The correct answer is A - Implementing two-factor authentication.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488) content, two-factor authentication (2FA) strengthens authentication processes by requiring users to providetwo forms of evidence (e.g., password + SMS code or authentication app) before accessing systems. Even if credentials are stolen, without the second factor, attackers would be unable to log in.
Background checks (B) are important for insider threats but not stolen external credentials. Security awareness training (C) is good practice but does not technically prevent the misuse of stolen credentials.
SIEM systems (D) help detect breaches but do not stop unauthorized access at the authentication layer.
Reference Extract from Study Guide:
"Two-factor authentication mitigates the risks associated with credential theft by requiring an additional factor, significantly improving the security posture."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Authentication and Identity Management

Before taking disruptive actions,identification and threat classificationmust occur. Cross-referencing againstknown malicious IP lists(e.g., threat intelligence feeds) helps determine if the address is benign, malicious, or compromised.
NIST SP 800-61 Rev. 2 (Computer Security Incident Handling Guide):
"Security teams should validate the threat source by comparing it to blacklists and threat intelligence before containment steps are taken." Blocking or rate-limiting prematurely may disrupt legitimate activity, makingintelligence-based comparisonthe prudent first step.
#WGU Course Alignment:
Domain:Security Operations and Monitoring
Topic:Perform traffic analysis and threat intelligence correlation

The domain name in a Uniform Resource Locator (URL) identifies the server on which the web page can be found.
Example:
In the URL "http://www.example.com/index.html":
"http" is the protocol.
"www.example.com" is the domain name.
"/index.html" is the resource path ID.
The other options:
The protocol specifies the communication method.
The resource path ID specifies the specific page or resource on the server.
The IP address is not typically visible in the URL itself but can be resolved via DNS.
Therefore, the domain name is the correct part that identifies the server.
References:
"Web Development and Design Foundations with HTML5" by Terry Felke-Morris, which explains URL components.
"Internet and World Wide Web How to Program" by Paul Deitel and Harvey Deitel, which covers URLs and their structure.

Applyingregular updates and patchesis fundamental to risk mitigation. Choosing ahybrid cloud topologyallows the financial institution to retaincritical services in-housewhile leveragingcloud scalabilityfor high-volume transactions.
NIST SP 800-160 Vol. 1 (Systems Security Engineering):
"Security patching is essential for mitigating vulnerabilities, especially in high-assurance environments like financial systems." Thehybrid modelbalancesperformance, control, and security, which is vital for core banking systems.
#WGU Course Alignment:
Domain:System Security Engineering
Topic:Apply risk mitigation techniques and choose secure deployment topologies

The correct answer is C - Restrict access to the backups.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), the first step in protecting sensitive data such as cloud backups is enforcing access controls to limit who can access the data. Restricting access immediately mitigates the risk of unauthorized exposure or tampering.
Auditing access logs (A) provides insight but does not actively protect. Running vulnerability scans (B) identifies issues but does not protect immediately. Disabling repositories (D) is not practical for maintaining backup availability.
Reference Extract from Study Guide:
"Access control is the first line of defense for sensitive data repositories, ensuring that only authorized users can access backup data."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Data Security and Access Control