WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.

Example: In the URL "http://www.example.com/index.html":

"http" is the protocol.

"www.example.com" is the domain name.

"/index.html" is the resource path ID.

The other options:

The protocol specifies the communication method.

The resource path ID specifies the specific page or resource on the server.

The IP address is not typically visible in the URL itself but can be resolved via DNS.

Therefore, the domain name is the correct part that identifies the server.

The correct answer is D — Recovery point objective (RPO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RPO defines the maximum amount of data loss that is tolerable in terms of time. It sets the backup frequency to ensure that in the event of a disruption, no more than the specified amount of data is lost.

Continuous data protection (A) is a method but not the term for the metric. BIA (B) identifies impacts but does not define backup timing. DR (C) refers to the overall recovery process, not backup frequency.

Reference Extract from Study Guide:

"Recovery point objective (RPO) defines the maximum age of files that must be recovered from backup storage for normal operations to resume after a failure."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Recovery Objectives

=============================================

The correct answer is A — They act as an initial defense layer for potential threats.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), security edge devices such as firewalls, secure web gateways, and intrusion prevention systems (IPS) are placed at the network perimeter to serve as the first layer of defense against external threats.

DDoS protection (B) may be part of a broader security solution but is not the main role of general edge devices. SIEM modules (C) collect and correlate logs, not defend at the perimeter. TPM devices (D) are hardware-based cryptographic modules, not network edge defenses.

Reference Extract from Study Guide:

"Security edge devices provide the first line of defense against external threats by monitoring, filtering, and blocking malicious traffic entering the corporate network."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security and Perimeter Defense

The System Development Life Cycle (SDLC) is a process used for planning, creating, testing, and deploying an information system. It involves several stages, including requirements gathering, system design, implementation, testing, deployment, and maintenance. The SDLC ensures that the system meets the needs of users and is developed in a structuredand efficient manner.

Private Information Retrieval (PIR)allows a user to retrieve data from a server without revealingwhich datais being requested. It’s aprivacy-preserving protocolprimarily used in secure databases and web applications.

ACM Computing Surveys – Private Information Retrieval:

“PIR enables users to query a database without disclosing the identity of the item being retrieved, maintaining the user’s privacy.”

Homomorphic encryption protects data during processing, while PIR protectsaccess patterns.

🔹WGU Course Alignment:

Domain:Cryptography and Privacy Engineering

Topic:Apply PIR techniques for private querying in databases

Competitorsare known to engage in corporate espionage for business advantage. When intellectual property is targeted (like eBooks, videos), it often indicates acommercial motive, rather than political (hacktivist), state-sponsored (APT), or random (novice hacker) reasons.

NIST SP 800-30 Rev. 1 (Guide for Conducting Risk Assessments):

“Threat sources include adversarial actors such as competitors seeking proprietary or confidential business information.”

The data theft of commercial products strongly aligns with anadversarial actor motivated by business gain, a hallmark of competitor-driven threat modeling.

🔹WGU Course Alignment:

Domain:Security Models and Design

Topic:Understand threat actor types and motivations (e.g., competitors, insiders, nation-states)

Data Loss Prevention (DLP)systems are specifically designed todetect, monitor, andpreventunauthorized attempts to access, transmit, or extract sensitive data — including email, removable media, and cloud uploads.

NIST SP 800-207A (Data Protection):

“DLP systems are used to prevent sensitive information from being transmitted outside of a trusted boundary by monitoring and enforcing content-based policies.”

IDS and IPS detect threats but do notfocus on protecting data from being exfiltrated. MFA protects user identities, not data leakage.

🔹WGU Course Alignment:

Domain:Security Operations and Monitoring

Topic:Implement DLP controls to protect sensitive data from unauthorized extraction

The correct order of project phases according to the Project Management Institute (PMI) and other standard project management methodologies is:

Initiation: This phase involves defining the project at a high level and getting approval to start.

Planning: In this phase, detailed planning is done to set the project's scope, objectives, and procedures.

Executing: This phase is where the project plan is put into action and the project deliverables are created.

Monitoring and Controlling: This phase involves tracking, reviewing, and regulating the project’s progress and performance, ensuring that everything aligns with the project plan.

Closing: This is the final phase, where the project is formally closed, and final deliverables are handed over.

References

Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)," PMI.

Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.

The correct answer is A — Homomorphic encryption.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), homomorphic encryption allows computations to be performed directly on encrypted data without needing to decrypt it first. This ensures the confidentiality of the data even during processing.

SFE (B) allows two parties to jointly compute a function without revealing inputs but is not the same. SSL (C) secures communication channels. PIR (D) is for retrieving information privately, not computing on encrypted data.

Reference Extract from Study Guide:

"Homomorphic encryption allows operations on encrypted data, enabling secure processing by third parties without exposing underlying data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Advanced Encryption Techniques

=============================================

The correct answer is C — Data Protection Impact Assessment (DPIA).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a DPIA is conducted to assess how personal data is collected, stored, and processed, evaluating potential privacy impacts and defining measures to mitigate risks. This is essential for compliance with privacy laws and regulations, especially in systems handling sensitive customer information.

DR (A) and BCP (B) are about operational recovery, not data privacy. Risk management (D) is broader and not focused solely on privacy impact.

Reference Extract from Study Guide:

"A Data Protection Impact Assessment (DPIA) evaluates the effects of processing activities on the privacy of individuals and develops strategies to mitigate privacy risks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Privacy and Protection Strategies

=============================================