The correct answer is B - Firewall.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), firewalls are critical for securing external network perimeters by filtering incoming and outgoing traffic based on predefined security rules. This control is a foundational requirement under FISMA to prevent unauthorized access.
IDS/IPS (A) monitor and detect attacks but are secondary to establishing the initial network boundary. Access controls (C) manage user permissions inside a system. Network segmentation (D) divides internal networks but does not protect the external boundary.
Reference Extract from Study Guide:
"Firewalls are the first line of defense for securing external networks, providing traffic filtering to prevent unauthorized access, aligning with FISMA compliance requirements."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Network Security Fundamentals

The correct answer is A - By looking for extra and unexpected symbols and characters in certain queries.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), SQL injection attacks often include malicious SQL code in input fields, with unusual symbols such as semicolons, apostrophes, or comments (', --, ;). Analysts detect these attacks by monitoring for unexpected or abnormal input patterns in database queries.
Changes to primary keys (B) and repeated login failures (C) are unrelated to SQLi detection. Administrative commands (D) relate more to privilege escalation.
Reference Extract from Study Guide:
"SQL injection attacks typically involve abnormal input that includes special SQL characters or commands; monitoring for such anomalies can reveal attempted injections."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Application and Database Security Threats

The correct answer is C - Host-based firewall.
According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) materials, a host-based firewall enforces traffic control policies at the endpoint level. It can allow or deny traffic based on application, port, IP address, and protocol rules, restricting access to only approved services and applications on a system.
Antivirus tools (A) detect malware but do not control network traffic. Two-factor authentication (B) secures user access but does not manage network traffic. HSMs (D) handle encryption keys, not network access control.
Reference Extract from Study Guide:
"Host-based firewalls restrict traffic at the system level, permitting only authorized services and applications, enhancing endpoint security."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Endpoint Protection and Firewalls

The correct answer is B - Secure Hash Algorithm 256 (SHA-256).
WGU Cybersecurity Architecture and Engineering (KFO1 / D488) outlines that SHA-256 is a cryptographic hash function used to verify data integrity. It generates a fixed-size hash value based on input data, and any alteration to the data results in a different hash, signaling tampering.
DES (A) and AES (C) are encryption algorithms for confidentiality. RSA (D) is used for encryption and digital signatures, not solely for ensuring integrity via hashing.
Reference Extract from Study Guide:
"SHA-256 is a widely adopted cryptographic hash function used to verify the integrity of digital data and detect unauthorized modifications."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Cryptographic Hash Functions and Data Integrity

The correct answer is B - Sixteen characters with at least one letter, one number, and one symbol.
According to the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, strong password policies must enforce a minimum length (preferably 12 to 16 characters) and require complexity, including uppercase and lowercase letters, numbers, and special characters. Sixteen-character passwords that include varied character types greatly increase the difficulty for attackers using brute-force or dictionary attacks.
Options A, C, and D either lack complexity or have too few characters, making them vulnerable to attacks.
Reference Extract from Study Guide:
"A strong password should be at least 12-16 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters to maximize resistance to brute-force attacks."
- WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Identity and AccessManagement Concepts