WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

Themost sustainable solutionto eliminate security risks associated with legacy systems is toupgrade themto supported versions that receive security updates and patches.

NIST SP 800-128 (Guide for Security-Focused Configuration Management):

“Systems running unsupported or outdated software must be prioritized for upgrade to ensure that known vulnerabilities are mitigated.”

While short-term isolation may work temporarily, it does not address theroot causeor meet compliance requirements long-term.

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Perform lifecycle management and upgrade legacy systems

The correct answer is B — Firewall.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), firewalls are critical for securing external network perimeters by filtering incoming and outgoing traffic based on predefined security rules. This control is a foundational requirement under FISMA to prevent unauthorized access.

IDS/IPS (A) monitor and detect attacks but are secondary to establishing the initial network boundary. Access controls (C) manage user permissions inside a system. Network segmentation (D) divides internal networks but does not protect the external boundary.

Reference Extract from Study Guide:

"Firewalls are the first line of defense for securing external networks, providing traffic filtering to prevent unauthorized access, aligning with FISMA compliance requirements."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Fundamentals

=============================================

Fiber optic communications use light waves to transmit data.

This method allows for high-speed and long-distance data transmission.

The other options:

Radio towers use radio waves.

Twisted pair uses electrical signals.

Coaxial also uses electrical signals.

Therefore, the correct communication medium that uses light waves is fiber optic.

The correct answer is A — Conducting regular vulnerability assessments and penetration testing.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, performing vulnerability assessments and penetration testing helps identify weaknesses in both hardware and virtual environments. Regular testing ensures that any hardware-related vulnerabilities are discovered and addressed before they can be exploited.

Disabling CPU virtualization support (B) would prevent virtual machines from running, defeating the purpose. A web application firewall (C) monitors traffic at the application layer but does not address hardware risks. Access control policies (D) are important but not directly tied to detecting hardware vulnerabilities.

Reference Extract from Study Guide:

"Regular vulnerability assessments and penetration testing identify weaknesses in hardware and software environments, providing critical insights for maintaining a hardened and secure posture."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Security Testing and Assessment

=============================================

The correct answer is B — Advanced Encryption Standard (AES).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), AES is a widely adopted symmetric encryption standard that ensures the confidentiality and integrity of sensitive data, including patient health information, which HIPAA mandates to protect. AES is considered highly secure and efficient for encrypting stored or transmitted healthcare data.

WEP (A) is outdated and insecure. SMTP (C) is a protocol for sending emails, not encryption. RSA (D) is an asymmetric encryption method typically used for key exchanges, not bulk data encryption.

Reference Extract from Study Guide:

"Advanced Encryption Standard (AES) is recommended for encrypting sensitive healthcare data, providing strong protection for confidentiality and integrity in HIPAA-regulated environments."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Encryption Standards and Regulatory Compliance

=============================================

Electronic Codebook (ECB)is thesimplest modeof block cipher operation, but it encrypts each blockindependently, which results inidentical ciphertext for identical plaintext blocks— making itunsafe for use with structured or repetitive data.

NIST SP 800-38A (Recommendation for Block Cipher Modes of Operation):

“ECB reveals patterns in plaintext and should not be used when such patterns are meaningful and predictable.”

Though efficient, ECB lackssemantic securityand is rarely recommended in practice.

🔹WGU Course Alignment:

Domain:Cryptography

Topic:Evaluate block cipher modes for appropriate use cases

Access rights are critical components of access control mechanisms in information security. They specify what actions users or systems can perform on specific resources, limiting them to only permitted items.

Definition: Access rights, also known as permissions, are rules that define the allowed actions on a resource (e.g., read, write, execute).

Implementation: Access rights are typically implemented using Access Control Lists (ACLs), Role-Based Access Control (RBAC), or other access control models.

Purpose: The main goal is to enforce the principle of least privilege, ensuring that users can only access the resources necessary for their role.

References

NIST Special Publication 800-53

ISO/IEC 27001:2013

"Computer Security: Principles and Practice" by William Stallings

The correct answer is B — Sixteen characters with at least one letter, one number, and one symbol.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, strong password policies must enforce a minimum length (preferably 12 to 16 characters) and require complexity, including uppercase and lowercase letters, numbers, and special characters. Sixteen-character passwords that include varied character types greatly increase the difficulty for attackers using brute-force or dictionary attacks.

Options A, C, and D either lack complexity or have too few characters, making them vulnerable to attacks.

Reference Extract from Study Guide:

"A strong password should be at least 12–16 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters to maximize resistance to brute-force attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and AccessManagement Concepts

=============================================

Desktops typically have more memory (RAM) and internal storage (hard drives or SSDs) compared to handheld computers. This allows desktops to handle more intensive computingtasks and store larger amounts of data. Handheld devices, on the other hand, prioritize portability and battery life over high storage and memory capacity.

The correct answer is D — Implementation of licensing technologies in order to restrict unauthorized access to the system.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), using licensing technologies helps prevent software piracy by ensuring that only authorized users with valid licenses can access and operate the system. License management solutions validate user access and reduce unauthorized duplication or usage of proprietary software.

Disabling external devices (A) protects against physical data theft but not piracy. Encrypting patient data (B) protects confidentiality but not against software piracy. Virus scanning (C) detects malware, not unauthorized software copying.

Reference Extract from Study Guide:

"Licensing technologies enforce legal software use and prevent unauthorized access, helping organizations protect intellectual property and defeat piracy efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Software and Intellectual Property Protection

=============================================