The correct answer is A - Implementing two-factor authentication.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.
Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials.
SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.
Reference Extract from Study Guide:
"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

Real-time transaction monitoringhelps detect and respond to fraudulent activities (e.g., unauthorized access, anomalous transactions) as they happen. It's critical in high-risk environments likeonline banking systems.
FFIEC IT Examination Handbook (Retail Payment Systems):
"Real-time fraud detection systems monitor for suspicious or anomalous transactions that may indicate identity theft, account takeover, or credit card fraud." This is anactive, risk-aware controlthat's far more effective than backups or email restrictions for this use case.
#WGU Course Alignment:
Domain:Security Operations and Monitoring
Topic:Implement real-time monitoring systems for financial fraud detection

Machine-level languages, also known as assembly languages, are low-level programming languages that are closely related to machine code.
* Definition: Machine-level languages consist of instructions that are directly executed by a computer's CPU.
* Assemblers: An assembler is a tool that translates assembly language code into machine code.
* Characteristics: Assembly languages are specific to a computer architecture and provide a way to write programs that can be executed by the hardware directly.
References
* "Structured Computer Organization" by Andrew S. Tanenbaum
* "Computer Systems: A Programmer's Perspective" by Randal E. Bryant and David R. O'Hallaron

The correct answer is D - Weak passwords.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), unauthorized SSH access from an unknown IP address often suggests that the attacker exploited weak or compromised passwords to gain access. Weak passwords are a common vulnerability for services exposed to the internet, especially SSH servers.
Exfiltration (A) refers to data theft after access, not initial unauthorized access. Unpatched software (B) might lead to other vulnerabilities but is not indicated here. Enumeration (C) is gathering information but not gaining login access directly.
Reference Extract from Study Guide:
"Weak or compromised passwords are a primary cause of unauthorized access, particularly for remote management interfaces such as SSH."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication Security BestPractices