Cybersecurity Management and Compliance Quiz Answers + Review

In this article, I’m sharing my review of the Cybersecurity Management and Compliance course, along with all the quiz answers to support your learning.

Just finished the Coursera course “Cybersecurity Management and Compliance”? This is another key part of the Microsoft Cybersecurity Analyst Professional Certificate and focuses on the policies, standards, and frameworks that drive cybersecurity in today’s cloud-based world. From Microsoft’s privacy principles to tools for compliance management and cloud adoption strategies, this course offers practical insights that are essential for anyone pursuing a cybersecurity career.

If you’re aiming for the SC-900 certification, this course is definitely worth your time — and I’ve added all the quiz answers to help you along the way!

Module quiz: Security administration Quiz Answers

Question 1)
You are a system administrator responsible for ensuring that user identities remain accessible during an outage. Which method or feature from Azure would best ensure that user identities managed by services remain available during outages?

• Use Availability Set in Azure.
• Making user identities accessible at the secondary location using methods such as profile containers.
• Deploying multiple Pooled host pools across regions.

Question 2)
True or False: Azure’s network architecture utilizes the OSI model Layer 3 routing to eliminate traffic loops and employs Equal-Cost Multi-Path (ECMP) Routing for high redundancy and bandwidth.

• True
• False

Question 3)
Your organization wants to integrate Azure into your existing IT environment.
What should you consider regarding the identity integration requirements?

• The complexity of the organization’s on-premises Active Directory infrastructure.
• The brand of the organization’s existing hardware.
• The organization’s yearly revenue.

Question 4)
What is the primary aim of the ‘Planning’ stage in the Azure Cloud Adoption Framework (CAF)?

• Defining workloads, establishing iterations and release plans, estimating timelines, and integrating required assets.
• Prioritizing cloud platforms to use.
• Only reviewing rationalization decisions.

Question 5)
Samantha is considering using a tech service for her business and is keen on ensuring that her customers’ data won’t be used for advertising purposes. She comes across Microsoft’s data privacy principles. Which principle should she be particularly interested in?

• Legal Protections
• No Content-Based Targeting
• Benefits for the Customer

Question 6)
True or False: The Data Subject Requests (DSR) section in the Service Trust Portal helps users locate, export, and erase data across Microsoft’s cloud services.

• True
• False

Question 7)
True or False: The optional enhancements of CSPM in Microsoft Defender for Cloud are available free of charge.

• True
• False

Question 8)
Which pillar of the Azure Well-Architected Framework focuses on ensuring an application’s uptime and its ability to recover from failures?

• Reliability
• Security
• Cost Optimization

Question 9)
Your company is designing a backup region for the shipment tracking portal to handle potential failures in the East US Azure region.
Which of the following components will you need to specifically account for, given it is confined to a single region and can’t automatically operate in a different region without provisioning another instance?

• Application Gateway
• Azure DNS
• Azure CDN

Question 10)
Imagine you are designing a geographically distributed application for a shipping company that heavily relies on HTTPS traffic. You want a global load balancer that supports filtering and routing based on HTTP properties. Which Azure component would you prioritize?

• Azure Traffic Manager
• Azure CDN
• Azure Front Door

Question 11)
True or False: Azure’s Virtual Desktop service cannot safeguard customer metadata during outages.

• True
• False

Question 12)
Imagine you’re a data security consultant. A company approaches you with concerns about securely storing data on the cloud. They want to ensure data encryption both in-transit and at rest. How would you advise them based on Microsoft Azure’s capabilities?

• Azure offers encryption only for data at rest using Azure Key Vault, but does not support encryption for in-transit data.
• With Azure, you can utilize various encryption capabilities such as Azure Key Vault, Disk Encryption, and Storage Service Encryption for data at rest. For in-transit data, options include Virtual Private Networks, Transport Layer Security, and protocols on Azure VMs.
• Azure does not provide encryption features for data at rest or in-transit, so you might want to consider other platforms.

Question 13)
True or False: In Azure CAF, Identity and Access Management (IAM) is a non-essential design area that focuses on optional security measures.

• True
• False

Question 14)
True or False: Microsoft uses email, chat, files, or other personal content to target advertising to users.

• True
• False

Question 15)
Complete the following sentence. The Azure component that enhances the delivery of static content globally by caching graphics for the website is _____.

• Azure CDN
• Azure App Service
• Azure DNS

Question 16)
True or False: Azure Active Directory requires modifications for multi-region functionality.

• True
• False

Question 17)
Which of the following statements accurately describes Azure’s approach to data security?

• Azure support personnel have default access to customer virtual machines.
• Microsoft monitors and claims ownership over customer data stored on Azure.
• Customers can encrypt data at rest in Azure using Azure Key Vault, Disk Encryption, and Storage Service Encryption.

Question 18)
True or False: The Azure Cloud Adoption Framework (CAF) is solely about providing technical assistance without any emphasis on business strategies.

• True
• False

Question 19)
Aria, a cloud security analyst, is working on improving the security posture of her organization’s multi-cloud environments. She needs real-time access to critical risks and desires a unified visibility of security posture across multiple cloud services.
Which platform integrated with CSPM should she consider utilizing for this purpose?

• Cloud Security Explorer
• DevOps Connector
• Microsoft Defender for Cloud

Question 20)
You are a Solutions Architect helping a company transition to Microsoft Azure. The leadership team wants to understand the initial steps in building an Azure cloud adoption plan based on the Azure CAF.
What should you emphasize as the starting point?

• Ensuring that all prerequisite steps are completed, including strategic inputs like motivations for cloud adoption and tactical inputs like organizational alignment.
• Directly jumping to reviewing rationalization decisions.
• Immediately defining and prioritizing the top 100 workloads.

Question 21)
John is the Data Privacy Officer for a U.S. government agency and is concerned about complying with data protection laws. He’s particularly interested in tools that can help his agency respond to data subject requests as required by the law. Which section of the Microsoft Service Trust Portal should John consult to best meet his requirements?

• Industry and Regional Resources – Healthcare and Life Sciences
• Certifications, Regulations and Standards
• Data Privacy and Compliance Tools – Data Subject Requests (DSR) section

Question 22)
Which is a foundational capability of CSPM in Microsoft Defender for Cloud?

• Security recommendations
• Agent-based vulnerability scanning
• Advanced threat hunting

Question 23)
Which component replaces Azure Application Gateway to handle traffic from the East US region to the West US region in case of regional failure?

• Azure Front Door
• Azure Traffic Manager
• Azure CDN

Question 24)
Which of the following services provided by Azure is specifically designed for virtual machine (VM) replication for disaster recovery?

• Azure Backup
• Azure Site Recovery
• Azure Knowledge Center

Question 25)
Complete the following sentence. The _____ stage of the Azure Cloud Adoption Framework lifecycle focuses on defining the business justification for adopting cloud technologies.

• Strategy
• Migrate
• Manage

Question 26)
True or False: Azure datacenters can never be affected by weather events like hurricanes or floods.

• True
• False

Question 27)
Which of the following best describes the primary purpose of the Microsoft Service Trust Portal (STP)?

• The STP is a customer support portal for Microsoft’s cloud services.
• The STP is primarily a tool for reporting data breaches.
• The STP serves as a hub for resources related to the security and compliance of Microsoft cloud services.

Question 28)
In the realm of cloud-based applications, the primary goal is to prevent failures at all costs.

• True
• False

Question 29)
Complete the following sentence. The principle used by Microsoft that ensures users are well-informed about how their data is collected, processed, and shared is ________________.

• Transparency
• Control
• Security

---

Module quiz: Compliance solutions Quiz Answers

Question 1)
True or False: Microsoft Azure offers more than 50 compliance offerings to cater to different regions and sectors.

• True
• False

Question 2)
According to the shared responsibility model, for which types of cloud deployments in Microsoft Azure would responsibility for the operating system fall to the Cloud Service Provider (CSP)? Select all that apply.

• Software as a service (SaaS)
• On-premises
• Infrastructure as a service (IaaS)
• Platform as a service (PaaS)

Question 3)
John, an IT admin, is using Microsoft Purview’s compliance portal. He wants to gain insights into classified content across the organization. Which feature should John access to fulfill this requirement?

• Data Lineage
• Activity Explorer
• Content Explorer

Question 4)
Consider a scenario where a long-time employee in the finance department of a company becomes disgruntled due to a denied promotion. Out of resentment, he decides to modify the financial records of the company subtly, making them inaccurate. This action is an example of which type of insider threat?

• Third-party threat
• Accidental data breach
• Data corruption

Question 5)
True or False: The Alert dashboard allows users to see the total number of alerts generated by policy matches in the last 60 days.

• True
• False

Question 6)
You are the IT administrator for a large organization. There is a need to ensure that members of the finance team working on a confidential project do not communicate or share documents with specific groups in the company. Which Microsoft tool should you employ to achieve this?

• Communication compliance policies
• Microsoft Purview Information Barriers (IB)
• Microsoft Purview Privileged Access Management (PAM)

Question 7)
True or False: Microsoft Purview Communication Compliance supports the review and remediation of messages only in Microsoft Teams and does not extend to third-party platforms.

• True
• False

Question 8)
Anna, a new employee at TechnoCorp, is tasked with drafting a document that contains credit card information. She needs to make sure the document is appropriately classified and protected. Using the Microsoft data management principles, which of the following steps should Anna take first?

• Use a sensitivity label to classify the document, ensuring data protection features like encryption are applied.
• Delete the document after saving it to an external drive.
• Share the document with her team for feedback without applying any labels.

Question 9)
Which of the following accurately describes the role of a Data Steward in Microsoft Purview?

• A Data Steward oversees the definition, quality, and administration of specific data sectors and collaborates with counterparts on data management aspects.
• A Data Steward is the primary business authority responsible for ensuring data quality and protection.
• A Data Steward is responsible for the initial creation and capture of data in an organization.

Question 10)
Which of the following statements best describes the purpose of data classification in Microsoft Purview?

• Data classification is merely a cosmetic feature with no impact on data governance.
• Data classification in Microsoft Purview helps in understanding, searching, and governing data assets.
• Data classification is only used for tagging assets with built-in system classifications.

Question 11)
Which of the following statements best describes the CIS Benchmarks?

• They are a set of guidelines to improve the performance of cloud services.
• They are a proprietary system used by Microsoft Azure for compliance.
• They offer configuration standards for securing a system.

Question 12)
You are a Risk Manager at a financial firm planning to migrate to Azure. After inventorying your apps, you find that one of them deals with processing credit card payments and holds large amounts of sensitive customer data. This app is crucial for daily operations and generates significant revenue for the company. Based on the provided information, how should you classify this app’s business impact level?

• Low Business Impact (LBI)
• Medium Business Impact (MBI)
• High Business Impact (HBI)

Question 13)
True or False: Insider risks always arise from employees with malicious intent.

• True
• False

Question 14)
You are an investigator in a company’s IT department. You received a tip about a specific employee’s potentially risky behavior but noticed that the employee doesn’t fall under any insider risk management policy. Which tool would be most appropriate for inspecting the activities of this user?

• User activity reports
• Incident response plan
• Insider risk Alert dashboard

Question 15)
True or False: Microsoft offers only standard sensitivity labels and does not allow organizations to create custom labels.

• True
• False

Question 16)
True or False: Microsoft Purview’s Data Catalog mainly deals with the archiving stage of data management.

• True
• False

Question 17)
True or False: In Microsoft Purview, reviewers get only one email notification about disposition reviews allocated to them, and no follow-ups are sent afterward.

• True
• False

Question 18)
True or False: Microsoft suggests customers should avoid standardized risk and controls frameworks like ISO 27001 or NIST SP 800-53 for cloud risk assessment.

• True
• False

Question 19)
Which method of data classification in Microsoft Purview is driven by machine learning to categorize unique data like specific contracts or customer records?

• Trainable Classifiers
• Data Lineage
• Sensitive Information Types (SIT)

Question 20)
Which of the following best describes the primary purpose of data classification within an organization’s data management strategy?

• To encrypt all data within an organization.
• To comprehend an organization’s data layout and inform protection and governance strategies.
• To automatically delete outdated data.

Question 21)
Which of the following best describes the primary purpose of User activity reports in managing insider threats?

• They provide a count of all alerts that require review and triage.
• They only monitor users who are explicitly mentioned in an insider risk management policy.
• They facilitate the examination of potentially risky behaviors for specific users over a designated time frame, without necessarily linking them to an insider risk management policy.

Question 22)
You are an IT administrator for a medium-sized organization that uses Microsoft 365. Your compliance management team has raised concerns about potential communication violations occurring over email. What should you do to monitor email communications for compliance?

• Manually review all email communications.
• Implement Microsoft Purview Communication Compliance with policies specifically configured for Exchange Online.
• Disable all email communications within the organization.

Question 33)
Imagine you are a security officer for a global company and are considering Microsoft Azure for your company’s cloud operations. A top priority is ensuring that the cloud service you choose aligns with industry best practices for cyber defense. Which of the following tools or benchmarks would best guide your company in achieving a secure baseline configuration for Microsoft Azure?

• CIS Microsoft Azure Foundations Benchmark
• Microsoft Compliance Center
• Azure Security Center

Question 24)
Which of the following is a primary function of Microsoft Purview Privileged Access Management (PAM) in Office 365?

• It restricts unauthorized interactions between specific groups and users within Microsoft Teams and SharePoint.
• It monitors communications within an organization for compliance with corporate and legal standards.
• It safeguards organizations from potential breaches by controlling privileged administrative tasks through a just-in-time access process.

Question 25)
Imagine you work in a large organization, and you have just been designated the role of Data Curator in Microsoft Purview. As part of your responsibilities, a team member approaches you asking for read/write permissions for a particular set of assets. Who in Microsoft Purview has the authority to grant this request?

• The Data Curator has the authority to control read/write permissions for assets in a collection group.
• The Data Owner grants permissions for reading and writing to assets.
• The Data Steward has the authority to manage read/write permissions.

Question 26)
Which of the following are functions of information barriers (IB) in Microsoft Purview? Select all that apply.

• Information barriers monitor communications for unauthorized or inappropriate discussions.
• Information barriers regulate two-way communication and collaboration among groups and users within Microsoft Teams, SharePoint, and OneDrive.
• Once IB policies are activated, they ensure that certain users are restricted from communicating or sharing files with designated others.
• Information barriers enforce data access controls and restrictions to maintain compliance and security.

Question 27)
Which of the following best describes a feature of Microsoft Purview Communication Compliance’s customizable templates?

• They utilize machine learning to detect communication violations effectively.
• They allow automatic deletion of inappropriate messages without review.
• They enable integration with third-party applications for template customization.

Question 28)
Which of the following best describes an intentional threat that comes from inside an organization?

• An employee mistakenly sending confidential data to the wrong email address.
• An external hacker exploiting a vulnerability in the company’s security.
• An employee maliciously leaking confidential data to a competitor.

---

Module quiz: Laws and standards Quiz Answers

Question 1)
John is working for a federal agency and is responsible for implementing and maintaining security protocols for their information system. After setting up the initial security controls, John is discussing the next steps with his team. Which of the following FISMA requirements should John emphasize as a continuous process?

• Set up Minimum Baseline Controls and leave them as they are.
• Document the Controls in the System Security Plan once and forget.
• Monitor the Security Controls on a Continuous Basis.

Question 2)
Anna is the Chief Information Security Officer (CISO) for a global manufacturing company. She’s been asked to create a system that helps her team understand their current cybersecurity posture, outline their future goals, and continuously track progress toward achieving those goals. Which component of the NIST Framework should she utilize for this purpose?

• Describing their current cybersecurity posture, outlining their cybersecurity goals, and tracking progress to the desired state.
• Focus on Implementation Tiers without considering the Framework Core or Profiles.
• Using the Framework solely for a basic review of cybersecurity practices by comparing against five high-level Functions: Identify, Protect, Detect, Respond, and Recover.

Question 3)
Which of the following are components of the NIST Framework? Select all that apply.

• Framework Profiles
• Risk Management
• Risk Assessment
• Framework Core

Question 4)
Jenny, a CFO of a publicly traded company, is discussing the importance of adhering to the Sarbanes-Oxley Act with her team. One of the team members mentions that the company could face legal consequences and significant financial penalties if they fail to comply. Another team member brings up that the company could also experience a loss of investor trust. Jenny wants to emphasize one more significant repercussion of non-compliance. What should she highlight?

• The company may encounter operational challenges, like increased audit fees and disruptions to core business functions.
• The company might face increased competition.
• The company might have to decrease its workforce.

Question 5)
Imagine you are the CEO of a company that uses Microsoft services to store customer data. One day, you are informed of unauthorized access to this data. How will Microsoft, as a data processor, assist you in addressing this breach as per GDPR regulations?

• Microsoft will immediately delete all data related to the breach without notifying the company.
• Microsoft will assess the privacy risks and determine if there’s a need to notify the DPA.
• Microsoft will notify you of the breach unless the data accessed is unintelligible, like encrypted data with a secure key.

Question 6)
True or False: ISO 27001 is a region-specific standard and is not recognized internationally.

• True
• False

Question 7)
True or False: Once resources are deployed using ARM templates, there remains a permanent connection between the deployed resources and the template.

• True
• False

Question 8)
Which of the following describes a key principle of COBIT?

• COBIT separates governance from management roles and responsibilities.
• COBIT is only applicable to large-scale enterprises.
• COBIT exclusively focuses on technological solutions for IT governance.

Question 9)
True or False: The NIST Privacy Framework consists of the Core, Profiles, and Implementation Tiers.

• True
• False

Question 10)
Which of the following best describes the primary purpose of a Privacy Risk Assessment (PRA) in the context of cloud services?

• Solely to ensure compliance with GDPR and HIPAA.
• To evaluate the cloud service provider’s technical capabilities.
• Systematically identifying, analyzing, evaluating, and addressing privacy risks associated with personal data and sensitive information in the cloud.

Question 11)
What is the primary purpose of the Federal Information Security Management Act (FISMA)?

• To create standardized cloud services for federal agencies.
• To bolster the security framework around federal information systems.
• To regulate private sector companies and their data security.

Question 12)
True or False: The NIST Framework replaces all other existing cybersecurity processes in an organization.

• True
• False

Question 13)
True or False: One of the primary components of the NIST Framework is the “Risk Management Tier.”

• True
• False

Question 14)
Which of the following best describes the primary objective of the Sarbanes-Oxley Act (SOX)?

• To reduce the tax burden on corporations.
• To protect investors by enhancing the accuracy and reliability of corporate financial statements.
• To promote corporate mergers and acquisitions.

Question 15)
Which of the following are controls of the ISO 27001 standard? Select all that apply.

• Business continuity management
• Vendor management
• Employee training programs
• Information security policies

Question 16)
Which of the following best describes the purpose of the COBIT framework in the context of cloud computing?

• It provides a comprehensive set of goals, practices, roles, responsibilities, and metrics to manage and audit cloud services effectively.
• It outlines the legal and regulatory obligations for cloud services.
• It is solely used for evaluating the Azure deployment.

Question 17)
True or False: A Privacy Requirements Traceability Matrix (PRTM) is primarily used to map privacy requirements from the PRA to the technical features provided by cloud services.

• True
• False

Question 18)
Which of the following best describes the primary purpose of the NIST Framework?

• It provides a comprehensive structure for organizations to manage and mitigate cybersecurity risks.
• It is a set of regulations that companies must legally adhere to.
• It is solely focused on the technological aspects of an organization.

Question 19)
True or False: Microsoft, when acting as a data processor, will only notify customers of data breaches when the breached data is intelligible.

• True
• False

Question 20)
Imagine you are a Cloud Architect for a company that needs to maintain compliance with the ISO standard. Your CEO is concerned about ensuring that every deployment within Azure adheres to the ISO guidelines. Which Azure service should you recommend to the CEO to enforce consistent policy implementation and resource conventions across deployments?

• Azure Storage
• Azure Blueprints
• ARM templates

Question 21)
Your organization is transitioning to Microsoft Azure and wants to ensure that the services provided by Azure support both operational and compliance objectives. Which ISACA guide would best assist auditors in this evaluation?

• COBIT Performance Management System.
• Azure Audit Program.
• COBIT Design and Implementation Guides.

Question 22)
Imagine you are the CIO of a large organization that’s considering moving its operations to a cloud-based infrastructure. One of your team members suggests neglecting the change management processes, stating that once the transition to the cloud is complete, no further action is required. Based on the article, what’s the best response?

• Implementing cloud frameworks is not a one-time activity but a continuous process that requires monitoring and adapting to changes in the cloud environment, business objectives, stakeholder needs, and legal requirements.
• The change management process is only relevant during the initial transition to the cloud.
• Only the initial setup of cloud services is crucial; post-deployment processes like monitoring changes are not essential.

Question 23)
A multinational company wants to ensure its cybersecurity measures are adaptable across borders and recognize global cybersecurity risks. How does the NIST Framework facilitate this?

• By providing financial incentives to companies that operate in multiple countries.
• By mandating specific cybersecurity software and hardware that must be used in all countries.
• By fostering technical innovation through its technology-neutral stance and referencing a range of evolving global standards, guidelines, and practices.

Question 24)
True or False: COBIT’s primary function is to provide guidelines for IT audits.

• True
• False

Question 25)
You are an IT consultant hired by a new startup company that is looking to use Microsoft Azure for its cloud services. The CEO is concerned about privacy and wants to ensure that their Azure deployment meets all necessary privacy requirements. Which of the following should be your primary recommendation?

• Ignore COBIT as it is not relevant to cloud services.
• Solely focus on the NIST Privacy Framework as it is the only framework related to cloud privacy.
• Utilize the Azure Audit Program as it offers evaluative control statements and detailed testing procedures specific to Azure deployment areas.

Question 26)
True or False: One of the main categories in FISMA requires federal agencies to conduct security reviews every five years.

• True
• False

Question 27)
What is the primary function of Azure Blueprints?

• Azure Blueprints allows organizations to define a repeatable set of Azure resources that adhere to requirements and standards.
• Azure Blueprints provides a platform for developing cloud-based applications.
• Azure Blueprints are primarily used for storing data in the cloud.

Question 28)
Which entity decides the purpose and method of processing personal data under GDPR?

• Data Subject
• Data Controller
• Processor

Question 29)
True or False: One of the significant sections of the Sarbanes-Oxley Act, Section 404, mandates that companies evaluate their external marketing strategies.

• True
• False

Question 30)
Which of the following best describes the purpose of ISO 27001 within the realm of information security?

• It establishes guidelines for an Information Security Management System (ISMS).
• It serves as a guideline for setting up a physical security system.
• It provides standards for setting up a global communication network.

---

Self review: Achieving compliance Quiz Answers

Question 1)
Alex, an IT manager at NexaGlobal Ltd., is reviewing the new digital transformation strategy document that focuses on leveraging Microsoft Azure’s security solutions. He must ensure that the company’s data integrity and compliance with international standards are maintained. After studying the strategy, Alex faces a scenario where he needs to decide the best course of action. Which of the following actions should Alex prioritize to align with the company’s new strategy?

• Focus on training programs exclusively on disaster recovery protocols, ignoring other aspects like MFA and identity management.
• Prioritize deploying Azure Active Directory (AAD) as the primary identity provider and enforce Multi-Factor Authentication (MFA) for all users.
• Implement an external, third-party identity provider, considering it might offer more flexibility than Azure Active Directory (AAD).

Question 2)
NexaGlobal Ltd. is in the process of adopting the Azure Cloud Adoption Framework (CAF) as part of its cloud transformation strategy. Sarah, the Cloud Strategy Director, needs to make a decision regarding the initial steps of implementation. Considering the guidelines of the Azure CAF and the company’s goal for a robust and agile cloud strategy, which of the following actions should Sarah prioritize?

• Focus solely on scaling the cloud infrastructure rapidly, disregarding other aspects of the Azure CAF to achieve quick results.
• Conduct a comprehensive assessment using Azure CAF to align the company’s cloud strategy with Azure’s best practices in security, scalability, and performance.
• Implement Azure CAF without any initial assessments, assuming the company’s current strategy is already aligned with Azure’s best practices.

Question 3)
As the Data Manager at NexaGlobal Ltd., Emma is tasked with enhancing the company’s data management processes using Azure tools. With the recent focus on adopting Azure Data Factory and Azure Policy, she must decide on an immediate action that aligns with the company’s strategy for efficient, secure, and compliant data management. Which of the following actions should Emma prioritize?

• Implement Azure Policy first to define data management rules, delaying the adoption of Azure Data Factory to focus on policy development.
• Adopt Azure Data Factory as the primary tool for orchestrating extract, transform, and load (ETL) processes while simultaneously implementing Azure Policy to ensure data management compliance.
• Prioritize exclusive training for the team on Azure Data Factory, neglecting Azure Policy understanding and implementation.

Question 4)
As the head of IT operations at NexaGlobal Ltd., Carlos is responsible for enhancing the company’s data availability and continuity using Azure services. The company is expanding its operations globally, and Carlos needs to make a strategic decision to ensure robust data backup and minimal operational interruption. Which of the following actions should Carlos prioritize, in line with the company’s objectives?

• Rely exclusively on Azure’s internal disaster recovery mechanisms, assuming they will automatically provide optimal performance for international operations without additional strategic planning.
• Focus solely on drafting a comprehensive uptime service level agreement (SLA) without implementing any actual Azure Geo-Replication services, assuming that the SLA alone will ensure data availability.
• Implement Azure’s Geo-Replication services to mirror data across multiple regions and draft an uptime SLA that reflects the redundancy provided by these services.

Question 5)
Mia, the Compliance Officer at NexaGlobal Ltd., is tasked with ensuring the company’s cloud architecture and IT governance align with various compliance standards using Azure tools. With the introduction of Azure Compliance Manager, Azure Blueprints, and the COBIT framework, Mia needs to decide the most effective strategy to maintain continuous compliance. Which of the following actions should Mia prioritize to meet this objective?

• Use Azure Blueprints to codify the compliance requirements of ISO 27001 into the company’s cloud architecture and regularly use Azure Compliance Manager for compliance assessments.
• Integrate the principles of the COBIT framework with Azure Blueprints for compliant IT deployments and utilize Azure Compliance Manager to ensure ongoing alignment with ISMA and ISO 27001 standards.
• Focus exclusively on implementing the COBIT framework for IT governance, disregarding the use of Azure Compliance Manager and Azure Blueprints.

Question 6)
As the Chief Security Officer at NexaGlobal Ltd., Jordan is tasked with implementing an effective strategy to manage and mitigate insider risks using Azure’s security tools. With a range of tools available, Jordan needs to decide which combination of tools and strategies will most effectively address the unique challenges of insider threats. Which of the following actions should Jordan prioritize to ensure comprehensive insider risk management?

• Utilize a combination of Azure’s Insider Risk Management, Microsoft Defender for Identity, Microsoft Purview Information Protection, and Office 365 Communication Compliance to ensure a holistic approach to insider risk.
• Rely solely on Microsoft Defender for Identity for its advanced threat detection capabilities, neglecting other tools and strategies focused on insider risks.
• Implement Azure Active Directory and Conditional Access as the primary tools, assuming they will suffice for all aspects of insider risk management.

Question 7)
As the Data Protection Officer at NexaGlobal Ltd., Isabella is responsible for implementing a comprehensive information protection and data lifecycle strategy using Azure services. With the introduction of Azure Information Protection (AIP) and Azure Blob Storage Lifecycle Management, Isabella must choose the best approach to ensure efficient, secure, and compliant data management. Which of the following actions should Isabella prioritize?

• Initiate data classification and protection policies using Azure Information Protection, and adopt Azure Blob Storage Lifecycle Management for data lifecycle orchestration, including compliance and cost optimization.
• Focus primarily on user education using AIP’s real-time recommendations, while deprioritizing the implementation of data classification and lifecycle policies.
• Implement Azure Blob Storage Lifecycle Management strictly for cost optimization, disregarding the importance of compliance and data protection aspects.

Question 8)
As the Compliance Manager at NexaGlobal Ltd., Emily is in charge of ensuring the company’s continuous compliance with ISMA, ISO, and COBIT standards using Azure tools. She needs to decide on an effective compliance management strategy that encompasses monitoring, checks, remediation, and documentation. Which of the following actions should Emily prioritize to maintain high compliance standards?

• Solely focus on documentation and record-keeping of compliance efforts, assuming that this will suffice for future reviews and external audits.
• Focus primarily on engaging third-party auditors annually, relying on their assessments to identify and rectify compliance issues.
• Implement integrated monitoring using Azure Blueprints and Azure Compliance Manager, conduct automated compliance checks, and establish a rapid remediation task force, complemented by meticulous record-keeping.

Question 9)
Which tool provided by Microsoft is primarily designed to help organizations define a repeatable set of Azure resources that align with company standards and can be audited against regulatory requirements?

• Azure Monitor and Log Analytics
• Azure Security Center
• Azure Blueprints

Question 10)
Linda, a Compliance Manager at a multinational corporation, is tasked with overhauling the company’s documentation and reporting process to enhance efficiency and compliance. She plans to utilize Microsoft SharePoint, Azure Active Directory, Azure Compliance Manager, and Microsoft Power BI as part of her strategy. Given the following options, which approach should Linda prioritize to best meet her objectives?

• Focus exclusively on using Microsoft SharePoint for document storage without integrating Azure Compliance Manager or Microsoft Power BI.
• Solely rely on Azure Active Directory for access control, disregarding the need for a centralized repository and data visualization tools.
• Implement a centralized repository with Microsoft SharePoint, standardized templates, and integrate automated reporting with Azure Compliance Manager and Power BI for interactive dashboards.

---

Course quiz: Cybersecurity management and compliance Quiz Answers

Question 1)
Imagine you are the IT head for a medium-sized company that is heavily dependent on Azure for its IT infrastructure. A crucial regional data center faces an outage. Your primary VMs are currently in this data center. What can you do to ensure uninterrupted user access during this situation?

• Disconnect from Azure until the issue is resolved.
• Replicate personal VMs to a different Azure region (secondary location).
• Only rely on local backups of data.

Question 2)
You are a company executive assessing cloud platforms for storing sensitive company data. You read about Azure’s physical security measures. Which of the following measures is a part of Azure’s datacenter physical security protocols?

• Public access to datacenter facilities for viewing purposes.
• Two-factor authentication with biometrics and stringent access restrictions.
• Casual entry for staff and visitors without any checks.

Question 3)
You are designing a cloud infrastructure for a client and need a service that can enforce specific rules and effects over Azure resources to help maintain corporate standards and ensure compliance. Which Azure service would best meet this requirement?

• Azure Application Gateway
• Azure Private Link
• Azure Policy

Question 4)
Which Azure service provides a cloud-native Security Information and Event Management (SIEM) solution?

• Azure Sentinel
• Azure Policy
• Azure Monitor Logs

Question 5)
Your company has decided to adopt Microsoft Azure as its cloud platform. The CTO is looking for a comprehensive approach that guides the company throughout the cloud adoption process. She is particularly interested in understanding the business objectives, planning the adoption timeline, migrating existing workloads, and ensuring post-adoption governance. Which of the following Microsoft offerings would be most suitable for her needs?

• Azure Cloud Adoption Framework (CAF)
• Azure Active Directory (Azure AD)
• Azure Pricing Calculator

Question 6)
Which principle of the zero-trust model in the Microsoft Cloud Adoption Framework for Azure emphasizes granting the minimal level of access necessary for users to perform their functions?

• Principle of maximum access
• Principle of trust verification
• Principle of least privilege

Question 7)
What is one of the main uses of the Microsoft Service Trust Portal?

• To offer a platform for social networking among Microsoft cloud service users.
• To offer access to audit reports and whitepapers for understanding security and compliance mechanisms.
• To provide gaming content for Microsoft cloud services.

Question 8)
You are the security manager for a multi-cloud enterprise and are considering using Microsoft Defender for Cloud’s CSPM capabilities. Your CEO is concerned about additional costs. Which of the following statements would accurately address her concerns?

• All features of CSPM in Defender for Cloud are completely free.
• Microsoft Defender for Cloud charges for all CSPM features, including security recommendations and asset inventory.
• The foundational capabilities of CSPM in Defender for Cloud are free, but optional features such as attack path analysis and advanced threat hunting incur charges.

Question 9)
Which of the following best describes the shared responsibility model in Azure?

• Customers are solely responsible for all aspects of the cloud, including the underlying infrastructure.
• The shared responsibility model divides tasks between Microsoft and its customers, with specifics depending on the service model (IaaS, PaaS, or SaaS).
• Microsoft is solely responsible for all aspects of the cloud, including data and applications.

Question 10)
You are tasked with ensuring that your company’s application hosted on Azure remains operational even in the event of a datacenter failure. Which Azure feature would best help you accomplish this?

• Deploying the application in a single region without utilizing Availability Zones.
• Utilizing Availability Zones to operate the application across physically separate locations within a region.
• Categorizing your application as a “foundational service” in Azure.

Question 11)
True or False: Microsoft is solely responsible for the reliability of applications on Azure.

• True
• False

Question 12)
You are a cloud solutions architect working for a large corporation. The company wants to implement a new cloud-based application on Azure but needs to ensure that the application meets strict security and compliance standards. Which tool from Microsoft would you recommend to help define, enforce, and ensure that their cloud environment remains compliant?

• Azure Marketplace
• Azure Policy
• Azure Data Factory

Question 13)
Which of the following best describes the primary purpose of conducting a risk assessment before migrating to Microsoft Azure?

• To determine the cost of cloud services.
• To select the latest cloud technologies for implementation.
• To ensure the confidentiality, integrity, availability, and privacy of data and systems.

Question 14)
Imagine you are an admin for a large corporation that handles thousands of documents daily. You want a feature that can provide insights into classified content across the organization. Which Microsoft Purview feature would best suit this need?

• Content Explorer
• Data Map Essentials
• Data Lineage

Question 15)
Data Loss Prevention (DLP) primarily ensures that crucial data ______ within an organization’s designated boundaries.

• is deleted
• is labeled
• remains confined

Question 16)
Imagine you are the Data Compliance Officer for a multinational company. A new regulation has been introduced that requires businesses to validate and provide proof of record deletions. Which feature of Microsoft Purview’s records management system would you utilize to ensure compliance with this regulation?

• Start different retention periods when an event occurs with event-based retention.
• Migrate and manage your retention requirements with file plan.
• Review and validate disposition with disposition reviews and proof of records deletion.

Question 17)
Insider threats that intentionally harm the organization for personal gains or grievances are termed as ________.

• Malicious insiders
• External threats
• Accidental breaches

Question 18)
Which of the following actions can be part of the investigation process in Insider Risk Management? Select all that apply.

• Utilizing the User activity chart to delve into the specifics of user behavior.
• Exploring content through the Content explorer to get insights into user data access.
• Ignoring any anomalies in user behavior to avoid unnecessary conflicts.
• Conducting random background checks on employees without any specific alert.

Question 19)
Only those assigned to the ________ role group have access to the User Activity Reports page.

• Compliance Analysts
• Insider Risk Management Investigators
• IT Admins

Question 20)
Jennifer, a senior data analyst, is part of the Daily Sales group in her company. She needs to share a file with the Marketing Team for an upcoming project. Given the company’s implementation of Microsoft Purview Information Barriers (IB), what would be the outcome of her attempt?

• Jennifer will face restrictions and won’t be able to share the file with the Marketing Team.
• Jennifer can easily share the file, and the Marketing Team will access it without any restrictions.
• Jennifer will not be able to share the file because members of the Daily Sales group are prevented from interacting or sharing files with the Marketing Team.

Question 21)
Which of the following are core features of Microsoft’s data governance solutions? Select all that apply.

• Real-time Tracking
• Streamlined Administration
• Automation for Large Scale
• Manual Deletion

Question 22)
The Microsoft Purview Data Map offers an ________ classification feature when scanning data sources.

• Manual
• Intermittent
• Automated

Question 23)
Which of the following are main categories in the Federal Information Security Management Act (FISMA)? Select all that apply.

• Annual Security Reviews
• Risk Categorization
• Authorization to Operate
• Continuous Cloud Monitoring

Question 24)
Which of the following are main components of the National Institute of Standards and Technology (NIST) Framework? Select all that apply.

• Framework Core
• Technology Adaptation Protocols
• Framework Profiles
• Risk Mitigation Techniques

Question 25)
Which entity decides the purpose and method of processing personal data under the General Data Protection Regulation (GDPR)?

• Data Controller
• Processor
• Data Subject

Question 26)
Which of the following best describes the ISO 27001 standard?

• A universally accepted framework for an Information Security Management System (ISMS).
• A global standard solely for cybersecurity threats.
• A universal standard for environmental safety.

Question 27)
Imagine you are a manager at a company that is transitioning to a cloud-based infrastructure. You want to ensure that the cloud services you employ adhere to universally accepted protection controls. Which ISO/IEC standard would you refer to for this purpose?

• ISO/IEC 27017
• ISO/IEC 27000
• ISO/IEC 27002

Question 28)
Which of the following best describes Azure Blueprints?

• Azure Blueprints are JSON files that define the Azure infrastructure and its configurations.
• Azure Blueprints are templates that can be used to quickly set up governed Azure resources and services in a consistent and compliant manner.
• Azure Blueprints are used only for tracking and auditing purposes in Azure.

Question 29)
Which organization developed the Control Objectives for Information and Related Technologies (COBIT) framework for IT governance and management?

• Information Systems Audit and Control Association (ISACA)
• Information Technology Infrastructure Library (ITIL)
• National Institute of Standards and Technology (NIST)

Question 30)
The ______ framework comprises five domains, including Evaluate, Direct and Monitor (EDM) and Align, Plan and Organize (APO).

• Control Objectives for Information and Related Technologies (COBIT)
• Azure Audit Program
• National Institute of Standards and Technology (NIST) Privacy

Question 31)
Which Azure service supports the replication of VMs both between Azure regions and from on-premises infrastructure to Azure?

• Azure Virtual Desktop
• Azure Site Recovery (ASR)
• Azure Backup

Question 32)
Which Azure service offers a secure, cloud-based storage system for cryptographic keys, certificates, and other sensitive data?

• Azure Front Door
• Azure Application Gateway
• Azure Key Vault

Question 33)
True or False: The Azure Cloud Adoption Framework (CAF) focuses exclusively on the migration of data and applications to the Azure cloud.

• True
• False

Question 34)
True or False: The Microsoft Service Trust Portal focuses exclusively on data privacy and has no features related to compliance.

• True
• False

Question 35)
True or False: Microsoft Defender for Cloud’s integration with CSPM only provides security insights for Azure cloud services.

• True
• False

Question 36)
You are a cloud architect for a medium-sized company that is transitioning its applications to Azure. You’ve been tasked with setting up virtual machines across multiple regions for disaster recovery. Which of the following statements aligns with the shared responsibility model in this context?

• Microsoft will automatically set up cross-region replication for the virtual machines.
• While Azure provides the platform, the onus is on you to set up cross-region replication for resilience against potential regional failures.
• Microsoft will automatically detect regional failures and create a duplicate set of virtual machines in an active region.

Question 37)
What is the primary purpose of Azure Availability Zones?

• To manage user access and data for the services.
• To ensure high availability by housing independent power, cooling, and networking in physically separate locations within a region.
• To categorize Azure services based on their regional availability.

Question 38)
Consider an e-commerce company hosting its application on Azure. It wants to ensure the highest level of reliability for their application, especially during peak sales events. Which of the following would be a crucial step for the company in terms of reliability planning?

• Ignore any potential failure points as Azure will handle all disruptions.
• Rely solely on Microsoft’s service learning agreement (SLA) guarantees without setting their own target SLAs.
• Design the application’s reliability features based on its availability requirements and use availability zones for disaster recovery planning.

Question 39)
Which of the following describes the primary objective of compliance in the context of cloud services?

• To ensure adherence to regulatory, legal, and company standards and policies.
• To maximize profit margins for businesses.
• To guarantee the maximum uptime of cloud servers.

Question 40)
Which of the following methods does Microsoft Purview offer for data classification?

• Classification based on public opinion.
• Automated pattern recognition, such as sensitive information types.
• Using third-party plugins.

Question 41)
Which of the following best describes the primary function of Data Lifecycle Management (DLM)?

• It is a policy-based methodology that directs the movement of data from its creation to its eventual disposal.
• It is a strategy to prevent unauthorized access to sensitive information.
• It deals with sensitivity labels applied to classify data based on its importance.

Question 42)
John, an employee in a multinational company, is frustrated about not receiving a promotion. He decides to share proprietary information with a competitor as revenge. What type of insider threat does John’s action represent?

• Third-Party Threat
• Intentional Threat
• Accidental Data Breach

Question 43)
Which of the following best describes the purpose of User Activity Reports in managing insider threats?

• User Activity Reports facilitate the examination of potentially risky behaviors for specific users over a designated time frame, without necessarily linking them to an insider risk management policy.
• User Activity Reports only monitor users who have been previously linked to an insider risk management policy.
• User Activity Reports are used exclusively for employees that violate insider risk management policies.

Question 44)
Which of the following best describes the purpose of Communication compliance policies within an organization?

• To facilitate video conferencing between team members.
• To ensure that internal messaging aligns with corporate, legal, and regulatory standards.
• To encrypt all communication for added security.

Question 45)
Jane, a data analyst in a firm, is tasked with ensuring that company emails containing sensitive information are stored only for a specific period. She recalls a tool from Microsoft that can help her with this. Which Microsoft feature should Jane use for this purpose?

• Data Lifecycle Management
• Sensitivity labels
• Retention labels

Question 46)
Which of the following best describes the primary purpose of the Federal Information Security Management Act (FISMA)?

• To bolster the security framework around federal information systems in the United States.
• To mandate federal organizations to adopt cloud computing.
• To provide a standardized approach for cloud services and products.

Question 47)
The National Institute of Standards and Technology (NIST) Framework emphasizes aligning cybersecurity activities with ________ and integrating cybersecurity risks into an organization’s overall risk management strategy.

• technological advancements
• business objectives
• global standards

Question 48)
ISO 27001 is part of the larger _______ family which focuses on various aspects of information security.

• ISO/IEC 28000
• ISO/IEC 27000
• ISO/IEC 25000

Question 49)
True or False: Azure claims ownership over customer data and monitors the data stored on its platform.

• True
• False

Question 50)
True or False: Azure Front Door is limited to a specific Azure region and does not offer global scalability.

• True
• False

Question 51)
True or False: Azure Log Analytics Workspaces are mainly used for storing security policies and configurations.

• True
• False

Question 52)
You are a cloud security consultant working with a company that is adopting Azure. The company wants to ensure that security is embedded in its development and deployment processes. Based on the Microsoft Cloud Adoption Framework, which approach should you recommend?

• Integrating security with DevOps practices (DevSecOps) and aligning security with operational processes.
• Isolating security from development processes and handling it separately after deployment.
• Implementing security measures only in the final stages of deployment.

Question 53)
Imagine you work for a global financial institution that needs to stay compliant with various regional regulations. Which feature of the Microsoft Service Trust Portal would be most valuable to your organization?

• Compliance Manager, which helps with GDPR compliance.
• Data Privacy and Compliance Tools, specifically the Data Subject Requests section.
• Industry and Regional Information, providing compliance guidance for financial services by country/region.

Question 54)
True or False: Each Azure region consists of multiple Availability Zones.

• True
• False

Question 55)
True or False: The Center for Internet Security (CIS) benchmarks offer configuration standards for securing a system and have two security setting levels: Level 1 for basic security and Level 2 for enhanced security.

• True
• False

Question 56)
True or False: In Microsoft Azure’s shared responsibility model, the Cloud Service Provider (CSP) is solely responsible for both security and compliance for all cloud deployment types.

• True
• False

Question 57)
Sarah, a member of the IT department, noticed an alert on the Insider Risk Management dashboard that a certain user has accessed sensitive files multiple times within a short period. Given the nature of the alert, what is the most likely next step Sarah should take in the insider risk management process?

• Initiate an investigation using the User activity reports to thoroughly examine the user’s activities over the specified period.
• Send a reminder notice to the user without further examination.
• Dismiss the alert without further investigation.

Question 58)
Emily, a data administrator in a multinational corporation, receives an email notifying her of content nearing the end of its retention duration. The email advises her to review the content before deciding on its disposition. What feature of Microsoft Purview is being utilized?

• Automatic Classification with Microsoft Purview Data Map.
• Disposition Review in Microsoft Purview Compliance Portal.
• Custom Classification in Microsoft Purview Portal.

Question 59)
Imagine you’re an IT consultant for a federal agency. The agency wants to refine its security controls based on current risks and potential threats. Which primary category from the Federal Information Security Management Act (FISMA) would you advise the agency to focus on?

• Refine Controls Using a Risk Assessment Procedure.
• Minimum Baseline Controls.
• Document the Controls in the System Security Plan.

Question 60)
You are the CIO of a company that uses Microsoft Office 365. An employee accidentally sent confidential data to an unauthorized external email. What best describes this situation under the General Data Protection Regulation (GDPR)?

• It is a Data Protection Impact Assessment (DPIA) incident.
• It is a Data Subject Request (DSR).
• It may be considered a personal data breach.

Question 61)
You are an IT manager aiming to ensure that your cloud infrastructure deployments adhere to the ISO standards for security and compliance. Which of the following would be the most suitable approach in Azure to enforce and maintain such standards across multiple deployments?

• Relying solely on manual audits post-deployment to ensure compliance with ISO standards.
• Creating and applying Azure Blueprints that are aligned with ISO standards, ensuring each deployment within their scope adheres to these guidelines.
• Storing ARM templates locally and deploying resources without any connections to the templates.

Question 62)
Jane works at a multinational corporation and is considering a framework to help her organization align IT goals with business objectives. She needs a comprehensive framework that also provides guidance on assessing IT controls, best practices, and more. Which framework would you recommend to Jane?

• ISO/IEC 15504
• Control Objectives for Information and Related Technologies (COBIT)
• Azure Audit Program

Question 63)
Which of the following are crucial steps in preparing for defining cloud service privacy requirements? Select all that apply.

• Organizing preparatory resources
• Selecting a cloud service provider
• Researching new cloud technologies
• Determining privacy capabilities

Question 64)
Which of the following best describes the purpose of the Azure Cloud Adoption Framework (CAF)?

• To provide a list of Microsoft Azure’s cloud services and their pricing details.
• To provide best practices, documentation, and tools that help organizations effectively achieve their cloud adoption objectives.
• To serve as a platform for deploying and hosting applications on the Microsoft Azure cloud.

Question 65)
Which of the following describes the primary function of Cloud Security Posture Management (CSPM)?

• Managing the financial aspects of cloud deployments.
• Enhancing the speed of cloud migrations.
• Maintaining and enhancing cloud environments’ security through continuous assessment and automation.

Question 66)
Which of the following are integral components related to Microsoft Purview’s approach to managing and protecting data? Select all that apply.

• Data Classification
• Sensitivity Labels
• Retention Policies
• Data Encryption

Question 67)
Which of the following statements correctly describe the role of automated audits in compliance? Select all that apply.

• Automated audits create a transparent system.
• Automated audits replace the need for records management.
• Automated audits offer quick identification of irregularities.
• Automated audits only function reactively after a breach has been detected.

Question 68)
Fill in the blank: Insider risk management allows organizations to proactively _______, assess, and mitigate internal threats.

• Prioritize
• Monitor
• Identify

Question 69)
Emma, a risk investigator, receives a tip about a user’s potentially risky behavior. The user is not explicitly mentioned in any insider risk management policy. Which tool should Emma use to investigate this tip?

• Incident Response Plan
• User Activity Reports
• Alert Dashboard

Question 21)
Before devising strategies to protect and govern data, organizations must first understand the ________ and nature of the data they hold.

• extent
• type
• protection

Question 70)
Which of the following best describes the primary advantage of classifying data assets?

• To simplify their understanding, searching, and governance.
• To create multiple copies of data for backup purposes.
• To track the total number of data assets in an organization.

Question 71)
Which of the following are unique controls introduced in the ISO/IEC 27017 standard? Select all that apply.

• Shared roles and responsibilities within a cloud computing environment
• Allocation of duties
• Removal and return of cloud service customer assets upon contract termination
• Ensuring data availability

Question 72)
Which of the following are key principles of Control Objectives for Information and Related Technologies (COBIT)? Select all that apply.

• Separate Governance from Management
• Address Stakeholder Needs
• Maximize Cloud Utilization
• Ensure Rapid Deployment

Question 73)
Which of the following describes Azure’s approach to data security for customer data access by support personnel?

• All support personnel have default access to customer data.
• Only senior administrators are granted access to customer data.
• Access is denied by default and granted on a need-to-know basis.

Question 74)
Which of the following best describes the goal of resiliency in the context of reliability?

• To provide consistent access to your application.
• To return your application to a fully functioning state after a failure occurs.
• To define the permissible downtime for an application.

Question 75)
A finance company is migrating its applications to Microsoft Azure and has cataloged all the apps. One of the apps handles sensitive financial transactions and has access to PCI and PII data. In the event of a denial of access to this app, the company stands to lose a significant amount of revenue. Based on the provided information, how should the company classify the impact level of this app?

• Low Business Impact (LBI)
• High Business Impact (HBI)
• Medium Business Impact (MBI)

Question 76)
True or False: Microsoft Purview’s trainable classifiers can handle encrypted items.

• True
• False

Question 77)
Which of the following are potential impacts of insider threats on an organization? Select all that apply.

• Increased employee morale.
• Reputational damage.
• Improved operational efficiency.
• Financial loss.

Question 78)
True or False: Information Barriers (IB) in Microsoft Purview allow unrestricted two-way communication between all groups and users within Microsoft Teams, SharePoint, and OneDrive.

• True
• False

Question 79)
You’re working with a third-party vendor who requires access to specific resources in your Azure environment. You want to ensure that they only have access to the resources they require, and no more. Which Azure feature would you employ to achieve this?

• Role-Based Access Control (RBAC)
• Azure Private Link
• Azure Compliance Manager

Question 80)
True or False: In the Microsoft Cloud Adoption Framework for Azure, security operations emphasize the integration of security measures with the overall organizational mission and goals.

• True
• False

Question 81)
True or False: In the Infrastructure as a Service (IaaS) model within Azure, Microsoft is responsible for managing applications, data, and user access.

• True
• False

Question 82)
Fill in the blank: Privacy management ensures that personal data is collected, stored, used, and shared in compliance with ______ laws.

• data protection
• cybersecurity
• copyright

Question 83)
Under the General Data Protection Regulation (GDPR), a ________ is a security breach that can lead to the unintentional or illegal destruction, loss, alteration, unauthorized disclosure, or access to personal data.

• Personal data breach
• Data Subject Request (DSR)
• Data Protection Impact Assessment (DPIA)

Question 84)
True or False: One of the features of Azure Blueprints is resource locking, which ensures that the defined resources and configurations in a blueprint are protected from unwanted changes.

• True
• False

Question 85)
Which framework outlines the fundamental privacy functions, categories, and subcategories for cloud services?

• Control Objectives for Information and Related Technologies (COBIT) Framework
• Microsoft Azure Audit Program
• National Institute of Standards and Technology National Institute of Standards and Technology (NIST) Privacy Framework

Question 86)
Which of the following are key controls outlined in the ISO 27001 standard? Select all that apply.

• Access Control
• Organizational Culture
• Communications Security
• Information Security Policies

You might also like: Cybersecurity Tools and Technologies Quiz Answers + Review

---

My Review

I recently completed the “Cybersecurity Management and Compliance” course on Coursera, part of the Microsoft Cybersecurity Analyst Professional Certificate. This 4-module course dives into the governance side of cybersecurity, covering essential topics like data and record management, policy formation, information security standards, and regulatory compliance. It also explores cloud security planning and Microsoft’s tools for managing privacy and compliance.

I appreciated how the course ties technical security practices to broader organizational goals, making it a solid choice for anyone looking to understand both the strategic and operational aspects of cybersecurity. The content is beginner-friendly, yet insightful enough to serve as great prep for the Microsoft SC-900 exam. Overall, a well-structured course for anyone looking to round out their cybersecurity skill set with strong management and compliance knowledge.