Advanced Cybersecurity Concepts and Capstone Project Quiz Answers + Review

In this article, I’m sharing my review of the Advanced Cybersecurity Concepts and Capstone Project course, along with all the quiz answers to support your learning and review.

Just completed the final course in the Microsoft Cybersecurity Analyst Professional Certificate series? The “Advanced Cybersecurity Concepts and Capstone Project” brings together everything you’ve learned so far — from threat modeling and cryptography to secure development and IoT vulnerabilities. It also includes a hands-on capstone project where you’ll apply your skills to build a complete threat mitigation strategy.

If you’re preparing for the SC-900 exam or looking to wrap up your cybersecurity journey with a practical showcase, this course is a great way to put your knowledge into action — and I’ve included all the quiz answers to guide you through!

Module quiz: Threat modeling Quiz Answers

Question 1)
When decomposing an application for threat modeling, which of the following components should be considered? Select all that apply.

• Operating system
• Database
• Application testing tools
• User interface

Question 2)
Which of the following are primary benefits of understanding the application’s purpose during threat modeling? Select all that apply.

• Assessing the compatibility of third-party integrations based on functionality requirements
• Prioritizing security controls based on potential risks
• Recognizing the application’s data flow
• Identifying user roles and permissions

Question 3)
You are working as a cybersecurity analyst attending a training session on threat analysis. During the session, the instructor asked you what STRIDE stands for in the context of threat analysis. What is your answer?

• Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege
• Security, Tampering, Risk, Information Disclosure, Elevation of Privilege
• Security, Traceability, Reporting, Identity Verification, Data Encryption, Enhancement of Performance

Question 4)
What is one of the advantages of threat modeling?

• Creating redundancy and failover mechanisms
• Reducing the attack surface of a system or application
• Developing a comprehensive threat encyclopedia
• Predicting specific attack methods

Question 5)
Fill in the blank: The PASTA framework encourages collaboration among various departments within an organization, including IT, development, and business units, to ensure a well-rounded understanding of potential ________________.

• Vulnerabilities
• Risks
• Cyberthreats

Question 6)
Which CVSS Version 3.1 Calculator metrics adjust the Base Score to account for factors like exploit availability and patch status?

• CVSS Score Calculation
• Temporal Score Metrics
• Environmental Score Metrics

Question 7)
Which scenario best captures the visual aspect of the VAST methodology?

• An organization transitions to Microsoft Sentinel for its advanced machine learning capabilities, hoping to better predict potential future threats based on existing data.
• A global company implements Microsoft Sentinel and gains a unified view of all its security events across multiple international branches, enabling it to detect patterns and correlations that were previously unnoticed.
• After evaluating several security solutions, a company opts for Microsoft Sentinel because of its user-friendly interface and easy-to-configure settings.

Question 8)
Which of the following are benefits of the Microsoft Threat Modeling Tool? Select all that apply.

• It enables software architects to identify and address potential security issues early in the development process.
• It offers automation functionalities that provide feedback during model creation.
• It provides clear guidance on creating and analyzing threat models.
• It automatically patches vulnerabilities without user intervention.

Question 9)
You are a cybersecurity specialist working for a company specializing in cloud security solutions. You have to train a new employee about the Security Development Lifecycle (SDL) process for Azure Virtual Network. What do you tell them is the primary focus of SDL?

• Providing a process tailored for securing Azure Virtual Networks
• Analyzing real-world cybersecurity incidents in Azure Virtual Networks
• Exploring general principles of network security
• Exploring cybersecurity threats specific to an industry

Question 10)
Which question of the Four Question Framework of threat modeling emphasizes the iterative process of ensuring that security measures are consistent, effective, and aligned with an organization’s security goals?

• What can go wrong?
• Did the team do a good job?
• What is the team going to do about it?
• What is the team working on?

Question 11)
Which of the following statements best describes the primary goal of threat modeling in the context of web application security?

• To identify and fix all vulnerabilities post-production
• To proactively identify, understand, and address potential threats during the development process.
• To conduct frequent security audits and report findings
• To document potential threats without necessarily taking corrective action

Question 12)
Fill in the blank: The STRIDE model stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of ____________.

• Privilege
• Integrity
• Privacy
• Authentication

Question 13)
Fill in the blank: Threat modeling helps organizations identify and eliminate ________________ points of failure.

• Security
• Single
• Critical
• Data breach

Question 14)
True or False: The PASTA framework consists of four structured steps.

• True
• False

Question 15)
Which component of the CVSS Version 3.1 scoring system evaluates the confidentiality, integrity, and availability of a vulnerability in an information system?

• Environmental Score Metrics
• Impact Metrics
• Temporal Score Metrics
• Attack Vector Metrics

Question 16)
True or False: VAST integrates machine learning techniques to automate threat detection and response processes.

• True
• False

Question 17)
What is the primary objective of Phase 4 in the SDL process for Azure Virtual Networks?

• To implement security measures
• To validate the effectiveness of security controls
• To create a network diagram
• To identify potential security threats and vulnerabilities

Question 18)
Which of the following methods can be used for threat identification in threat modeling? Select all that apply.

• Structured approaches like STRIDE, kill chains, and attack trees
• Risk acceptance
• Elimination of identified threats
• Brainstorming

Question 19)
True or False: Identifying vulnerabilities in an application requires conducting vulnerability scans and code reviews.

• True
• False

Question 20)
What is the primary goal of threat categorization in cybersecurity?

• To develop a comprehensive threat encyclopedia
• To create a list of potential countermeasures
• To develop a clear understanding of the threat landscape
• To predict specific attack methods

Question 21)
You are working as a cybersecurity analyst at a large financial institution. Your manager has assigned you to explain the PASTA framework to a newly hired junior analyst. What do you tell them is the primary focus of the PASTA framework in cybersecurity?

• Identifying, assessing, and prioritizing potential threats and risks
• Implementing technical security controls
• Identifying specific attackers and their motivations
• Developing cybersecurity policies and procedures

Question 22)
In the context of cybersecurity, what three dimensions does the CVSS Version v3.1 Calculator use to assess and prioritize vulnerabilities?

• Base Metrics, Temporal Metrics, and Environmental Metrics
• Network Architecture, Intrusion Detection, and Malware Analysis
• Threat landscapes, Zero-Day Exploits, and Data Exfiltration
• Attack Vectors, Exploit Code Generation, and Threat Actors

Question 23)
What benefits does VAST offer to organizations? Select all that apply.

• Enhanced security posture
• Cost savings
• Enhanced compliance tracking
• Improved resource allocation

Question 24)
What is part of the purpose of defining the scope in the Four Question Framework of threat modeling?

• To understand what aspects of the organization need protection
• To identify all possible vulnerabilities in a system
• To prioritize threats based on their severity
• To create a list of potential threats

Question 25)
When decomposing an application for threat modeling, what is the significance of understanding the application’s purpose?

• It defines the application’s technical specifications.
• It helps determine the number of components.
• It assists in recognizing potential motives behind attacks.
• It determines the architecture of the application.

Question 26)
True or False: Threat modeling helps organizations optimize their efforts and budget to effectively address the most critical threats.

• True
• False

Question 27)
Which method does the Microsoft Threat Modeling Tool use to categorize potential vulnerabilities systematically?

• The STRIDE model
• VAST methodology
• PASTA framework

Question 28)
Which of the following is an example of a countermeasure to address threats in threat modeling?

• Implementing security controls throughout the development lifecycle
• Conducting penetration testing
• Patching vulnerabilities after an attack occurs
• Red teaming exercises to simulate attacks

Question 29)
Using the Threat Modeling Tool, how can users classify the status of identified threats?

• By type: Malware, Phishing, DDoS
• By stages: Not Applicable, Not Started, Needs Investigation, Mitigated
• By source: Internal, External, Third-party
• By severity level: Low, Medium, High, Critical

Question 30)
What is the primary purpose of Phase 1 in the SDL process for Azure Virtual Networks?

• To identify potential security threats and vulnerabilities
• To mitigate potential security threats
• To create an Azure Virtual Network diagram
• To validate security controls

---

Module quiz: Advanced threats and mitigation Quiz Answers

Question 1)
Fill in the blank: In the context of susceptible infrastructure, ___________ is a threat that occurs when an attacker is able to make requests to internal resources of the system.

• Server-side request forgery (SSRF)
• Cross-site scripting (XSS)
• Denial-of-service (DoS)

Question 2)
Fill in the blank: The MITRE ATT&CK Matrix is regularly updated to include new _____________ used by threat actors, ensuring its relevance in the evolving cyber threat landscape.

• Tactics and techniques
• Laws and regulations
• Software and hardware

Question 3)
Which of the following best describes the purpose of the MITRE ATT&CK Matrix?

• To serve as a cybersecurity compliance checklist
• To document adversary tactics and techniques used against operational networks
• To provide legal advice on cybersecurity issues

Question 4)
A company’s security team has discovered a program running on their network that replicates itself and spreads to other computers without user interaction. What type of malware is described in this scenario?

• Viruses
• Trojan horses
• Worms

Question 5)
Fill in the blank: When combating phishing attacks, using ____________ and training users to recognize suspicious emails are essential practices.

• Email filters
• Firewalls
• Ad blockers

Question 6)
True or False: Microcontrollers (MCUs) are an IoT device hardware type that is less expensive and simpler to operate, often using a real-time operating system (RTOS).

• True
• False

Question 7)
An office building’s smart thermostat system has been hacked, resulting in the heating being turned off during a cold winter day. The attack was possible due to the thermostat’s use of an unsecured communication protocol. What type of IoT attack does this scenario describe?

• Device impersonation
• Unsafe communication attack
• Botnets

Question 8)
Fill in the blank: In IoT security, _______________practices involve treating all attempts to access the system as untrusted until verified to prevent unauthorized access.

• No trust
• Least privilege trust
• Zero trust

Question 9)
A manufacturing company has IoT devices across its production floor. They recently updated their security policy to ensure that each device has access only to the necessary network resources for its function. What is this approach known as?

• Least-privileged access control
• Open network access control
• Universal access control

Question 10)
What feature of Microsoft Defender for IoT provides detailed information on each device, including IP addresses, vendors, protocols, firmware, and security alerts?

• Agentless monitoring
• Device inventory
• Automatic asset discovery

Question 11)
An ethical hacker is using the MITRE ATT&CK Matrix to simulate an attack where they maintain access to a system by adding a program to the registry run keys. Which tactic is the simulation based on?

• Exfiltration
• Persistence
• Credential access

Question 12)
Fill in the blank: ___________________ is a type of malware that encrypts a user’s files and demands payment for the decryption key.

• Ransomware
• Spyware
• Adware

Question 13)
What is an effective initial countermeasure when a computer worm is detected within a network?

• Pay any demanded ransom to stop the spread.
• Run a full system scan on all network devices.
• Isolate affected devices from the network.

Question 14)
Fill in the blank: IoT devices used to monitor and control operations in public spaces, such as smart city traffic and weather monitoring systems, are categorized as ________________ IoT devices.

• Commercial
• Infrastructure
• Industrial

Question 15)
Fill in the blank: ______________ attacks are when cybercriminals take control of a network of IoT devices to launch attacks or steal data.

• Spoofing
• Botnet
• Physical

Question 16)
What does the term “convergence” refer to in the context of IoT risks?

• The act of connecting IoT devices to insecure networks
• The combination of multiple application systems into one system
• The use of legacy and unsupported devices

Question 17)
Fill in the blank: Microsoft Defender for IoT uses _________________ to detect complex threats, including zero day malware and sophisticated attack tactics.

• Standard signature-based defenses
• OT- and IoT-aware behavioral analytics and advanced threat intelligence
• Manual user input and verification

Question 18)
Attackers registered domain names similar to a specific company’s. This has led to customers inadvertently downloading malware. Which type of threat does this scenario best illustrate?

• Phishing attack
• Typosquatting
• Man-in-the-middle attack

Question 19)
A company discovers unauthorized internet connections and devices with open ports not in use on their network. Which feature of Microsoft Defender for IoT should they use to identify and prioritize these risks?

• Risk and vulnerability tracking
• Device inventory
• Passive monitoring

Question 20)
Which primary cloud infrastructure vulnerability makes it susceptible to breaches?

• Its limited scalability options
• The potential for misconfiguration due to its shared resource model
• Its reliance on physical security measures

Question 21)
Which MITRE ATT&CK Matrix benefit enhances an organization’s ability to identify and respond to potential threats before they occur?

• The PRE-ATT&CK Matrix
• Its real-time threat alert system for immediate incident response
• Its tailored security solutions

Question 22)
Which type of malware acts as a “backdoor” for unauthorized users by disguising itself as legitimate software?

• Rootkits
• Worms
• Trojan horses

Question 23)
Which security measure is essential to prevent attackers from intercepting data transmitted between IoT devices and the cloud?

• Regular firmware updates
• Zero trust practices
• Secure connectivity for data transmission

Question 24)
Which component of the MITRE ATT&CK Matrix focuses on the preparatory activities and reconnaissance techniques that attackers use before launching an attack?

• Enterprise Matrix
• PRE-ATT&CK Matrix
• Mobile Matrices

Question 25)
A logistics company wants to track its fleet’s location in real-time, monitor vehicle health, and automate routing based on traffic conditions. Which type of IoT device would best suit their needs?

• Commercial IoT devices
• Infrastructure IoT devices
• Consumer IoT devices

Question 26)
What does the hardware root of trust provide in the context of IoT device security?

• Safe credential storage in tamper-resistant hardware
• Storage for credentials in software-based containers
• A flexible onboarding identity that can be easily altered

Question 27)
Which tactic in the MITRE ATT&CK framework involves adversaries using techniques like keyloggers, credential dumping, and brute force to gain elevated system permissions?

• Credential access
• Exfiltration
• Defense evasion

Question 28)
A user reports that their system is running slow, and they have noticed unfamiliar processes running in the background. They discover a hidden program using the system’s resources to mine cryptocurrency. What type of malware is most likely responsible for this activity?

• Bots
• Ransomware
• Adware

Question 29)
Which type of IoT attack involves overwhelming a service with internet traffic, often using a network of compromised devices?

• Spoofing
• Firmware hijacking
• Denial-of-service (DoS)

Question 30)
Fill in the blank: In network design, _________________ allows for segmenting IoT devices to minimize the risk exposure and contain threats within controlled boundaries.

• Network convergence
• Network separation
• Network micro-segmentation

---

Module quiz: Security conscious modeling Quiz Answers

Question 1)
What does the term “threat landscape” in cybersecurity encompass?

• All potential risks and hazards to an organization’s information security.
• Only internal threats and man-made hazards.
• Only external threats and natural hazards.
• Only natural hazards

Question 2)
You are a cybersecurity trainer preparing a workshop for small business owners. These business owners have limited knowledge of cybersecurity threats, and you want to explain the concept of ransomware in a clear and concise manner. Which of the following options is the correct explanation?

• A highly sophisticated cyberattack that targets vulnerabilities in network protocols to gain unauthorized access to systems.
• A form of malicious software employing complex encryption algorithms to lock or encrypt data, making it inaccessible until a ransom is paid.
• A type of malicious software that disguises itself as a legitimate application to infiltrate systems and steal sensitive data.
• A type of ransomware that primarily spreads through spam emails and tricks users into revealing their login credentials.

Question 3)
As a cybersecurity consultant, you are advising a manufacturing company on mitigating hardware vulnerabilities. Which measure is crucial to address hardware vulnerabilities effectively?

• Using biometric authentication methods for secure access.
• Employing endpoint detection and response (EDR) solutions for threat detection.
• Monitoring hardware performance and reporting anomalies in real-time.
• Conducting regular phishing simulation exercises for employees.

Question 4)
True or False: The zero trust model emphasizes implicit trust within an organization’s network and treats all entities as trustworthy by default.

• True
• False

Question 5)
True or False: The defense in depth strategy relies on a single security layer to protect against various types of threats.

• True
• False

Question 6)
Which of the following are considered advanced techniques for network segmentation in Azure? Select all that apply.

• Azure Virtual WAN
• Perimeter security
• Azure Firewall
• Network Security Groups (NSGs)

Question 7)
You are the Azure security administrator for your organization and are considering advanced techniques to secure data stored in Azure. What advanced data protection strategy in Azure goes beyond basic encryption to protect data both in transit and at rest?

• Azure Virtual Network
• Azure VPN Gateway
• Azure Disk Encryption
• Azure Confidential Computing

Question 8)
You are responsible for designing the architecture of your organization’s authentication system. Which architectural aspects should you consider when designing a modern authentication system? Select all that apply.

• Leveraging emerging technologies like zero-trust architecture.
• Token management and session control.
• Selecting the appropriate username and password combinations.
• Securing authentication methods and mechanisms.

Question 9)
Which of the following are best practices for configuring network security rules in Azure? Select all that apply.

• Implementing custom policies for Azure Application Gateway.
• Prioritizing rule order in Network Security Groups (NSGs).
• Leveraging service tags for outbound traffic control.
• Implementing Azure Bastion for RDP/SSH access.

Question 10)
As a cloud security administrator, you need to develop an effective strategy for protecting data on Azure. Choose the strategy that empowers you to concentrate your security resources where they are most vital.

• Data encryption strategy
• Data classification and labeling
• Identity and access management
• Threat detection and response

Question 11)
You are the head of a cybersecurity task force investigating a recent data breach performed by access brokers at a large financial institution. You need to explain to your team the role of access brokers in the cybercrime ecosystem and how they facilitate unauthorized access to compromised systems. Which of the following options is the correct explanation?

• Access brokers are government agencies responsible for regulating internet access.
• Access brokers provide legal access to computer systems for authorized users.
• Access brokers are cybersecurity professionals responsible for securing access to computer systems.
• Access brokers acquire and sell unauthorized access to compromised systems, serving as intermediaries between hackers and potential buyers.

Question 12)
You’re tasked with educating a group of employees about identity theft mitigation. Your audience includes individuals with varying levels of technical knowledge. Which of the following strategies can you present as a comprehensive approach to mitigate identity theft?

• Regularly updating software and firmware on personal devices.
• Implementing multi-factor authentication (MFA) and strong password management policies.
• Enabling automatic device backups for data recovery.
• Installing antivirus software on personal computers.

Question 13)
During a cybersecurity training session, you are discussing the defense in depth strategy, focusing on its various layers. How would you explain the primary purpose of the Perimeter layer in the defense in depth strategy?

• Protect data integrity during transmission.
• Safeguard data access by authorized personnel.
• Ensure the security of compute resources.
• Guard against network-based attacks.

Question 14)
What is the primary purpose of the Subprocess layer in the defense in depth strategy?

• To conduct a detailed analysis of individual tasks and components.
• To perform tactical threat modeling.
• To examine high-level processes within the organization.
• To create strategic threat models for the organization.

Question 15)
What is the first step in defining defense steps for cloud infrastructure security?

• Develop a layered approach.
• Identify threats and vulnerabilities.
• Assess your assets.
• Establish security policies.

Question 16)
Fill in the blank: You are in charge of enhancing the compliance posture of your organization’s Azure resources. To enforce specific compliance requirements unique to your industry, you can use Azure Policy ____________.

• Templates
• Initiatives
• Blueprints
• Procedures

Question 17)
You are responsible for designing the architecture of your organization’s authentication system. Which architectural aspects should you consider when designing a modern authentication system? Select all that apply.

• Leveraging emerging technologies like zero-trust architecture.
• Securing authentication methods and mechanisms.
• Selecting the appropriate username and password combinations.
• Token management and session control.

Question 18)
Fill in the blank: You are configuring network security for your organization’s Azure resources. You want to ensure the usage of ______________ is applied when creating network security rules to grant the minimum necessary access to resources.

• Azure Firewall
• Microsoft Sentinel
• Least privilege
• Network Security Groups (NSGs)

Question 19)
Which aspect of data security is responsible for converting data into a format that offers the highest level of protection against unauthorized access?

• Encryption
• Authorization
• Access control
• Authentication

Question 20)
Which of the following is not considered a common attack surface in cybersecurity?

• Browsers
• Databases
• Printer firmware
• Social media

Question 21)
You are a security engineer at a large organization and responsible for securing the organization’s web applications. Which of the following is the best approach to secure a web application that will be used to store and process customer data?

• Implement security features throughout the development lifecycle.
• Implement security features only after the application is deployed and in production.
• Implement security features at the end of the development process.
• Implement security features only after a security audit has been performed.

Question 22)
You’re responsible for strengthening email-related threat mitigation measures at your organization. Which approach directly contributes to comprehensive email-related threat mitigation?

• Creating allow lists for trusted email addresses and domains
• Implementing data backup and recovery procedures.
• Conducting red-team exercises to assess hardware vulnerabilities.
• Utilizing email filtering solutions, implementing SPF and DMARC records, and conducting phishing simulation exercises.

Question 23)
What is the core principle of “Confidentiality” in the defense in depth model for cloud security?

• Safeguarding sensitive data, allowing access to authorized individuals only
• Protecting data during transmission
• Ensuring data remains accessible to authorized users
• Maintaining regulatory compliance for compute resources

Question 24)
You’re part of a team responsible for implementing advanced security controls in your organization’s Azure environment. Which of the following security solutions in Azure should the team implement to protect against DDoS attacks? Select all that apply.

• Azure CDN
• Azure Application Gateway
• Azure Logic Apps
• Azure Front Door

Question 25)
Fill in the blank: You are responsible for designing the architecture of your organization’s modern authentication system. Architecturally, it’s crucial to pay particular attention to ________, ________, and ________ to balance security and usability effectively.

• Federation, identity federation, authentication.
• Authorization, auditing, Conditional Access.
• SSO Design, MFA, threat detection.
• Token management, session control, security protocols.

Question 26)
You are responsible for monitoring and analyzing network security logs in your Azure environment. To enhance security, you want to identify potential threats and anomalies in real time. Which Azure tool or service should you utilize to collect and analyze network security logs, set up custom alerts, and create advanced log queries for in-depth analysis?

• Azure Policy
• Microsoft Defender for Cloud
• Azure Monitor and Log Analytics
• Azure Network Watcher

Question 27)
You are configuring data security for your organization’s Azure resources. Identify the best practice that ensures you grant permissions judiciously, adhering to the principle of least privilege.

• Strong authentication
• Regular auditing and monitoring
• Data classification
• Role-based access control (RBAC)

Question 28)
You are designing an architecture for your organization’s modern authentication system. Which architectural decisions are essential for single sign-on (SSO) across various application types in a modern authentication system? Select all that apply.

• Token management and session control.
• Azure AD multi-factor authentication (MFA) configuration.
• Selecting the appropriate username and password combinations.
• Azure Active Directory B2B and B2C integration.

Question 29)
Which of the following is an example of an advanced threat vector in cybersecurity?

• Social engineering attacks
• Advanced persistent threats (APTs)
• Malware distribution
• Phishing attacks

Question 30)
You work for a cybersecurity company that provides incident response services. During an investigation of a recent ransomware attack on a client, you realize that the ransomware used in this attack is of the Locker type. You need to explain to your client the differences between Locker and Crypto ransomware. Which of the following options is the correct explanation?

• Locker ransomware is a type of malware that specifically targets smartphones, while Crypto ransomware focuses on computers and servers.
• Locker ransomware is a phishing attack that tricks users into revealing their sensitive information, while Crypto ransomware exploits software vulnerabilities.
• Locker ransomware locks you out of your system but usually doesn’t encrypt your data, while Crypto ransomware encrypts your data.
• Locker and Crypto ransomware target the same types of files but use different encryption algorithms.

Question 31)
Which of the following are advanced techniques used for network segmentation in Azure? Select all that apply.

• Use just-in-time VM access.
• Use Azure Virtual WAN for network management.
• Use Network Security Groups (NSGs).
• Employ adaptive application controls for monitoring and blocking malicious applications.

Question 32)
Which of the following layers of threat modeling is associated with the System layer (Layer 0) in the defense in depth strategy?

• Operational threat modeling
• Strategic threat modeling
• Tactical threat modeling
• Technical threat modeling

---

Self-review: Policy implementation Quiz Answers

Question 1)
What is the most effective way to enforce multi-factor authentication (MFA) for users in the user authentication policy? Select all that apply.

• Implement MFA for all users and allow them to opt out if necessary.
• Require MFA for all users regardless of their role.
• Enable MFA for critical user accounts and provide alternative authentication methods for other users.
• Enforce MFA for specific user roles based on their access privileges.

Question 2)
What are the best ways to restrict access to specific virtual networks (VNETs) when setting up a network configuration policy for web applications? Select all that apply.

• Utilize role-based access control (RBAC) to specify which users or groups can access the web applications from different VNETs.
• Implement a whitelist approach, explicitly allowing access from predefined VNETs.
• Block all traffic from the internet and allow connections only from authorized VNETs.
• Employ a geolocation-based access policy, permitting connections only from specified locations.
• Implement a MAC address filtering system, allowing access only to devices with specific hardware addresses.

Question 3)
When designing and implementing security policies for VIP Events, which of the following approaches is the most effective in mitigating insider threats? Select all that apply.

• Establish clear reporting procedures for suspicious activity and empower employees to raise concerns without fear of retaliation.
• Implement continuous monitoring of user activity and utilize anomaly detection algorithms to identify potential insider threats.
• Deploy perimeter defenses such as firewalls and intrusion prevention systems at the Internet-facing network to block threats from infiltrating the network.
• Implement least privilege principles, granting users only the access they need to perform their tasks.
• Conduct regular security awareness training for all employees, including event staff.
• Implement a honeypot system within the network, intentionally exposing false vulnerabilities to divert insider threats.

---

Course quiz: Advanced Cybersecurity Concepts and Capstone Project Quiz Answers

Question 1)
Which components should be considered when decomposing an application in threat modeling? Select all that apply.

• Network infrastructure
• Email server
• User interface
• Back-end code

Question 2)
Which factor should be considered when determining the likelihood of a threat occurring?

• The impact of the threat
• The complexity of the attack
• The skillset of the attacker
• The number of vulnerabilities in the system

Question 3)
When decomposing an application, which elements should be considered? Select all that apply.

• Application’s architecture
• Types of data the application handles
• Purpose of the application
• External dependencies

Question 4)
Fill in the blank: The STRIDE model provides a structured methodology for ________________.

• Writing cybersecurity policies
• Threat analysis
• Implementing security measures

Question 5)
True or False: The DREAD model provides a quantitative score-based ranking system for threats.

• True
• False

Question 6)
What is the final step in threat modeling?

• Identifying countermeasures and mitigation
• Determining and ranking threats
• Decomposing the application
• Code deployment

Question 7)
What is the purpose of regularly revisiting and updating threat models?

• To identify and eliminate single points of failure
• To ensure that defenses remain robust and relevant to the evolving threat landscape
• To enhance communication and collaboration between different teams

Question 8)
True or False: The SANS approach focuses solely on identifying and investigating threats and vulnerabilities.

• True
• False

Question 9)
What is the Process for Attack Simulation and Threat Analysis (PASTA) framework?

• A standardized toolset used to gauge the severity of security vulnerabilities
• A comprehensive risk assessment framework
• A modern and accessible threat modeling framework.
• A risk-centric threat modeling methodology that guides security teams through a comprehensive analysis of potential threats and vulnerabilities

Question 10)
Which of the following are challenges associated with using Common Vulnerability Scoring System (CVSS)? Select all that apply.

• Difficulty in assessing zero-day vulnerabilities.
• Interpretation subjectivity.
• Limited applicability to certain types of hardware vulnerabilities.
• Lack of context.

Question 11)
What are the fundamental principles upon which VAST is built?

• Complex analysis, slow response, and centralized management.
• Visualize threats, agile response, and simplify management.
• Rapid detection, tactical response, and streamlined operations.
• Dynamic response, simplified visualization, and enhanced management.

Question 12)
What is the primary purpose of the Microsoft Threat Modeling Tool 2018?

• Enhancing system speed and performance.
• Identifying and mitigating potential security threats in software and systems.
• Creating visual designs for software architecture.
• Facilitating communication among software developers.

Question 13)
What are the four phases of the Security Development Lifecycle (SDL) process tailored for fortifying Azure Virtual Networks?

• Threat Modeling, Network Design, Incident Response, Compliance
• Subnetting, Virtualization, Security Policies, Monitoring
• Encryption, Access Control, Logging, Performance Tracking
• Diagram Creation, Identifying, Mitigating, Validation

Question 14)
What type of vulnerability arises when an attacker can make requests to the internal resources of a system, potentially leading to unauthorized access to data, further attacks on internal systems, or even a complete system takeover in some cases?

• Server-side request forgery (SSRF)
• Memory Leak
• Typosquatting
• Type Confusion

Question 15)
What does the term “ATT&CK” stand for in the context of the MITRE ATT&CK Matrix?

• Advanced Techniques and Tactics for Cyber Killers
• Adversarial Tactics, Techniques, and Common Knowledge
• Advanced Technologies for Cyber Knowledge
• All Threats Tackled by Cyber Kryptonite

Question 16)
What is the primary purpose of the MITRE ATT&CK Matrix?

• Simulating real-world attack scenarios
• Educational resource, testing blueprint, reference, and guide for incident response
• Ethical hacking platform
  Post-incident analysis tool

Question 17)
True or False: Worms require human intervention, such as opening a file, to propagate.

• True
• False

Question 18)
Which of the following are common categories of IoT devices? Select all that apply.

• Entertainment IoT devices
• Military and defense IoT devices
• Residential IoT devices
• Commercial IoT devices

Question 19)
Which of the following steps are involved in the process of an IoT attack? Select all that apply.

• Exploitation
• Identification
• Authentication
• Propagation

Question 20)
Which of the following are risks associated with IoT attacks? Select all that apply.

• Convergence
• Malware infection
• Legacy and rogue devices
• Data theft

Question 21)
A company wants to implement a security measure that involves assessing device health to determine devices’ risk profiles and trustworthiness. What security measure is the company likely to focus on?

• Zero trust criteria
• Network segmentation
• Strong device identity
• Least-privileged access control

Question 22)
A business wants to focus on detailed customization and control over its IoT solution. Which approach is most suitable for the business?

• Utilizing platform services
• Relying on off-the-shelf software
• Using a managed app platform

Question 23)
An organization is concerned about unauthorized devices, unpatched systems, and potential risks in its OT and IoT network. Which feature of Microsoft Defender for IoT would be most beneficial for addressing these concerns?

• Advanced network mapping tools
• Continuous intelligence gathering
• Automatic asset discovery
• Threat intelligence updates

Question 24)
Which of the following are considered as common and enterprise-relevant attack surfaces? Select all that apply.

• Email
• SaaS platforms
• Removable devices

Question 25)
Which are the three fundamental principles of defense in depth? Select all that apply.

• Availability
• Defense in depth.
• Confidentiality
• Integrity
• Authentication
• Not quite

Question 26)
Fill in the blank: You can use advanced network security groups (or NSGs) configurations to implement ________ security rules and service tags.

• Identity
• Application
• Outbound
• Inbound

Question 27)
An organization aims to enhance security by minimizing potential damage in case of compromised accounts. Which security measure would be most suitable to achieve this?

• Strong perimeter defenses
• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Adaptive security

Question 28)
Fill in the blank: Azure Information Protection (AIP) ensures comprehensive classification and data labeling for enhanced ________.

• Threat detection
• Data protection
• Identity management
• Network security

Question 29)
Which of the following are network security features on Azure? Select all that apply.

• Azure Bastion
• Microsoft Sentinel
• Azure ExpressRoute
• Azure Policy
• Azure VPN Gateway

Question 30)
An organization wants to implement a strategy to identify suspicious activities and respond in real-time. Which tools can they leverage for this purpose?

• Azure Policy
• Azure Active Directory
• Azure Key Vault
• Azure Monitor

---

Question 31)
What is the second step in the threat modeling process?

• Determine countermeasures and mitigation
• Decompose the application
• Determine and rank threats
• Evaluate the impact of threats

Question 32)
True or False: Threat modeling is a reactive process for addressing security threats.

• True
• False

Question 33)
Which types of threats does the STRIDE model encompass? Select all that apply.

• Spoofing
• Elevation of privilege
• Information disclosure
• Viruses and malware

Question 34)
Which factors come into play when ranking threats? Select all that apply.

• Cost of implementing countermeasures
• Probability
• The attacker’s skillset
• Impact

Question 35)
Which are effective countermeasures for authentication bypass threats? Select all that apply.

• Enforce multi-factor authentication (MFA).
• Use complex and unique passwords for user accounts.
• Disable session timeouts.
• Implement strong authentication mechanisms.

Question 36)
What is the primary purpose of the Common Vulnerability Scoring System (CVSS)?

• Predict future vulnerabilities and threats
• Render threat identification and countermeasure design accessible to non-technical stakeholders
• Identify latent threats
• Gauge the severity of security vulnerabilities

Question 37)
What is Step 3 of the PASTA framework called?

• Threat analysis
• Defining objectives
• Defining the technical scope
• Application decomposition

Question 38)
Which of the following are real-world applications of Common Vulnerability Scoring System (CVSS)? Select all that apply.

• Vulnerability prioritization
• Risk assessment
• Threat modeling
• Patch management

Question 39)
Which benefits are associated with the visual dimension introduced by VAST for threat identification? Select all that apply.

• Real-time view of network vulnerabilities
• Enhanced security posture
• Improved resource allocation
• Faster threat detection and response

Question 40)
Fill in the blank: In the SDL process, the __________ phase involves crafting a comprehensive diagram or representation of software or systems.

• Identification
• Diagram Creation
• Mitigation
• Validation

Question 41)
Fill in the blank: Using the persistence tactic, adversaries can achieve persistence through ______________.

• System reboots
• Network configurations
• Startup or run rey Registry modification
• Scheduled tasks

Question 42)
True or False: Worms require human intervention, such as opening a file, to propagate.

• True
• False

Question 43)
Fill in the blank: IoT devices are typically made up of a circuit board with attached sensors that uses _______________ to connect to the internet.

• NFC (Near Field Communication)
• WiFi
• Bluetooth

Question 44)
Fill in the blank: IoT attacks work by exploiting vulnerabilities in the devices or networks, which can be due to various factors such as lack of updates, inadequate device management features, unencrypted data storage and exchange, outdated hardware, insecure network ports, and lack of ________________ protection.

• Data
• User
• Device
• Privacy

Question 45)
True or False: Unencrypted data in many IoT devices makes it challenging for attackers to intercept and read the data.

• True
• False

Question 46)
Which STRIDE model components are used to classify threats in the foundational architecture layers of IoT? Select all that apply.

• Deactivation of features
• Elevation of privilege
• Spoofing

Question 47)
Fill in the blank: Azure IoT offers a comprehensive suite of cloud services, edge components, and __________ managed by Microsoft.

• Web browsers
• Operating systems
• Mobile apps
• SDKs

Question 48)
True or False: Microsoft Defender for IoT focuses exclusively on Information Technology (IT) and does not consider Operational Technology (OT).

• True
• False

Question 49)
Fill in the blank: _______ can be used to effectively detect and block malicious traffic, including zero-day attacks.

• USB devices
• Email servers
• Next-generation firewalls
• Social media platforms

Question 50)
An organization wants to enhance its security monitoring and incident response capabilities in Azure. Which integrated solution would be most suitable for achieving this?

• Azure Application Gateway
• Microsoft Defender for Cloud with Microsoft Sentinel
• Azure Firewall Manager
• Azure Monitor Workbooks

Question 51)
An organization aims to enhance security by minimizing potential damage in case of compromised accounts. Which security measure would be most suitable to achieve this?

• Role-based access control (RBAC)
• Adaptive security
• Multi-factor authentication (MFA)
• Strong perimeter defenses

Question 52)
An organization aims to ensure regulatory compliance within Azure. Which service or tool is best suited for this purpose?

• Azure Firewall
• Azure Policy, Azure Blueprints, and Defender for Cloud
• Azure Key Vault

Question 53)
Which of the following are network security features on Azure? Select all that apply.

• Azure Bastion
• Azure VPN Gateway
• Azure ExpressRoute
• Microsoft Sentinel
• Azure Policy

Question 54)
Fill in the blank: __________ is the linchpin of data security, transforming data into an impenetrable fortress against unauthorized access.

• Access control
• Encryption
• Authorization
• Authentication

Question 55)
What are examples of countermeasures and mitigations in threat modeling? Select all that apply.

• Relocating servers
• Expanding the network infrastructure
• Implementing security controls
• Conducting penetration testing

Question 56)
Fill in the blank: Identifying an application’s vulnerabilities requires technical methods like conducting ____________ and ____________.

• User interface analysis, network monitoring
• Code reviews, vulnerability scans
• Penetration testing, intrusion detection

Question 57)
Fill in the blank: To prevent data leakage threats, it is recommended to implement ____________ for sensitive data.

• Data exposure restrictions
• Data anonymization
• Encryption

Question 58)
True or False: Threat modeling is only useful for large organizations with complex systems.

• True
• False

Question 59)
True or False: The Common Vulnerability Scoring System (CVSS) does not take into account an organization’s environmental context.

• True
• False

Question 60)
True or False: The validation phase in the SDL process assesses the effectiveness of security measures implemented during threat modeling.

• True
• False

Question 61)
What are key components to include in the Azure Virtual Network diagram during the Diagram Creation phase? Select all that apply.

• VPN and ExpressRoute
• Virtual Network Gateways
• Active Directory Domains
• Subnets

Question 62)
True or False: Zero-day vulnerabilities are well-known to software developers or vendors, allowing for immediate remedies when discovered.

• True
• False

Question 63)
Fill in the blank: Rootkits are especially challenging to detect and remove because they hide deep within a computer’s operating system or _______________.

• External hard drive
• Firmware
• RAM
• Software

Question 64)
Which of the following are essential Azure IoT platform services? Select all that apply.

• Azure App Services
• Azure Data Explorer
• Azure Digital Marketplace
• Azure IoT Hub

Question 65)
Which of the following is a key feature of Microsoft Defender for IoT?

• Manual asset discovery
• Active monitoring requiring agent installations on devices
• Basic network discovery tools
• Non-intrusive, passive, and agentless monitoring

Question 66)
Which are recommended advanced security controls for Azure environments? Select all that apply.

• Network security groups (NSGs) and application security groups (ASGs)
• Azure Application Gateway
• Azure firewalls
• Microsoft Defender for IoT
• Azure Front Door and Azure Content Delivery Network (CDN)

Question 67)
True or False: Identity-centric security emphasizes that security should primarily revolve around the network perimeter.

• True
• False

Question 68)
An organization needs to create secure encrypted private virtual tunnels between their on-premises network and Azure. Which Azure service should they utilize for this purpose?

• Azure ExpressRoute
• Azure Private Link
• Azure Bastion
• Azure VPN Gateway

Question 69)
True or False: Role-based access control (RBAC) is considered as a mechanism for enforcing access boundaries on Azure.

• True
• False

Question 70)
Which of the following accurately describes the three steps of threat modeling?

• Conduct user training, implement firewalls, and perform red teaming exercises
• Design the application, deploy security measures, and monitor network traffic
• Identify vulnerabilities, conduct penetration testing, and implement security controls
• Decompose the application, determine and rank threats, and determine countermeasures and mitigation

Question 71)
What are the benefits of threat modeling? Select all that apply.

• To enhance communication and collaboration between different teams
• To make informed decisions on risk acceptance, transfer, and mitigation
• To identify and address potential security threats before they manifest
• To document the different components and interactions within a system

Question 72)
True or False: The PASTA framework is a one-time process that does not require updates.

• True
• False

Question 73)
Fill in the blank: To bolster the overall security posture, organizations following VAST can benefit from ____________.

• Enhanced resource allocation
• Complex cybersecurity processes
• Simplified management
• Reactive response strategies

Question 74)
Fill in the blank: In the mitigation phase for Azure Virtual Networks, the concept of “never trust, always verify” is put into practice by implementing critical Azure Virtual Network security controls. This includes Azure role-based access control (RBAC) and creating network security groups (NSGs). Additionally, RBAC enables granular __________, allowing precise definition of user access to Azure resources.

• Auditing
• Validation
• Monitoring
• Access Control

Question 75)
What is susceptible infrastructure?

• Physical structures resistant to disruptions.
• Physical structures or systems vulnerable to disruptions or failures.
• Virtual structures immune to vulnerabilities.
• Systems resistant to failures due to cyberattacks.

Question 76)
What type of IoT attack involves a cybercriminal wanting to gain control over an IoT device by using default passwords?

• Denial-of-service (DoS)
• Spoofing
• Firmware hijacking
• Use of built-in factory set passwords

Question 77)
True or False: Azure ExpressRoute establishes a dedicated, private connection between your on-premises network and Azure data centers, bypassing the public internet.

• True
• False

Question 78)
What is the first step in the threat modeling process?

• Evaluate the impact of threats
• Determine countermeasures and mitigation
• Determine and rank threats
• Decompose the application

Question 79)
Fill in the blank: The DREAD model stands for Damage, Reproducibility, Exploitability, Affected Users, and ____________.

• Discovery
• Distribution
• Discoverability
• Disturbance

Question 80)
What are the differences between tactics, techniques, and sub-techniques? Select all that apply.

• Techniques denote how an attack is carried out.
• Sub-techniques offer a more granular view within a broader technique.
• Tactics describe the adversary’s objective in a cyberattack lifecycle stage.
• Tactics explain why an attack is carried out.

Question 81)
What is the primary focus of the third layer, also known as the perimeter, in the defense in depth approach for Azure cloud security?

• Ensuring physical security
• Securing computing resources
• Protecting data integrity
• Guarding against network-based attacks

Question 82)
What is the shared responsibility model in cloud computing security?

• A model focused solely on user responsibilities in securing data and infrastructure
• A model where users have no responsibility for securing data and infrastructure
• A model where the cloud provider solely safeguards the data and infrastructure
• A model where providers and users collaborate to secure data and infrastructure

Question 83)
What is the SANS approach?

• A modern and accessible threat modeling framework
• A comprehensive framework to identify, assess, and mitigate security threats and vulnerabilities within software applications
• A risk-centric threat modeling methodology
• A standardized toolset used to gauge the severity of security vulnerabilities

Question 84)
Which are benefits of the MITRE ATT&CK Matrix? Select all that apply.

• Proactive security measures
• Improved threat detection
• Increased network speed and efficiency
• Automated software patching

Question 85)
True or False: Microcontrollers (MCUs) usually run a general-purpose operating system like Windows or Linux.

• True
• False

Question 86)
What is the Purdue model used for in the context of IoT security?

• To implement zero trust criteria
• To develop software applications
• To create hardware root of trust
• To safeguard network bandwidth

Question 87)
An organization wants to implement a security measure that uses machine learning to monitor and block malicious applications. Which measure would be most suitable for addressing this concern?

• Network security groups (NSGs)
• Adaptive application controls
• Just-in-time VM access
• Microsoft Defender for Cloud

Question 88)
What is the primary focus of modern identity security?

• Implementing rigid boundaries for network security
• Relying on strong perimeter defenses
• Managing access rights, authentication, and authorization
• Defending against external threats

Question 89)
True or False: The MITRE ATT&CK Matrix primarily focuses on post-incident scenarios.

• True
• False

Question 90)
An organization is concerned about protecting its devices from malware and other threats. Which solution would be most suitable for addressing this concern?

• Advanced endpoint security solutions
• Intrusion Detection and Prevention Systems (IDS/IPS)
• Security Information and Event Management (SIEM)
• Next-generation firewalls

Question 91)
True or False: Repudiation pertains to a user’s ability to disavow a specific event or action.

• True
• False

Question 92)
What are some characteristics of Trojan horses? Select all that apply.

• They replicate themselves across networks.
• They act as a “backdoor” for hackers.
• They encrypt user files.
• They appear genuine or harmless to users.

You might also like:  Cybersecurity Management and Compliance Quiz Answers + Review

---

My Review

I recently completed the “Advanced Cybersecurity Concepts and Capstone Project” course on Coursera, which serves as the final piece of the Microsoft Cybersecurity Analyst Professional Certificate. This 4-module course offers a more advanced look into threat modeling, secure design, and access control, while also introducing common security challenges in IoT environments.

One of the highlights is the capstone project — a practical assignment where you create a complete threat mitigation plan for a sample business.

This helped me apply everything I’ve learned from the previous courses in a real-world context. The course is a bit more hands-on and strategic, making it a solid finale for the series. It also helps reinforce key knowledge areas covered in the SC-900 exam. Overall, it’s a great wrap-up course that not only boosts your skills but also gives you a tangible project to showcase in your portfolio.