Cybersecurity-Architecture-and-Engineering Exam Dumps - WGU Cybersecurity Architecture and Engineering (KFO1/D488)

The correct answer is B — Log analysis.

According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) curriculum, log analysis is critical for retrospective threat hunting — reviewing system, network, and application logs to identify signs of compromise or unauthorized activities that might have gone unnoticed in real-time. This technique helps uncover attacks that have already occurred in hybrid or cloud environments.

Honeypots (A) are proactive traps to detect future attacks. Social engineering (C) involves manipulating people, not hunting threats. Penetration testing (D) is used to find vulnerabilities, not to review past incidents.

Reference Extract from Study Guide:

"Threat hunting through log analysis involves systematically reviewing collected logs to uncover evidence of past or ongoing compromises, enabling organizations to identify and respond to threats that may have bypassed preventive controls."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Detection and Hunting Concepts

Of course!

Here are the verified and properly formatted answers for your next set of questions, strictly following your instructions and the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) official course materials:

=============================================

AHost-based Intrusion Detection and Prevention System (HIDPS)can detect unauthorized activity or suspicious changesat the OS level, including those specifically targetingLinux kernel modules, services, or rootkits.

NIST SP 800-94 Rev. 1:

“HIDPS software runs on individual hosts or devices in the network, analyzing inbound and outbound packets and alerting administrators to suspicious activity.”

HIDPS is especially effective in server environments wherekernel-level visibilityis critical.

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Implement and monitor HIDPS on enterprise Linux servers

Preventing unauthorized access and impersonation during exams or coursework is critical in e-learning platforms.Strong user authentication(e.g., MFA, CAPTCHA, secure login mechanisms) ensures that only authorized users access exams and coursework.

NIST SP 800-63B (Digital Identity Guidelines – Authentication):

“Secure user authentication ensures the identity of individuals accessing sensitive applications, reducing the risk of impersonation and credential misuse.”

Firewall rules and patching are important, but they don't directly addressuser-level fraud prevention.

🔹WGU Course Alignment:

Domain:Access Control and Identity Management

Topic:Secure authentication mechanisms for web platforms

Abastion scanneris a tool or hardened system that inspects network traffic and identifies security vulnerabilities, particularly those visible from an external (internet-facing) viewpoint. It plays a key role inpost-development assessment.

OWASP Testing Guide v4.2:

"Use bastion hosts or hardened scanners to perform vulnerability assessments from an attacker’s perspective."

This option is preferable for final validation before system release, especially when looking for exposure from the public internet.

🔹WGU Course Alignment:

Domain:System Security Engineering

Topic:Evaluate hardened systems and scanning tools during release validation

The correct answer is A — Implementing secure encrypted enclaves and Advanced Micro Devices (AMD) Secure Memory Encryption.

WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that encryption at the memory level (such as AMD SME) and secure enclaves protect data in volatile memory, safeguarding it even if physical attacks occur.

Security training (B), antivirus (C), and password policies (D) improve security generally but do not specifically address data in volatile memory.

Reference Extract from Study Guide:

"Encrypted enclaves and secure memory encryption protect sensitive data in volatile storage, maintaining confidentiality and integrity even during advanced attacks."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Server and Memory Security Controls

=============================================