Cybersecurity Identity and Access Solutions using Azure AD Quiz Answers + Review

Cybersecurity Identity and Access Solutions using Azure AD Quiz Answers + Review

Posted on by Niyander

In this article, I’m sharing my review of the Cybersecurity Identity and Access Solutions using Azure AD course, along with all the quiz answers to help you through it.

Just completed the Coursera course Cybersecurity Identity and Access Solutions using Azure AD? This course is part of the Microsoft Cybersecurity Analyst Professional Certificate and focuses on key topics like authentication methods, access management, and identity governance using tools like Azure Active Directory (Azure AD). If you’re preparing for the Microsoft SC-900 exam or just getting started with cybersecurity and identity systems, this course offers a clear and practical foundation — and I’ve included all the quiz answers to help you learn and review with ease!

Module quiz: Identity services Quiz Answers

Question 1)
Your organization has decided to synchronize its on-premises AD with AAD as part of the migration process, and wants to feel assured that data is transferring correctly. Which Microsoft tool can be used to monitor and report on the health of AD Connect and AAD synchronization?

  • AD Intune
  • AD Connect
  • AD Connect Health

Question 2)
True or False: Azure can be accessed through a web-based interface.

  • True
  • False

Question 3)
The company you currently work with is interested in trying Azure Active Directory. For their beta project, they want to investigate the advantages of using Azure before committing to a purchase. Which of the following options is best suited to begin with Azure?

  • Azure AD Free
  • Azure AD Office 365 edition
  • Azure AD Premium P1

Question 4)
A ______ is a purchase plan that provides access to a select number of Azure services and resources.

  • Subscription
  • Tenant
  • Resource group

Question 5)
True or False: Cloud Solution Provider can be both a pay upfront and a pay-as-you-go service.

  • True
  • False

Question 6)
You are the IT administrator for a large organization with over 1000 employees. Your organization requires different levels of access control to various resources and applications.
Considering the varying levels of access required by employees in your organization, which edition of Azure Active Directory (AAD) would be the most suitable choice to meet your organization’s access management needs?

  • A premium P1 or P2 license
  • Free Edition
  • Office 365 Edition

Question 7)
As an IT administrator, you are responsible for managing the infrastructure of a medium-sized company. Your company has an on-premises network and wants to implement a centralized directory service for user and resource management.
Which key component would you utilize to create a centralized directory service for user and resource management in your company’s on-premises network?

  • Hybrid Active Directory
  • Azure Active Directory
  • Active Directory

Question 8)
Complete the following sentence. In-house applications present _________ potential challenges when migrating to the cloud.

  • The same
  • More
  • Fewer

Question 9)
Complete the following sentence. An organization has a device registered with the on-premises AD. The device has been synced with AAD and has access to all cloud-based advantages. This is a description of ________.

  • Hybrid Azure AD joined devices.
  • Azure AD joined device.
  • Azure AD registered devices.

Question 10)
The IT manager at your firm has tasked you with connecting an external user to the organization so that they can use your products. Which of the following services would you use?

  • Azure AD B2C
  • B2B collaboration
  • B2B direct connect

Question 11)
In the daily course of your work activities, you are tasked with grouping Azure services into compatible bundles. Which of the following options would you use?

  • Subscription
  • Tenant
  • Resource group

Question 12)
Which plan fits the following description?
A contractual agreement for customers who want to commit to a three-year term and prepay for Azure services.

  • Pay-as-you-go
  • Cloud Solution Provider
  • Enterprise Agreement
  • Free plan

Question 13)
You have a medium-sized organization that would like to ensure secure access to documents created with Microsoft Word. Which AAD edition will best suit your organization?

  • Office 365 Edition
  • A premium P1 or P2 license
  • Free Edition

Question 14)
Which of the following tasks is Active Directory Domain Service (AD DS) responsible for?

  • Linking names to IP addresses.
  • Configuring the structure of the directory.
  • Governing authentication and authorization services.

Question 15)
True or False: A company’s custom applications present fewer potential challenges when migrating to the cloud.

  • True
  • False

Question 16)
True or False: With B2B collaboration, you can connect with Azure AD and collaborate without using another Azure AD platform.

  • True
  • False

Question 17)
Which Azure edition is defined by the following line?
It includes all the features of the basic edition, plus additional features such as dynamic group allocation.

  • Azure AD Free
  • Azure AD Office 365 edition
  • Azure AD Premium P1

Question 18)
True or False: Organizations with a large number of employees are best suited to an Azure Premium subscription.

  • True
  • False

Question 19)
True or False: Active Directory Domain Service (AD DS) is a key component in creating an on-premises active directory.

  • True
  • False

Question 20)
As the IT administrator in a company, you recently adopted Microsoft Azure for its cloud services. As part of the adoption process, employees are using their organization accounts to sign into their devices, which are registered with Azure AD.
Which term best describes the scenario where employees use their organization accounts to sign on to devices that are registered with Azure AD?

  • Hybrid Azure AD joined devices
  • Azure AD registered devices
  • Azure AD joined device

Question 21)
Which Microsoft tool provides organizations with mobile device application management, and PC management capabilities?

  • AD Connect
  • AD Intune
  • AD Connect Health

Question 22)
Your friend is a Cyber Analyst at a company who has recently implemented Azure Active Directory and comes to you for advice. What is the best means of interacting with Azure?

  • AD Connect
  • AD Intune
  • Azure portal

Question 23)
Which Azure edition is a paid version of Azure AD that provides more features than the Free edition including group-based access management, although it lacks advanced functionality such as privileged identity management?

  • Azure AD Premium P1
  • Azure AD Free
  • Azure AD Office 365 edition

Question 24)
Complete the following sentence. A ______ is a trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.

  • Resource group
  • Subscription
  • Tenant

Question 25)
Complete the following sentence. An organization has devices registered with Azure AD. The device can be accessed without having to log onto the organization’s account. This is a description of ________.

  • Hybrid Azure AD joined devices.
  • Azure AD joined device.
  • Azure AD registered devices.

Question 27)
Which of the following statements best describes Azure portal?

  • A Microsoft tool that provides synchronization and identity management between on-premises Action Directory and Azure Active Directory.
  • A web-based interface that allows users to configure their Azure resources and services.
  • A Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.

Question 28)
Complete the following sentence. You work for an organization and want to connect with an external identity, allowing you to ______.

  • consume your application or product.
  • use their product or service.
  • use another instance of Azure Direct.

Module quiz: Active directory authentication Quiz Answers

Question 1)
True or False: SSO requires a user to authenticate periodically when using different applications.

  • True
  • False

Question 2)
Which environments would you most likely use Azure AD pass-through authentication?

  • Cloud-based Active Directory
  • Hybrid Active Directory
  • On-premises Active Directory

Question 3)
Complete the following sentence. Azure AD _______ Synchronization ensures that passwords are stored in both an on-premises AD and Azure AD, and stay secret and synchronized.

  • Hash
  • Credential
  • Change

Question 4)
Which of these statements best describes MFA?

  • MFA stands for Multi-Factor Authentication and uses two or more alternative means of authentication.
  • MFA stands for Multi-Factor Authentication, and it uses Biometric to provide authentication
  • MFA stands for Multi-function Authentication; one login can be used to access different applications.

Question 5)
After you enter the password for logging into your company account, you are prompted to press your finger against the scanning element of your device. In the context of multi-factor authentication (MFA), which statement best describes the type of information that you have been asked for?

  • Something you know
  • Something you have
  • Something you are

Question 6)
Which of the following sentences best describes Conditional Access?

  • Requiring robust, unique passwords and monitoring user activity.
  • A cloud-based service that uses machine learning and data analytics to identify deviant behavior.
  • Tracking and limiting user access under some conditions.

Question 7)
In order to enable users to get back into their accounts quickly after forgetting their passwords while also lightening the workload of the organization’s IT staff, which feature would you implement?

  • Self-service password reset (SSPR)
  • Password Writeback
  • AD Connect Cloud Sync

Question 8)
Which of the following situations can be configured in SSPR? Select all that apply.

  • Password reset
  • Password writeback
  • Password unlock
  • Password validation

Question 9)
You are configuring authentication for the point-of-sale devices at Sam’s Scoops. Because of the fast-paced working environment, employees would like to gain entry to these devices as quickly as possible. Which of the following forms of identification best meets this need?

  • PIN
  • Password
  • Facial recognition

Question 10)
For accessing sensitive resources, you have decided to implement an authentication method that sends a one-time passcode (OTP) to the user requesting access, which the user must then input at the login page. Which method does this describe?

  • OATH hardware tokens
  • FIDO authentication
  • SMS-based authentication

Question 11)
Complete the following sentence. Single sign-on (SSO) in Azure AD allows users to sign in once to ___________ multiple applications and enhances ___________ efficacy.

  • Authenticate, workflow
  • Authorize, authentication
  • Access, security

Question 12)
You would like to give your users the ability to access both on-premises and cloud-based resources using a single password. Which feature of Azure AD Connect would you implement to achieve this?

  • Active Directory Domain Controller (AD DC)
  • Azure AD Application Proxy
  • Pass-through authentication

Question 13)
To add another layer of security, you decide to implement multi-factor authentication (MFA) that is triggered when a user attempts to gain access to the company’s payroll management software. Which option best describes what MFA requires before granting this access?

  • Two or more checks
  • Authentication
  • Biometric data

Question 14)
What is a PIN when used in MFA?

  • Something you know
  • Something you have
  • Something you are

Question 15)
Which of the following sentences best describes strong protection policies?

  • Tracking and limiting user access under some conditions.
  • A cloud-based service that uses machine learning and data analytics to identify deviant behavior.
  • Requiring robust, unique passwords and monitoring user activity.

Question 16)
What is the name of the feature that ensures that a password change made on the cloud is propagated to an on-premises Active directory?

  • AD Connect Cloud Sync
  • Self-service password reset (SSPR)
  • Password Writeback

Question 17)
True or False: Azure AD Hash Synchronization is a means of encrypting information stored in an Active Directory.

  • True
  • False

Question 18)
True or False: MFA is the use of biometrics when validating a user.

  • True
  • False

Question 19)
Which lightweight service facilitates changes being made on the cloud and propagates it back to an on-premises directory?

  • AD Connect Cloud Sync
  • Self-service password reset (SSPR)
  • Password Writeback

Question 20)
True or False: Windows Hello is a means of implementing biometric checks in place of passwords.

  • True
  • False

Question 21)
Which authentication method uses tokens generated through the use of hardware or software, and provides a time-dependent one-time passcode?

  • FIDO authentication
  • OATH hardware tokens
  • SMS-based authentication

Question 22)
What best describes a mobile phone when used in MFA?

  • Something you are
  • Something you know
  • Something you have

Question 23)
True or False: SSPR can be used to unlock an account in the event of a user being locked out.

  • True
  • False

Question 24)
You have implemented self-service password reset (SSPR) to help get locked-out users back into their accounts. Which of the following situations can be configured in SSPR?

  • Password validation
  • Password change
  • Password creation

Question 25)
Which of the following are Windows Hello authentication-enabled methods? Select all that apply.

  • Password
  • Facial recognition
  • Iris
  • Fingerprint

Question 26)
Which authentication method uses public-key cryptography to provide strong authentication?

  • OATH hardware tokens
  • SMS-based authentication
  • FIDO authentication

Question 27)
True or False: A cloud-based logon can be used to access an on-premises application.

  • True
  • False

Question 28)
You are considering implementing single sign-on (SSO) for your organization. Which of the following statements best describe the benefit this would bring?

  • SSO is a feature that enables high-privileged roles efficient workflow by bypassing authentication.
  • SSO requires users to sign in once and enables access to multiple applications without further authentication.
  • SSO requires users to sign into each application separately, providing security through stringent authentication.

Module quiz: Active Directory access, protection, and governance management Quiz Answers

Question 1)
True or False: Role-based access control (RBAC) is a security framework that assigns permissions to users based on their roles within an organization.

  • True
  • False

Question 2)
An administrator wants to configure a Conditional Access policy that will prompt a user to go through multi-factor authentication (MFA) when certain signals are detected. Which of the following are common signals that Conditional Access policies can consider? Select all that apply.

  • The length of time since the account password was last changed.
  • Named location information.
  • Real-time sign-in risk detection.
  • Random application triggers.

Question 3)
You have assigned a User Administrator role, which grants permissions for managing resources that live in Azure AD. Which of the following role categories does this fall under?

  • Privileged roles
  • Service-specific roles
  • Azure AD-specific roles
  • Cross-service roles

Question 4)
True or False: Azure AD’s role-based access control (RBAC) allows you to define and manage roles with specific sets of permissions, granting access only to those who truly need it.

  • True
  • False

Question 5)
The administrator at Sam’s Scoops has decided to build an access management approach for the company that is based on the Zero Trust model. Which of these security principles should be followed to align with this model? Select all that apply.

  • Mandate regular password changes.
  • Provide the least privileged access.
  • Verify access attempts explicitly.
  • Don’t allow external users.

Question 6)
Complete the following sentence. Many experts believe that ______ is the new security perimeter.

  • encryption
  • data
  • identity
  • network

Question 7)
Which of the following statements about securing privileged access with Azure AD Privileged Identity Management (PIM) is true?

  • Azure AD PIM requires Azure AD Premium P1 licenses to be enabled.
  • Azure AD PIM does not support managing custom roles, only built-in Azure resource roles.
  • Azure AD PIM does not provide any fine-grained access control options for role assignments.
  • Azure AD PIM allows for permanent admin role assignments, with no expiration date.

Question 8)
What can be managed using Azure AD PIM?

  • Only built-in Azure resource roles.
  • Only custom roles in Azure AD.
  • Both built-in Azure resource roles and custom roles.
  • Only Azure AD Premium P2 licenses.

Question 9)
Which of the following statements is true regarding just-in-time (JIT) access?

  • JIT access helps maintain security without sacrificing operational productivity.
  • JIT access provides permanent access to privileged accounts.
  • JIT access is not recommended for securing critical data and resources.
  • JIT access requires users to authenticate multiple times for each application.

Question 10)
Using Privileged Identity Management (PIM), you would like to assign a role to a user that applies immediately and provides access for an indefinite amount of time. Which of the following assignment types would you use?

  • Permanent eligible
  • Time-bound active
  • Time-bound eligible
  • Permanent active

Question 11)
What is one of the benefits of using role-based access control (RBAC)?

  • Centralized administration for individual user permissions.
  • Increased security by limiting access to necessary resources.
  • Increased complexity.

Question 13)
You have assigned a Teams Administrator role, which enables the assignee to manage features in the Microsoft Teams application. This app, which resides separately of Azure AD, is used by employees in the organization for communication. Which of the following categories does the Teams Administrator role fall under?

  • Cross-service roles
  • Azure AD-specific roles
  • Privileged roles
  • Service-specific roles

Question 13)
What is the main policy engine within the Zero Trust model?

  • Intrusion Detection System (IDS)
  • Firewall
  • Zero Trust Application Gateway
    Conditional Access

Question 14)
True or False: Identity governance involves managing and controlling access to resources based on least privilege principles.

  • True
  • False

Question 15)
Which of the following best describes the concept of just-in-time (JIT) access?

  • JIT access grants permanent access to applications and systems, ensuring continuous availability.
  • JIT access limits privileged access based on location, actions, and timing, providing precise control over when and where users can access privileged accounts.
  • JIT access provides immediate access to all applications and systems, without any restrictions.
  • JIT access is a security practice that allows users to access applications and systems without any authentication.

Question 16)
Consider an organization that uses cloud-based applications but does not yet have an access management system. It is considering Azure AD because of the capabilities made possible by Privileged Identity Management (PIM). Which Azure AD license should this organization acquire to enable PIM as a tool?

  • Azure AD Free license
  • Azure AD Premium P2 license
  • Azure AD Basic license
  • Azure AD Premium P1 license

Question 17)
What does Privileged Identity Management (PIM) help minimize?

  • The number of permissions granted to regular users.
  • The number of applications and systems in Azure AD.
  • The number of authentication methods required for users.
  • The number of people with access to secure information.

Question 18)
Consider an organization in which an employee is temporarily designated as a Project Manager for several days, while the true Project Manager is on vacation. As an administrator using Privileged Identity Management (PIM), you would like to assign a role to this user that requires activation and limits their access time to specific start and end dates. Which of the following assignment types would you use?

  • Time-bound eligible
  • Permanent eligible
  • Permanent active
  • Time-bound active

Question 19)
After an audit revealed that certain employee accounts continued to have privileged access that was no longer needed, the administrator at Sam’s Scoops decided to implement role-based access control (RBAC). Which steps should be taken as part of this process? Select all that apply.

  • Identify the roles that exist within an organization.
  • Assign permissions to roles.
  • Set the authentication method that applies to a role.
  • Define what actions users are allowed to take.

Question 20)
What is the purpose of using Conditional Access templates in Azure AD?

  • To implement access controls only for remote work scenarios.
  • To deploy preconfigured policies aligned with Microsoft’s recommendations.
  • To create complex access control policies from scratch.

Question 21)
The administrator at an organization worries about potential security issues due to poorly managed access and wants to use Privileged Identity Management (PIM) to take a more secure approach. Which statement best describes how PIM can help to accomplish this?

  • PIM is a feature that grants permanent privileged access to all users in Azure AD, increasing flexibility.
  • PIM helps minimize the number of people with access to secure information, reducing the risk of unauthorized access and inadvertent impact on sensitive resources.
  • PIM only supports time-bound access to Azure resources, excluding other Microsoft Online services.
  • PIM allows users to have unlimited access to resources in Azure AD, Azure, and other Microsoft Online services.

Question 22)
True or False: Conditional Access policies in Azure AD are based on if-then statements, where a user must complete a specific action to access a resource.

  • True
  • False

Question 23)
You have assigned a Security Administrator role, which allows for management of security features within Azure AD, as well as separate security services like Microsoft Defender for Cloud Apps. Which of the following role categories does this fall under?

  • Privileged roles
  • Azure AD-specific roles
  • Cross-service roles
  • Service-specific roles

Question 24)
What are the two types of role definitions in Azure AD?

  • Fixed roles and flexible roles.
  • Built-in roles and custom roles.
  • Basic roles and advanced roles.

Question 25)
What is the primary benefit of just-in-time (JIT) access?

  • JIT access eliminates the need for authentication when accessing applications and systems.
  • JIT access grants permanent access to privileged accounts for all users.
  • JIT access increases the availability of applications and systems for all users.
  • JIT access reduces the risk of unauthorized access to critical data and resources.

Question 27)
Imagine that an organization wants to change its security approach to provide the least access that users need to perform privileged operations. Which features does Privileged Identity Management (PIM) have that would assist in implementing this approach?

  • Time-bound access to resources, self-service role assignment, and access reviews
  • Time-bound access to resources, approval-based role activation, and multi-factor authentication enforcement.
  • Permanent access to all resources, self-service role assignment, and access reviews
  • Permanent access to all resources, multi-factor authentication enforcement, and access reviews.

Question 28)
An employee at Sam’s Scoops needs a very specific set of permissions that isn’t covered by any of the built-in roles in Azure AD, so an administrator must create a custom role. Before the employee gains the permissions, which steps must the administrator follow? Select all that apply.

  • Defining the role by selecting desired permissions from a preset list.
  • Creating a new Azure AD tenant.
  • Verifying the user’s identity through multi-factor authentication.
  • Assigning the role to users or groups.

Question 29)
Which of the follow can you manage in Privileged Identity Management (PIM)? Select all that apply.

  • Conditional Access
  • PIM for Groups
  • Azure AD roles
  • Self-service password reset (SSPR)

Self-review: Configure identity and access policies Quiz Answers

Question 1)
True or False: The purpose of enabling self-service password reset (SSPR) in Azure Active Directory is to allow users to reset their passwords without administrator intervention.

  • True
  • False

Question 2)
What is the primary role of the Privileged Role Administrator in Azure Active Directory?

  • To create and manage user accounts.
  • To manage directory roles and administrative access.
  • To manage password policies.

Question 3)
Which steps are involved in creating a user in Azure Active Directory? Select all that apply.

  • Enable SSPR.
  • Assign a role.
  • Fill in the identity details.
  • Set up a special group.

Question 4)
Complete the following sentence. The purpose of creating an administrative unit in Azure Active Directory is to group users and assign them specific __________.

  • Permissions
  • Passwords
  • Roles

Question 5)
True or False: The Quick actions menu in the Azure portal allows for easy access to frequently performed tasks.

  • True
  • False

Question 6)
Which section of the Azure portal is used to enable self-service password reset (SSPR) in Azure Active Directory?

  • Overview section
  • Manage section
  • Password reset section

Question 7)
Which actions can be performed in the Azure portal when setting up a special group? Select all that apply.

  • Add group members.
  • Enable single sign-on (SSO).
  • Assign administrative roles.
  • Define group permissions.

Question 8)
Complete the following sentence. The final step in creating a user in Azure Active Directory is to navigate to the user’s profile and view the ________.

  • Profile
  • Role assignment
  • Screenshot

Question 9)
True or False: The purpose of assigning roles in Azure Active Directory is to define the level of access and permissions granted to users.

  • True
  • False

Question 10)
Which component of Azure Active Directory allows users to reset their own passwords?

  • Azure Active Directory Connect
  • Self-service password reset (SSPR)
  • Azure Directory Premium

Course quiz: Identity and access solutions Quiz Answers

Question 1)
Which of the following sentences best describes AD Connect Health?

  • A Microsoft tool that provides synchronization and identity management between on-premises Active Directory and Azure Active Directory.
  • A Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.
  • A Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.

Question 2)
Sam’s Scoops employees use a web-based interface to manage their Azure resources and interact with Azure services.
Complete the following sentence. ____________ is the name of the interface that can be used to interact with Azure services.

  • AD Intune
  • Azure portal
  • AD Connect

Question 3)
Which of the following packages includes dynamic group allocation?

  • Azure AD Premium P1
  • Azure AD Free
  • Azure AD Basic

Question 4)
Which of the following sentences best describes a tenant?

  • A purchase plan that provides access to a select number of Azure services and resources.
  • A trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.
  • A container for Azure resources that allows you to organize and manage them based on application, or environment.

Question 5)
Complete the following sentence. Azure Active Directory is located ______________________.

  • In the cloud.
  • Both on the cloud and on-premises.
  • On-premises.

Question 6)
Which tool does the following definition relate to?
A tool for synchronizing user accounts and passwords from on-premises AD to Azure AD.

  • Active Directory Migration Tool (ADMT)
  • Azure AD Connect
  • Active Directory Domain Services (AD DS)

Question 7)
What type of identity is used by services and applications to authenticate and authorize access to Azure resources?

  • User Identity
  • Device Identity
  • Service Principals

Question 8)
Complete the following sentence. You work for an organization and want to connect with an external identity, allowing them to _________.

  • consume your application or product.
  • use their product or service.
  • use another instance of Azure Direct.

Question 9)
Which of the following roles would you assign if you have hired a new manager and would like them to oversee enterprise applications?

  • Global Administrator
  • Global Reader
  • Applications Administrator

Question 10)
Currently, at your workplace, many different login credentials are being created for users. This has become difficult to manage. So, you propose a central source to manage all of your logins.

Which of the following can be used to act as a central identity provider?

  • Active Directory Federation Services (AD FS)
  • Web Services Federation (WS-FED)
  • Security Assertion Markup Language (SAML)

Question 11)
True or False: System configuration is a strength of using biometric data.

  • True
  • False

Question 12)
Which Microsoft Server manages user accounts and provides authentication for on-premises AD?

  • Azure AD Pass-through
  • Azure AD Application Proxy
  • Active Directory domain controller

Question 13)
You are an IT administrator for a company that has recently adopted a hybrid cloud environment, utilizing both on-premises Active Directory and Azure Active Directory (AAD). The company wants to ensure a seamless password experience for users, regardless of whether they are accessing resources on-premises or in the cloud. To achieve this, the IT team is exploring different services that synchronize password hashes between the on-premises Active Directory and Azure AD.
In this scenario, which service best matches the description?

  • Active Directory Federation Services (AD FS)
  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication

Question 14)
You are an IT security analyst responsible for implementing Conditional Access policies in your organization’s Azure Active Directory (AAD) environment. These policies help secure access to resources based on specific criteria. In your research, you come across various signals that are commonly used to determine Conditional Access.
Which of the following options represents the signals used for determining Conditional Access?

  • Secure foundation, remote work, and emerging threats.
  • User or group membership, device information or application-specific triggers.
  • Payroll application, MFA and industry regulations.

Question 15)
Complete the following sentence. The most restrictive access policy permissible when implementing Conditional Access is _______________.

  • Allow Access
  • Block Access
  • Multi-factor authentication (MFA)

Question 16)
Which of the following indicates that the insights were generated by cybersecurity experts?

  • The risk signal was raised as a result of high-quality heuristic-based detection.
  • The risk signal was identified as a result of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.

Question 17)
As a security specialist you are asked to consult with Sam on developing a good security posture. You meet with the company’s IT team and discuss various strategies to enhance security when implementing Conditional Access. They are particularly interested in measures that can provide effective protection against unauthorized access. You provide them with three options to consider.
Which of the following options represents a recommended best practice to enhance security when implementing Conditional Access?

  • Configuring granular policies for specific applications and requests.
  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.

Question 18)
Complete the following sentence. Restricting access to a network based on the protocol used in the request is __________ using Microsoft’s Conditional Access Policies.

  • Not advisable
  • Highly recommended
  • Not possible

Question 19)
Which of the following concepts refers to the permissions or actions relating to an Azure that are granted to an entity access to upon successfully authenticating?

  • Role Scope
  • Security Principal
  • Role Definition

Question 20)
Complete the following sentence. In role-based access control (RBAC), assigning ___________ determines who can receive a role assignment.

  • Eligibility
  • Privilege
  • Active status

Question 21)
What type of roles are the Global Administrator and Global Reader who grant permissions within Microsoft 365 or Azure AD?

  • Azure AD-specific roles
  • Cross-service roles
  • Service-specific roles

Question 22)
At work, there’s a team of developers who are working on a highly sensitive project that requires specialized access to certain resources.
Which Azure AD feature can help manage their access effectively?

  • Privileged access management
  • Identity lifecycle management
  • Access lifecycle management

Question 23)
Which of the following concepts pertains to limiting user access with Just-in-time and Just-enough-access?

  • Assuming breach
  • Least privileged access
  • Explicit verification

Question 24)
What are the key principles of the Zero Trust security strategy?

  • Explicit verification, least privileged access, and assuming breach.
  • Trust by default, open access, and legacy system protection.
  • Implicit verification, role-based access, and perimeter defense.

Question 25)
At work, you are tasked with managing Identity Governance. You are informed that you have to configure the system to allow users, including external guests, to request access to predefined access packages.
Which of the following approaches is most applicable to this?

  • Privileged access management
  • Access reviews
  • Entitlement management

Question 26)
Complete the following sentence. In Azure Active Directory, an application object serves as a template to create one or more ____________ objects, with each ____________ representing the application within a specific tenant.

  • Managed Identity
  • Service principal
  • Legacy

Question 27)
You have recently developed a web application that needs to access Azure resources programmatically. What would you use to ensure secure authentication and fine-grained access control for the application in Azure?

  • Managed Identity
  • User Principal
  • Service Principal

Question 28)
You are an Azure administrator for a large organization that is migrating its infrastructure to the cloud. You decide the following:
True or False: Using managed identities for Azure resources will save time as it reduces the need to manage credentials for the applications and services.

  • True
  • False

Question 29)
You have recently started work with Sam’s Scoops’ backend team. You would like to propose using Managed Identities for Azure resources.
Which of the following statements could you use as part of your argument?

  • Managed Identities, for Azure resources, simplifies and automates identity management within Azure AD.
  • Managed Identities, for Azure resources, provides seamless authentication without the need for credentials.
  • Managed Identities, for Azure resources, automates the management of credentials in Azure AD.

Question 30)
Complete the following sentence. Enforcing ________________ adds an extra layer of security to user accounts.

  • Multi-factor verification
  • Password complexity
  • Password vaults

Question 31)
Which line best describes AD Intune?

  • A Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.
  • A Microsoft tool that provides synchronization and identity management between on-premises Active Directory and Azure Active Directory.
  • A Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.

Question 32)
As part of Azure AD implementation, there are different packages that offer various features and functionalities. Which of the following packages includes basic group allocation?”

  • Azure AD Basic
  • Azure AD Free
  • Azure AD Premium P1

Question 33)
As an IT professional you are tasked with briefly explaining to your manager what exactly an Azure subscription entails.
Which of the following sentences best describes an Azure subscription?

  • An Azure subscription is a trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.
  • An Azure subscription is a purchase plan that provides access to a select number of Azure services and resources.
  • An Azure subscription is a container for Azure resources that allows you to organize and manage them based on application, or environment.

Question 34)
You are the IT administrator at your workplace, and your manager wants you to investigate how to create an Azure AD for the business. Where are you most likely to find Azure Active Directory?

  • Both on the cloud and on-premises.
  • On-premises.
  • In the cloud.

Question 35)
Sarah, an employee at Sam’s Scoops, needs to access Azure resources such as cloud-based applications and databases.
Which type of identity is associated with your specific user account and typically used to authenticate access to these Azure resources?

  • Service Principals
  • User Identity
  • Device Identity

Question 36)
True or False: You want others to connect with your product through Azure AD B2C which utilizes Azure AD services and consumes your application.

  • True
  • False

Question 37)
Which of the following roles would you assign if you have hired a new manager and you would like them to assess the business before deciding on their role?

  • Global Administrator
  • Global Reader
  • Applications Administrator

Question 38)
What is true about using biometric data?

  • Biometric data is easy to configure to a system.
  • Biometric data is a virtual means of authentication.
  • Biometric data is more secure.

Question 39)
You work for a company that has a variety of on-premises applications critical to its operations. The company wants to provide external users, such as partners and clients, with access to these applications, and the IT team is exploring different solutions.

In this scenario, which of the following services is defined as an on-premises service that allows external customers to engage with on-premises applications?

  • Azure AD Application Proxy
  • Azure AD Pass-through
  • Active Directory domain controller

Question 40)
In your organization, there is a critical application that contains highly sensitive data. The security team wants to ensure that only authorized individuals with the highest level of access privileges can interact with this application.

Which of the following Conditional Access policies would be considered the most restrictive?

  • Require multifactor authentication
  • Allow Access
  • Block Access

Question 41)
As an IT cybersecurity specialist, you notice a risk signal that has been flagged by the system, indicating a potential security issue. To determine if the signal was generated through auto-generation, you evaluate the available options.
Which of the following options best aligns with insights produced by the system’s automated processes, indicating the use of auto-generation?

  • The risk signal was identified as a result of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.
  • The risk signal was raised because of high-quality heuristic-based detection.

Question 42)
As a security specialist you are asked to consult with Sam on developing a good security posture. You meet with the company’s IT team and discuss various strategies to enhance security when implementing Conditional Access. They are particularly interested in measures that can provide effective protection against unauthorized access. You provide them with three options to consider.
Which of the following options represents a recommended best practice to enhance security when implementing Conditional Access?

  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.
  • Configuring granular policies for specific applications and requests.

Question 43)
There has been a breach in a competing company. As a result, the need to tighten access to all employees using more stringent policies is now a priority.
Which of the following are viable means of restricting access using Microsoft’s Conditional Access policies? Select all that apply.

  • Limiting access bases on time of day.
  • Restricting access for certain file types
  • Requiring MFA for all users.
  • Restricting access based on the protocol used in the request.

Question 44)
Which of the following concepts refers to the resources that an identity is granted access to upon successfully authenticating?

  • Role Scope
  • Role Definition
  • Security Principal

Question 45)
Which of the following statements accurately describes the relationship between eligibility and active status in role-based access control (RBAC)?

  • Eligibility determines who can receive a role assignment, while active status determines who can actively utilize the assigned role’s permissions.
  • Eligibility and active status both determine who can receive role assignments.
  • Active status determines who can receive a role assignment, while eligibility determines who can actively utilize the assigned role’s permissions.

Question 46)
You have started a new job at a prestigious company. Using Azure, the IT team has assigned your user ID with two roles, namely, Application Administrator and Groups Administrator.
Which of the following areas would you have permissions for?

  • Cross-service roles
  • Azure AD-specific roles
  • Service-specific roles

Question 47)
Which of the following concepts pertains to authentication and authorization based on all available data points?

  • Least privileged access
  • Explicit verification
  • Assuming breach

Question 48)
Complete the following sentence. Zero Trust challenges the traditional notion of trusting everything within a corporate firewall and instead assumes a “_______” approach.

  • Trust by default, validate occasionally.
  • Trust nothing, verify everything.
  • Trust everything, verify selectively.

Question 49)
Complete the following sentence. _____________ is a feature of Identity Governance which allows users, including external guests, to request access to predefined access packages.

  • Privileged access management
  • Access reviews
  • Entitlement management

Question 50)
Which of the following statements accurately describes the relationship between application objects and service principals in Azure Active Directory?

  • An application object represents a global application, while a service principal represents a local application within a specific tenant.
    An application object and a service principal object are synonymous and represent the same entity in Azure Active Directory.
    An application object serves as a template to create one or more service principal objects, with each service principal representing the application within a specific tenant.

Question 51)
True or False: A service principal is created from an application object in Azure Active Directory.

  • True
  • False

Question 52)
What are managed identities for Azure resources?

  • Managed identities for Azure resources are types of Azure Active Directory (Azure AD) authentication.
  • Managed identities for Azure resources provide a way to manage secrets, credentials, certificates, and keys.
  • Managed identities for Azure resources are identities in Azure AD that automate and simplify identity management for resources.

Question 53)
True or False: Managed identities for Azure resources eliminate the need for managing credentials.

  • True
  • False

Question 54)
True or False: Azure role-based access control (RBAC) helps manage access to Azure resources by assigning permissions to users, groups, and applications.

  • True
  • False

Question 55)
True or False: Azure resources can be managed by Azure AD.

  • True
  • False

Question 56)
Which of the following Azure AD editions offers standard management and security features at no cost?

  • Azure AD Premium P1
  • Azure AD Free
  • Azure AD Basic

Question 57)
Your company has hired a new manager to manage all the company’s resources.
Which of the following roles would need to be assigned to the new manager?

  • Global Reader
  • Applications Administrator
  • Global Administrator

Question 58)
Which of the following is a protocol used in establishing a cloud-based identity? Select all that apply.

  • Active Directory Federation Services (AD FS)
  • Security Assertion Markup Language (SAML)
  • Web Services Federation (WS-FED)

Question 59)
True or False: Conditional Access policies allow a granular level of control for a system such that a user can be required to provide further authentication, denied service, or given free access depending on certain criteria.

  • True
  • False

Question 60)
Which of the following indicates that the insights were generated through use of end user generation?

  • The risk signal was identified because of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.
  • The risk signal was raised as a result of high-quality heuristic-based detection.

Question 61)
You are tasked with enforcing the security posture of your company. Which of the following best practice conditional policies would you implement when deciding on access for new employees?

  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.
  • Configuring granular policies for specific applications and requests.

Question 62)
What type of roles are the SharePoint Service Administrator and Teams Administrator who grant permissions within Microsoft 365?

  • Service-specific roles
  • Azure AD-specific roles
  • Cross-service roles

Question 63)
Complete the following sentence: __________is a specialized feature from Azure that enables an organization to provide fine-grained access to some specialized information.

  • Privileged access management
  • Access lifecycle management
  • Identity lifecycle management

Question 64)
An application object is used as a _______ to create one or more service principal objects.

  • Service
  • template
  • Identity

Question 65)
Complete the following sentence. Managed identities, for Azure resources, is the new name for the service formerly known as ______________.

  • Azure Synapse
  • Azure CLI
  • Managed Service Identity, or MSI

Question 66)
True or False: Azure Active Directory is a cloud-based Active Directory.

  • True
  • False

Question 67)
One of the network administrators at your workplace wants to ensure everyone understands the different tools available in relation to an Active Directory. The following scenario and question are put forward:
“Imagine you’re a network administrator responsible for managing user accounts, enforcing security policies, and deploying software updates across our on-premises Active Directory domain.
In this scenario, which tool do you think would be most suitable for these tasks?”

  • Azure AD Connect
  • Active Directory Migration Tool (ADMT).
  • Active Directory Domain Services (AD DS)

Question 68)
What type of identity is used by devices to access resources on AAD?

  • Device Identity
  • User Identity
  • Service Principals

Question 69)
You work for an organization, and you want to connect with an external identity through your Azure AD account, allowing them to consume your product or application.
Which of the following services would you use?

  • Azure AD B2C
  • B2B collaboration
  • B2B direct connect

Question 70)
There is a discussion on how best to protect the office resources work. The boss divided the staff into different teams, each with the task of making an argument for different security measures. Your team is tasked with arguing the use of biometrics.
Which of the following would you include in your argument?

  • Biometric data can’t be compromised through scams such as phishing.
  • Biometric data is easy to configure with sensors.
  • Biometric data offers an additional layer of security.

Question 71)
Which Microsoft service enables password propagation between on-premises and cloud-based Active Directories to enable a user to sign on to either of these with the same password?

  • Azure AD Application Proxy
  • Active Directory domain controller
  • Azure AD Pass-through

Question 72)
True or False: It is possible to reduce access based on the protocol used in the request.

  • True
  • False

Question 73)
The company you currently work at is medium-sized and you want to provide a user with access to a company resource.
True or False: Assigning the user with the Eligible status from the role-based access control (RBAC) drop-down menu allows the user to gain instant access.

  • True
  • False

Question 74)
Having joined a new company, you are advised that the company is taking the extreme stance that an intruder has already overcome some security measures.
Which of the following terms best summarizes this?

  • Explicit verification
  • Least privileged access
  • Assuming breach

Question 75)
Upon joining a new company, you are informed that the company employs Zero Trust, with regards to access.
True or False: In this case, Zero Trust means that your new company assumes that everything behind the corporate firewall is safe.

  • True
  • False

Question 76)
In creating a strong security posture for Sam’s Scoops, you want to convince your manager that a strong security perimeter is the best approach.
Which of the following statements could you use to motivate your argument? Select all that apply.

  • It increases visibility and control for organizations.
  • It reduces the attack surface for organizations.
  • It improves network perimeters for organizations.
  • It increases the speed in which identities can be created.

Question 77)
Which of the following sentences best describes an Azure resource group?

  • An Azure resource group is a container for Azure resources that allows you to organize and manage them based on application or environment.
  • An Azure resource group is a purchase plan that provides access to a select number of Azure services and resources.
  • An Azure resource group is a trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.

Question 78)
Complete the following sentence. Conditional Access policies consider various ____________ when making access controls in AAD.

  • Workplaces
  • Signals
  • Permissions

Question 79)
You are working as a Cybersecurity Analyst for a large organization. As part of your role, you are responsible for managing access controls and permissions for various entities within the organization’s systems. A colleague approaches you to gain more clarity around authentication.

Which of the following concepts refers to any entity that can be authenticated, such as a user, group, or service principal?

  • Role Scope
  • Security Principal
  • Role Definition

Question 80)
You want to use a universal template to create different entities with appropriate permissions.

True or False: You should inform your manager that you can use an application object as a blueprint to create service principals based on current company policies.

  • True
  • False

Question 81)
Sam’s Scoops has recently migrated from an on-premises Active Directory to Azure Active Directory, and uses AD Connect to synchronize and manage identities between the two directories.

Which of the following sentences best defines what AD Connect is?

  • AD Connect is a Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.
  • AD Connect is a Microsoft tool that provides synchronization and identity management between an on-premises Active Directory and Azure Active Directory.
  • AD Connect is a Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.

Question 82)
True or False: Active Directory Federation Services (AD FS) is a centralized provider.

  • True
  • False

Question 83)
True or False: Identity Lifecycle Management is a feature of Azure that enables an organization to provide fine-grained control of who access some specialized information.

  • True
  • False

Question 84)
Complete the following sentence. Managed identities for Azure resources eliminate the need to manage __________.

  • certificates
  • keys
  • secrets

Question 85)
Which tool does the following definition relate to?

A tool that can extract passwords, group memberships, and other attributes associated with users and groups and duplicate them in the cloud.

  • Active Directory Domain Services (AD DS)
  • Azure AD Connect
  • Active Directory Migration Tool (ADMT)

Question 86)
What is the name of the interface used to interact with Azure services?

  • AD Connect
  • Azure portal
  • AD Intune

Question 87)
You are an IT administrator for a company that has recently adopted a hybrid cloud environment, utilizing both an on-premises Active Directory and Azure Active Directory (AAD). The company wants to ensure a seamless password experience for users, regardless of whether they are accessing resources on-premises or in the cloud. To achieve this, the IT team is exploring different services that synchronize password hashes between the on-premises Active Directory and Azure AD.
In this scenario, which service best matches the description?

  • Active Directory Federation Services (AD FS)
  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication

Question 88)
True or False: Device information, such as the operating system being used, can trigger a Conditional Access policy.

  • True
  • False

Question 89)
Which of the following Conditional Access best practices is most applicable to enhance security when all access to your network is to be conducted on-premises.

  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.
  • Configuring granular policies for specific applications and requests.

Question 90)
True or False: Entitlement management is a feature of Identity Governance which allows users, including external guests, to request access to predefined access packages.

  • True
  • False

Question 91)
Which service takes the form of a Windows Server role that enables single sign-on (SSO) and federated identity across different organizations or domains?

  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication
  • Active Directory Federation Services (AD FS)

You might also likeCybersecurity Threat Vectors and Mitigation Quiz Answers + Review

My Review: Cybersecurity Identity and Access Solutions using Azure AD

I recently completed the “Cybersecurity Identity and Access Solutions using Azure AD” course on Coursera, the fourth course in the Microsoft Cybersecurity Analyst Professional Certificate series. This course builds on the foundational knowledge of computers, networking, and cyber threats introduced in earlier modules, and dives deeper into the critical topics of authentication, authorization, and identity management. Over four well-structured modules, it explains key concepts like Active Directory, two-step authentication, single sign-on (SSO), and the use of Azure Active Directory (Azure AD) in enterprise security.

I found the course straightforward and beginner-friendly, especially for those new to identity and access management. It’s also a great resource for those preparing for the Microsoft SC-900 exam, as it aligns well with the certification’s objectives. Overall, it’s a valuable and practical step toward understanding how modern organizations manage digital identities and secure access.

Category: Coursera Hub

Leave a Reply

Your email address will not be published. Required fields are marked *