The correct answer is C - Obfuscating error messages on the site or within the uniform resource locator (URL).
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) states that minimizing the information revealed through error messages and URLs prevents attackers from gathering reconnaissance information that could be used to exploit vulnerabilities.
HTTPS (A and B) protects data in transit but does not conceal server details. PCI-DSS certification (D) improves overall security but is not focused specifically on information disclosure during a redesign.
Reference Extract from Study Guide:
"Obfuscating detailed error messages and removing revealing information in URLs help prevent attackers from gaining reconnaissance data that could be used in targeted attacks."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Web Application Security

The correct answer is D - Identify.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in risk management is identifying potential risks. Only once risks are identified can they be assessed, controlled, and reviewed. In this case, identifying potential data breaches, outages, and cost issues is the starting point.
Assess (A) happens after identification. Control (B) involves implementing responses. Review (C) happens later to check effectiveness.
Reference Extract from Study Guide:
"The first phase of risk management is risk identification, where potential threats and vulnerabilities are recognized and documented."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Life Cycle

The correct answer is B - Secure Hash Algorithm 256 (SHA-256).
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) outlines that SHA-256 is a cryptographic hash function used to verify data integrity. It generates a fixed-size hash value based on input data, and any alteration to the data results in a different hash, signaling tampering.
DES (A) and AES (C) are encryption algorithms for confidentiality. RSA (D) is used for encryption and digital signatures, not solely for ensuring integrity via hashing.
Reference Extract from Study Guide:
"SHA-256 is a widely adopted cryptographic hash function used to verify the integrity of digital data and detect unauthorized modifications."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Hash Functions and Data Integrity

Geo-IP filtering at the firewallis a well-established method of blocking traffic from regions that the organization does not do business with or has no legitimate presence in.
NIST SP 800-41 Rev. 1 (Guidelines on Firewalls):
"Firewalls can be configured to block traffic based on geolocation or IP ranges to reduce exposure to known hostile regions." Firewalls are thefirst line of defensein the network perimeter; adjusting SIEM rules doesn't actively block access.
#WGU Course Alignment:
Domain:Network Security
Topic:Implement firewall filtering rules for geographic and IP-based restrictions

Parallel conversion is a system deployment method where the new system is implemented and runs alongside the old system for a period of time. This method allows for:
* Comparison of outputs: Ensuring that the new system produces the same or better results as the old system.
* Risk reduction: If there are issues with the new system, the old system can still be used without interrupting business operations.
* User adaptation: Users can get accustomed to the new system while still having access to the familiar old system.
Parallel conversion is often used to minimize the risk associated with deploying a new system.
References
* Harold Kerzner, "Project Management: A Systems Approach to Planning, Scheduling, and Controlling," Wiley.
* Kathy Schwalbe, "Information Technology Project Management," Cengage Learning.