WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.

OWASP Secure Coding Practices – Error Handling and Logging:

“Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details.”

HTTPS secures transport, but doesn't addressinformation disclosurevia error output.

🔹WGU Course Alignment:

Domain:Information Systems and Architecture

Topic:Implement secure design practices (e.g., error handling, obfuscation)

Recovery Time Objective (RTO)refers to themaximum acceptable amount of timea system or service can be offline after a disasterbefore significant impact occurs.

NIST SP 800-34 Rev. 1:

“RTO is the maximum tolerable length of time that a system or application can be unavailable after an incident before significantly impacting business operations.”

BIA identifies impacts, while RTO quantifiestime-to-recovery tolerance.

🔹WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Define and use RTO metrics in disaster planning

The correct answer is C — Stream ciphers.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content explains that stream ciphers encrypt data bit-by-bit or byte-by-byte, making them highly efficient and suitable for real-time applications like video conferencing where low latency is critical.

Block ciphers (A) encrypt large chunks of data, causing latency. Asymmetric encryption (B) is too slow for real-time data streams. Hash functions (D) are used for data integrity, not for ongoing data encryption.

Reference Extract from Study Guide:

"Stream ciphers encrypt data continuously and are ideal for real-time applications such as video or audio streaming where low latency is essential."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Technologies

Short-term storage of data on a motherboard is managed by Random Access Memory (RAM).

RAM is volatile memory, meaning it temporarily stores data that is actively being used or processed by the CPU.

The other options:

The hard drive is used for long-term storage.

BIOS (Basic Input/Output System) is firmware for hardware initialization.

Read Only Memory (ROM) is used for permanent data storage that doesn't change.

Thus, RAM is the correct answer for short-term data storage.

The correct answer is C — Implementation of secure user authentication protocols.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that secure authentication mechanisms, like strong passwords, multifactor authentication, and session management, prevent unauthorized access and impersonation, thus helping prevent cheating inlearning platforms.

Firewall policies (A) and disabling Bluetooth (B) harden systems but do not directly address authentication. Software updates (D) protect against system vulnerabilities but not user integrity.

Reference Extract from Study Guide:

"Secure authentication protocols ensure that users accessing learning management systems are properly verified, reducing risks of impersonation and cheating."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Access Control and Identity Verification

=============================================

TheCentral Processing Unit (CPU)is the primary component of a computer that performs most of the processing inside a computer.

Carrying out the instructions of a computer program: The CPU executes program instructions, which are the basic tasks that tell the computer what to do.

Containing an arithmetic logic unit (ALU): The ALU performs all arithmetic and logic operations, such as addition, subtraction, and comparison.

The CPU also manages data flow between the computer's other components.

It fetches instructions from memory, decodes them, and then executes them, which involves performing calculations and making decisions.

The correct answer is D — Configuring third-party authentication with Security Assertion Markup Language (SAML).

According to the WGU KFO1 / D488 Study Guide, SAML enables Single Sign-On (SSO) and federated identity across different domains by securely exchanging authentication and authorization data between an identity provider (such as an organization's Active Directory Federation Services) and a service provider (such as Azure). This allows on-premises users to log into cloud services using their existing corporate credentials.

TLS (A) provides secure communication but does not manage identity federation. 2FA (B) strengthens authentication but is not about identity federation setup. LDAP (C) is a protocol for accessing directory services, not specifically designed for federation across cloud platforms.

Reference Extract from Study Guide:

"SAML is used to implement Single Sign-On (SSO) and federated identity management, allowing organizations to extend on-premises authentication capabilities to cloud services seamlessly."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and Access Management Concepts

A system requirement that involves preventing unauthorized access to data is aSecurityrequirement. Security requirements ensure that the system:

Protects data integrity: Ensuring data is accurate and unchanged by unauthorized users.

Maintains confidentiality: Preventing unauthorized access to sensitive information.

Ensures availability: Making sure that data and resources are available to authorized users when needed.

Security requirements are critical for safeguarding the system against threats and vulnerabilities.

References

Dieter Gollmann, "Computer Security," Wiley.

Ross Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems," Wiley.

The correct answer is A — Implementing secure encrypted enclaves and Advanced Micro Devices (AMD) Secure Memory Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that encryption at the memory level (such as AMD SME) and secure enclaves protect data in volatile memory, safeguarding it even if physical attacks occur.

Security training (B), antivirus (C), and password policies (D) improve security generally but do not specifically address data in volatile memory.

Reference Extract from Study Guide:

"Encrypted enclaves and secure memory encryption protect sensitive data in volatile storage, maintaining confidentiality and integrity even during advanced attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Server and Memory Security Controls

=============================================

The correct answer is C — Structured Query Language (SQL) injection attacks.

As per WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a Web Application Firewall (WAF) protects web applications by filtering and monitoring HTTP traffic. It isspecifically effective against attacks such as SQL injection, cross-site scripting (XSS), and other application-layer vulnerabilities.

Phishing (A) and social engineering (D) involve human deception, not web application vulnerabilities. Brute force attacks (B) typically target authentication but are not the primary focus of a WAF.

Reference Extract from Study Guide:

"A web application firewall (WAF) detects and prevents attacks against web applications, including SQL injection and cross-site scripting (XSS)."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Firewall and Threat Protection

=============================================