WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

Logging and monitoringendpoint activity enables early detection of unauthorized access, suspicious file changes, or user behavior anomalies that may indicate an insider threat or external breach.

NIST SP 800-137 (Information Security Continuous Monitoring):

“Endpoint logging and behavior monitoring are essential for detecting unauthorized access to sensitive information, especially in healthcare environments governed by HIPAA.”

This control supportsreal-time alerting,incident response, andcompliance auditingfor patient data (ePHI).

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement endpoint monitoring and logging for healthcare compliance (e.g., HIPAA)

End-of-life (EOL) systemspose a significant security risk because they no longer receive patches or security updates. Themost effective and proactive hardening techniquein this case is tocompletely remove those systems from the network.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems no longer supported by vendors must be removed, replaced, or isolated as they pose unacceptable risks.”

Other controls are useful for broader protection, but if a system is inherently vulnerable and cannot be patched,removal is the only surefire solution.

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement system hardening strategies and manage legacy systems

A compiler translates high-level programming language code into machine code, creating an executable program.

Process: The compiler goes through various phases such as parsing, semantic analysis, and optimization to produce the final machine code.

Purpose: This machine code can be executed by the computer's processor at a later time without the need for the original source code.

References

"Programming Language Pragmatics" by Michael L. Scott

"Modern Compiler Implementation in C" by Andrew W. Appel

AData Protection Impact Assessment (DPIA)is a formal process toassess the risks to personal data privacybefore implementing systems or technologies that handle personal data, especially under regulations likeGDPRor HIPAA.

NIST Privacy Framework v1.0 (Appendix D):

“A DPIA helps organizations systematically analyze, identify, and minimize the data protection risks of a project or plan involving personal information.”

While BCP and DR focus on operational resilience, DPIA isprivacy-focusedand risk-driven.

🔹WGU Course Alignment:

Domain:Risk Management and Privacy Engineering

Topic:Conduct privacy impact assessments for systems processing personal data

The correct answer is D — Review.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that the review phase of the risk management cycle involves evaluating whether the implemented controls are effective over time. Conducting regular risk assessments after deployment falls under the review process.

Control (A) is about applying mitigations. Assess (B) happens earlier during initial evaluation. Identify (C) was done before applying the controls.

Reference Extract from Study Guide:

"Reviewing the effectiveness of risk control strategies through ongoing assessments ensures continuous improvement in risk management practices."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Review and Continuous Improvement

The correct answer is A — Implementing two-factor authentication.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.

Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials. SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.

Reference Extract from Study Guide:

"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

=============================================

The correct answer is C — Restrict access to the backups.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in protecting sensitive data such as cloud backups is enforcing access controls to limit who can access the data. Restricting access immediately mitigates the risk of unauthorized exposure or tampering.

Auditing access logs (A) provides insight but does not actively protect. Running vulnerability scans (B) identifies issues but does not protect immediately. Disabling repositories (D) is not practical for maintaining backup availability.

Reference Extract from Study Guide:

"Access control is the first line of defense for sensitive data repositories, ensuring that only authorized users can access backup data."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Access Control

=============================================

The correct answer is C — Impact.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, when evaluating the severity of an incident, the immediate and potential impact on operations, patient care, finances, or reputation is the most critical factor. In this scenario, the interruption to patientcare due to encrypted records signifies a major operational impact, making it the most important consideration.

Threat actors (A) identify who is behind the attack, not the severity. Risk (B) encompasses impact and likelihood but is broader. Likelihood (D) concerns the probability of an event happening, not its current severity.

Reference Extract from Study Guide:

"Impact refers to the actual or potential harm that results from a security incident, including effects on operations, financial loss, or harm to individuals."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Incident Response and Management

=============================================

The correct answer is D — By providing over-the-air updates.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that over-the-air(OTA) updates allow organizations to remotely deploy patches and updates to mobile devices without requiring users to manually visit a central location. This method is essential for maintaining security for a geographically dispersed workforce.

Remote module updates (A), tokenized container updates (B), and mobile station updates (C) are not standard or widely recognized terms for mobile device update practices in this context.

Reference Extract from Study Guide:

"Over-the-air (OTA) updates ensure that security patches and software updates can be remotely deployed to mobile devices, supporting business continuity and device security."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Management and Security

=============================================

The correct answer is A — Tactical.

Based on WGU Cybersecurity Architecture and Engineering (KFO1 / D488) study material, tactical threat intelligence provides technical details such as indicators of compromise (IOCs), IP addresses, file hashes, domain names, and other evidence needed to detect and respond to threats immediately. This type of intelligence is used by security teams to perform real-time monitoring and incident response.

Operational intelligence (C) addresses campaigns or actor behavior but is not immediately actionable. Strategic intelligence (D) provides high-level, long-term threat trends. Commodity malware (B) refers to low-level malware types, not intelligence classifications.

Reference Extract from Study Guide:

"Tactical threat intelligence focuses on technical indicators of compromise (IOCs) and immediate actionable information that responders use to detect and contain active threats."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Intelligence Concepts

=============================================