WGU Updated Cybersecurity-Architecture-and-Engineering Exam Questions and Answers by milana

The correct answer is B — Compare the unknown address to known IP addresses to determine if it is a threat.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), proper threat analysis requires identifying and verifying whether an unknown source is malicious before taking action. Comparing the IP address against known threat databases or intelligence feeds allows the organization to make informed decisions.

Permanently blocking (A) or temporarily blocking (C) without analysis could cause disruption if the IP is legitimate. Rate limiting (D) reduces traffic but does not determine threat status.

Reference Extract from Study Guide:

"Effective incident analysis begins by verifying and classifying the suspicious activity, including checking unknown IP addresses against threat intelligence sources."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Analysis and IncidentHandling

=============================================

The correct answer is D — Installing endpoint protection software.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) teaches that endpoint protection (including antivirus, anti-malware, and endpoint detection and response) is critical for detecting,blocking, and removing commodity malware like ransomware and Trojans.

Firewalls (A) help with perimeter security but don't directly block malware on endpoints. Rerouting communications (B) is not a standard protection method. Two-factor authentication (C) secures logins but does not protect systems from malware infection.

Reference Extract from Study Guide:

"Endpoint protection software defends individual systems against malware threats by detecting, blocking, and removing malicious files and processes."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Security Solutions

=============================================

Obfuscating error messagesprevents attackers from receiving technical details (e.g., software version, file paths, or database errors) that they can use for exploitation. This is part ofsecure codinganderror handlingpractices.

OWASP Secure Coding Practices – Error Handling and Logging:

“Applications should not disclose detailed error messages to users. Instead, provide generic messages to prevent leakage of system or application details.”

HTTPS secures transport, but doesn't addressinformation disclosurevia error output.

????WGU Course Alignment:

Domain:Information Systems and Architecture

Topic:Implement secure design practices (e.g., error handling, obfuscation)

BIOS protectioninvolves enabling hardware security features such asfirmware password protection,secure boot, andwrite protection, which prevent unauthorized firmware modifications.

NIST SP 800-147 (BIOS Protection Guidelines):

“Proper BIOS protection mechanisms, including authenticated updates and access control, are critical to maintaining the integrity of the platform’s startup environment.”

This is apreventive control. BIOS monitoring is reactive; backups protect data, not firmware integrity.

????WGU Course Alignment:

Domain:System Security Engineering

Topic:Apply firmware and BIOS security controls to prevent low-level tampering