WGU Updated Cybersecurity-Architecture-and-Engineering Exam Questions and Answers by maverick

The correct answer is A — Calculating and comparing the hash values of the software code before and after transfer using FTP can help detect any changes and ensure the integrity of the code.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), verifying the integrity of transferred files can be done by using cryptographic hash functions. Comparing pre- and post-transfer hashes ensures that the data was not tampered with during transmission.

Intrusion detection (B) focuses on unauthorized access. Access control (C) protects the server but does not ensure file integrity. Backups (D) provide data recovery but do not validate file integrity during transfers.

Reference Extract from Study Guide:

"Hashing verifies data integrity by allowing a comparison of original and received file values, ensuring no tampering occurred during transit."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Integrity Assurance

=============================================

The correct answer is D — Measured boot.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that Measured Boot, often implemented with Trusted Platform Modules (TPMs), ensures that each component of theboot process is verified for integrity. It provides cryptographic evidence that the system's startup sequence has not been tampered with.

Two-factor authentication (A) secures user logins but does not verify boot integrity. IDS (B) monitors network or host behavior but does not protect the boot process. HSM (C) secures cryptographic operations, not the system boot.

Reference Extract from Study Guide:

"Measured Boot verifies the integrity of the boot process, providing assurance that the system has not been compromised during startup."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), System Hardening and Trusted Computing

=============================================

The correct answer is C — Implementing shell restrictions.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), shell restrictions on Linux systems can prevent users (or attackers) from executing unauthorized commands, significantly reducing the exploitation risk on Linux servers.

Host-based IDPS (A) detects attacks but does not directly harden the OS. Access control (B) andassessments/penetration testing (D) are important but do not focus specifically on securing the Linux shell environment.

Reference Extract from Study Guide:

"Implementing shell restrictions on Linux systems minimizes the attack surface by limiting the ability of users and processes to execute unauthorized commands."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Linux System Hardening Techniques

Identity federationallows authentication credentials to be used across multiple systems or domains—includingon-premises and cloud platforms—without duplicating user databases.

NIST SP 800-63C (Federated Identity Guidelines):

“Federation enables users to access multiple, disparate services using a single digital identity that can be shared securely across organizational boundaries.”

This approach is essential in hybrid architectures where cloud VMs and on-prem servers must recognize acentralized identity providerlike Active Directory.

????WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Implement federated identity in hybrid and multi-cloud environments