WGU Cybersecurity-Architecture-and-Engineering - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

AnIntrusion Prevention System (IPS)detects and blocks malicious activity in real time based on defined policies or behavior patterns. IPS tools can enforcerate limiting,connection attempts, and evenauto-blockingafter repeated failures.

NIST SP 800-94 Rev. 1:

“Intrusion prevention systems not only detect potential incidents but actively prevent attempts such as brute-force attacks on services like SSH.”

Firewalls may filter traffic, but only an IPSactively terminates or blocks behavior-based threats like repeated failed logins.

🔹WGU Course Alignment:

Domain:Network Security

Topic:Deploy and configure IPS for automated protection against brute-force attacks

Application Software:

Application software refers to programs that help end users perform specific tasks. Examples include email clients, word processors, and spreadsheet programs.

These are designed to be used by people to perform tasks such as writing documents, managing data, or communicating.

Operating Systems:

Operating systems (OS) manage the hardware and software resources of a computer system. They provide a platform for application software to run.

Examples include Microsoft Windows, macOS, and Linux. The OS handles system-level tasks like memory management, process scheduling, and hardware interaction.

Key Differences:

Application software (B, C) is user-oriented, aimed at helping users complete tasks.

Operating systems (A, D) manage the computer's hardware and system resources.

The correct answer is A — Recovery time objective (RTO).

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the RTO is the maximum acceptable amount of time that a system, application, or process can be offline after a failure before unacceptable consequences occur to the business.

BIA (B) is the process of analyzing impact. BCP (C) is the overall plan for maintaining operations. DR (D) refers to the broader recovery effort.

Reference Extract from Study Guide:

"Recovery time objective (RTO) defines the maximum tolerable downtime for critical systems before significant business impact occurs."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Recovery Objectives and Disaster Recovery Metrics

=============================================

The correct answer is C — Implementing shell restrictions.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), shell restrictions on Linux systems can prevent users (or attackers) from executing unauthorized commands, significantly reducing the exploitation risk on Linux servers.

Host-based IDPS (A) detects attacks but does not directly harden the OS. Access control (B) andassessments/penetration testing (D) are important but do not focus specifically on securing the Linux shell environment.

Reference Extract from Study Guide:

"Implementing shell restrictions on Linux systems minimizes the attack surface by limiting the ability of users and processes to execute unauthorized commands."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Linux System Hardening Techniques

Recovery Point Objective (RPO)defines themaximum acceptable amount of data lossmeasured in time. It determines how often backups should occur to avoid losing critical business data.

NIST SP 800-34 Rev. 1:

“RPO represents the point in time prior to an outage to which systems and data must be restored to resume business operations.”

CDP is a method; RPO is thestrategic planning metric.

🔹WGU Course Alignment:

Domain:Business Continuity and Disaster Recovery

Topic:Define RPO to support data resilience and backup planning

The correct answer is D — Upgrade the remaining end-of-life machines.

As outlined in WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the best way to address end-of-life systems is to upgrade them to supported versions. End-of-life systems no longer receive security patches, leaving them highly vulnerable. Upgrading restores security and compliance.

Shutting down (A), disconnecting (B), or blocking (C) are temporary solutions that may disrupt operations but do not solve the root problem.

Reference Extract from Study Guide:

"Upgrading end-of-life systems is critical to restoring security and compliance, as unsupported systems are vulnerable to exploitation."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Vulnerability Management and Remediation

=============================================

Security edge devices(such as NGFWs, IDS/IPS, and secure gateways) are deployed at thenetwork perimeterto inspect and filter traffic, providing aninitial layer of defenseagainst external threats before they reach internal systems.

NIST SP 800-41 Rev. 1:

“Edge security devices enforce security policy at network boundaries and act as a first line of defense by preventing unauthorized or malicious traffic from entering the internal network.”

They are not TPMs or SIEMs, though they maygenerate dataconsumed by SIEMs.

🔹WGU Course Alignment:

Domain:Network Security

Topic:Deploy perimeter defense technologies at network entry points

The correct answer is C — Implementing a mobile device management (MDM) solution.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) describes that an MDM solution enables organizations to enforce security policies on personal devices, such as encryption, remote wipe capabilities, and application controls. MDM allows safe access to corporate resources while managing the inherent risks of BYOD environments.

Blocking access (A) contradicts the BYOD policy goal. Security audits (B) monitor but do not control personal devices. Awareness training (D) is important but does not enforce technical protections on devices.

Reference Extract from Study Guide:

"Mobile device management (MDM) solutions enforce security policies on employee-owned devices, ensuring compliance and reducing the risks associated with BYOD implementations."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Mobile Device Security

=============================================