The correct answer is D - Establish a baseline for normal activity.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, the first step in threat hunting is to understand what constitutes normal behavior within the environment. Establishing a baseline allows analysts to detect anomalies and deviations that could indicate malicious activity. Without a clear understanding of normal operations, it is extremely difficult to identify potential threats.
Deploying anti-malware solutions (A) and implementing intrusion detection systems (B) are important security measures but are not the first step in proactive threat hunting. Forming an incident response team (C) is essential for handling incidents but does not directly initiate threat hunting.
Reference Extract from Study Guide:
"Threat hunting begins with establishing a baseline of normal network, system, and user activity, enabling the detection of anomalies that may indicate potential threats."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Threat Hunting and Detection

The correct answer is D - Security information and event management (SIEM).
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) explains that a SIEM solution collects, correlates, and analyzes logs and events from multiple sources to detect unusual patterns of behavior across an organization's infrastructure. SIEM systems are specifically designed for centralized monitoring and alerting on suspicious activities, which helps prevent future breaches.
VPN (A) secures communications but does not monitor behavior. SSH (B) is a secure protocol for remote access but not a monitoring tool. WAF (C) protects web applications but does not monitor user behavior across systems.
Reference Extract from Study Guide:
"Security information and event management (SIEM) platforms aggregate and analyze security data from across an enterprise, providing actionable insights into anomalous user activities and potential threats."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Security Monitoring and Event Management

The correct answer is C - Implementation of secure user authentication protocols.
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) emphasizes that secure authentication mechanisms, like strong passwords, multifactor authentication, and session management, prevent unauthorized access and impersonation, thus helping prevent cheating inlearning platforms.
Firewall policies (A) and disabling Bluetooth (B) harden systems but do not directly address authentication.
Software updates (D) protect against system vulnerabilities but not user integrity.
Reference Extract from Study Guide:
"Secure authentication protocols ensure that users accessing learning management systems are properly verified, reducing risks of impersonation and cheating."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Access Control and Identity Verification

The correct answer is B - Internet Protocol Security (IPsec).
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), IPsec provides secure communication over IP networks by encrypting and authenticating IP packets. It is widely used for site-to-site VPNs and ensures confidentiality, integrity, and authentication between different cloud environments like Azure and AWS.
TCP (A) is a transport layer protocol ensuring reliable delivery but not encryption. FTP (C) is used for file transfer and is insecure unless secured with extensions. SSH (D) secures remote terminal sessions but is not primarily used for network-wide secure communication.
Reference Extract from Study Guide:
"IPsec provides a secure method of communication across IP networks, ensuring data confidentiality, integrity, and authentication for VPN connections and hybrid cloud communications."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols for Hybrid Environments

The correct answer is D - Secure Shell (SSH).
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials state that SSH provides strong encryption and authentication for remote access over unsecured networks. SSH ensures that sessions are confidential and that only authorized users can access remote systems.
HTTP (A) and FTP (B) transmit data in plaintext and do not provide encryption. Telnet (C) also transmits data in plaintext and is insecure for remote access.
Reference Extract from Study Guide:
"Secure Shell (SSH) is used for secure remote management, offering encrypted communications and authentication mechanisms to protect against unauthorized access and eavesdropping."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Secure Protocols and Communications