WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

The correct answer is C — Encrypting data.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that encryption is the best defense against man-in-the-middle attacks because even if traffic is intercepted, the data remains unreadable without the appropriate decryption keys.

Disabling Wi-Fi (A) is not practical and does not eliminate MITM threats entirely. Password policies (B and D) strengthen account security but do not protect data transmission.

Reference Extract from Study Guide:

"Encryption ensures the confidentiality of data in transit, preventing unauthorized parties from accessing the content even during man-in-the-middle attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Transmission Security

=============================================

The correct answer is B — Mandatory vacation.

According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) coursework, mandatory vacation policies require employees to take time off, during which their duties are either paused or performed by others. This break can reveal fraudulent activities, as the original employee cannot cover up their misconduct during their absence.

Separation of duties (A) prevents a single person from controlling critical processes but is not about temporarily removing an employee. Job rotation (C) moves employees between rolesregularly but doesn't enforce a break. Least privilege (D) restricts access but does not address uncovering hidden misconduct.

Reference Extract from Study Guide:

"Mandatory vacations help detect fraudulent activities, as employee absence can expose irregularities that would otherwise remain hidden through continuous control over processes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Administrative Security Controls

=============================================

The characteristic of quality data represented here is relevance. When an organization sends customers email messages based on their purchase patterns, it ensures that the information is relevant to the customers' interests and needs. Relevant data is tailored to the specific context in which it is used, enhancing its value and effectiveness.

The correct answer is D — Implementing strong authentication mechanisms and encryption protocols to secure communication between the LDAP server and clients.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, securing LDAP communication and strengthening authentication directly addresses vulnerabilities related to unauthorized access. Using encryption protocols such as LDAP over SSL (LDAPS) ensures that credentials and sensitive data are transmitted securely.

Security awareness training (A) helps against social engineering but does not secure the LDAP system itself. Backups (B) are a recovery measure, not a preventive one. IDPS (C) can detect attacks but does not directly secure the LDAP server against exploitation.

Reference Extract from Study Guide:

"Implementing strong authentication and encrypting communications for LDAP servers mitigates vulnerabilities by preventing unauthorized access and protecting sensitive information during transmission."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Services

Business continuity planning (BCP) is essential because it ensures that an organization can quickly resume its critical functions after a disruption. The key aspects include:

Minimizing downtime: Strategies to restore business operations as quickly as possible.

Risk management: Identifying potential threats and creating plans to mitigate their impact.

Data recovery: Ensuring that data can be restored quickly in the event of a loss.

Communication plans: Establishing protocols for communicating with employees, customers, and stakeholders during and after a disruption.

The primary goal of BCP is to ensure the quickest return to business operations, maintaining service levels and minimizing financial losses.

References

Andrew Hiles, "The Definitive Handbook of Business Continuity Management," Wiley.

Michael Wallace and Lawrence Webber, "The Disaster Recovery Handbook," AMACOM.

The correct answer is B — A fully equipped hot site with up-to-date hardware and software.

As stated in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a hot site is a fully operational data center that mirrors the organization's primary systems and data. In the event of a disaster, operations can quickly transfer to the hot site with minimal downtime, ensuring business continuity.

Mobile data centers (A) are not standard disaster recovery solutions for multinational corporations. Basic secondary backup sites (C) (cold sites) require setup time and are slower to activate. Cloud backups (D) protect data but do not instantly restore full operational capabilities like a hot site.

Reference Extract from Study Guide:

"Hot sites maintain fully operational systems, applications, and data, allowing organizations to maintain business continuity with minimal disruption in the event of a disaster."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Disaster Recovery and Business Continuity Planning

The correct answer is D — Identify.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in risk management is identifying potential risks. Only once risks are identified can they be assessed, controlled, and reviewed. In this case, identifying potential data breaches, outages, and cost issues is the starting point.

Assess (A) happens after identification. Control (B) involves implementing responses. Review (C) happens later to check effectiveness.

Reference Extract from Study Guide:

"The first phase of risk management is risk identification, where potential threats and vulnerabilities are recognized and documented."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

=============================================

The correct answer is D — Encryption to prevent man-in-the-middle and eavesdropping attacks.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that while NFC is inherently short-range, it is still vulnerable to eavesdropping and man-in-the-middle attacks. Applying encryption ensures that even if communication is intercepted, the data remains protected and confidential.

Kerberos (A) is primarily for authentication within internal networks. Bluetooth restrictions (B) are unrelated to NFC. PDM (C) restricts device usage but does not directly protect NFC communication.

Reference Extract from Study Guide:

"Encrypting near-field communication ensures confidentiality and protects against interception and manipulation through man-in-the-middle and eavesdropping attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Wireless and Mobile Security Concepts

An algorithm is a defined set of step-by-step procedures or a set of rules to be followed to perform a specific task or solve a problem. Here are the characteristics that describe an algorithm:

Unambiguous rules: Each step of an algorithm must be clearly defined and unambiguous. There should be no confusion in interpreting the instructions.

Definiteness: The algorithm should have a clear starting and stopping point, leading to a precise output after a finite number of steps.

Finiteness: Algorithms must terminate after a finite number of steps. They cannot run indefinitely.

Input and Output: An algorithm should take zero or more inputs and produce at least one output.

Therefore, the correct answer is "Unambiguous rules," as it directly reflects the essential characteristic of an algorithm being precise and clear in its steps.

References

Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein, "Introduction to Algorithms," MIT Press.

Donald E. Knuth, "The Art of Computer Programming," Addison-Wesley.