS on enterprise Linux servers

Geo-IP filtering at the firewallis a well-established method of blocking traffic from regions that the organization does not do business with or has no legitimate presence in.

NIST SP 800-41 Rev. 1 (Guidelines on Firewalls):

“Firewalls can be configured to block traffic based on geolocation or IP ranges to reduce exposure to known hostile regions.”

Firewalls are thefirst line of defensein the network perimeter; adjusting SIEM rules doesn’t actively block access.

🔹WGU Course Alignment:

Domain:Network Security

Topic:Implement firewall filtering rules for geographic and IP-based restrictions

The correct answer is B — Regularly backing up the data stored in the POS system and having a disaster recovery plan can help ensure that the system is available in the event of a security incident or system failure.

As explained in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), backing up critical systems and establishing a disaster recovery plan ensures business continuity and system availability even after incidents like hardware failures, cyberattacks, or data corruption.

While intrusion detection (A), access control (C), and patch management (D) contribute to overall security, backups and disaster recovery specifically ensure availability.

Reference Extract from Study Guide:

"Data backups and disaster recovery planning are essential controls to ensure system availability during and after a security incident or technical failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Continuity and Disaster Recovery

=============================================

The correct answer is D — Measured boot.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that Measured Boot, often implemented with Trusted Platform Modules (TPMs), ensures that each component of theboot process is verified for integrity. It provides cryptographic evidence that the system's startup sequence has not been tampered with.

Two-factor authentication (A) secures user logins but does not verify boot integrity. IDS (B) monitors network or host behavior but does not protect the boot process. HSM (C) secures cryptographic operations, not the system boot.

Reference Extract from Study Guide:

"Measured Boot verifies the integrity of the boot process, providing assurance that the system has not been compromised during startup."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System Hardening and Trusted Computing

=============================================

The correct answer is D — Installing endpoint protection software.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that endpoint protection (including antivirus, anti-malware, and endpoint detection and response) is critical for detecting,blocking, and removing commodity malware like ransomware and Trojans.

Firewalls (A) help with perimeter security but don't directly block malware on endpoints. Rerouting communications (B) is not a standard protection method. Two-factor authentication (C) secures logins but does not protect systems from malware infection.

Reference Extract from Study Guide:

"Endpoint protection software defends individual systems against malware threats by detecting, blocking, and removing malicious files and processes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Security Solutions

=============================================

The correct answer is C — Device hardening.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that device hardening involves reducing vulnerabilities by disabling unnecessary services, ports, and features. Closing unneeded network ports minimizes the attack surface and strengthens device security.

An intrusion prevention system (A) monitors and blocks threats but does not close ports directly. A web application firewall (B) protects web apps, not device configurations. An intrusion detection system (D) only alerts but does not proactively secure devices.

Reference Extract from Study Guide:

"Device hardening minimizes vulnerabilities by disabling unnecessary services and ports, securing the system against network-based attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Device Hardening and Secure Configuration

=============================================

Data is considered information when it has been processed and organized in a meaningful way. Raw data in its unprocessed state is not useful until it undergoes processing to become interpretable and actionable information. Processing can involve sorting, aggregating, and analyzing data to extract valuable insights.

When an organization decides to expand its business by selling products online, the IT department needs to ensure that the website is equipped to handle e-commerce transactions. This involves:

Setting up a secure online payment system: Ensuring that payment gateways and encryption methods are in place to protect sensitive customer data.

Scalability: Making sure the website infrastructure can handle increased traffic and transaction volumes without compromising performance.

Integration: Ensuring the e-commerce platform is integrated with the organization's existing systems, such as inventory management, order fulfillment, and customer relationship management (CRM) systems.

Compliance: Adhering to regulatory requirements and industry standards for online transactions, such as PCI DSS compliance for payment processing.

Therefore, making sure the website can handle e-commerce transactions is crucial for a successful online business expansion.

References

Efraim Turban, Judy Whiteside, David King, and Jon Outland, "Introduction to Electronic Commerce and Social Commerce," Springer.

Laudon, K.C. and Traver, C.G., "E-commerce 2020-2021: Business, Technology, Society," Pearson.

The correct answer is C — HTTP interceptor.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), an HTTP interceptor is a tool or method used to capture, inspect, and manipulate HTTP/S traffic between aclient and server. It allows testers to identify security vulnerabilities such as improper input validation, session management flaws, and exposure of sensitive data.

A Bastion scanner (A) is not a standard tool for traffic inspection. Port scanners (B) check for open ports but do not inspect HTTP traffic content. Domain interceptors (D) are not a recognized testing tool in this context.

Reference Extract from Study Guide:

"HTTP interceptors allow for the inspection and manipulation of web traffic, helping to identify application vulnerabilities prior to deployment."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security Testing

=============================================