In this article i am gone to share Advanced Cybersecurity Concepts and Capstone Project by Microsoft | Week 4 Quiz | Course quiz: Advanced Cybersecurity Concepts and Capstone Project Quiz Answers with you..

Enrol Link:  Advanced Cybersecurity Concepts and Capstone Project

 

Course quiz: Advanced Cybersecurity Concepts and Capstone Project Quiz Answers

Question 1)
Which components should be considered when decomposing an application in threat modeling? Select all that apply.

• Network infrastructure
• Email server
• User interface
• Back-end code

Question 2)
Which factor should be considered when determining the likelihood of a threat occurring?

• The impact of the threat
• The complexity of the attack
• The skillset of the attacker
• The number of vulnerabilities in the system

Question 3)
When decomposing an application, which elements should be considered? Select all that apply.

• Application’s architecture
• Types of data the application handles
• Purpose of the application
• External dependencies

Question 4)
Fill in the blank: The STRIDE model provides a structured methodology for ________________.

• Writing cybersecurity policies
• Threat analysis
• Implementing security measures

Question 5)
True or False: The DREAD model provides a quantitative score-based ranking system for threats.

• True
• False

Question 6)
What is the final step in threat modeling?

• Identifying countermeasures and mitigation
• Determining and ranking threats
• Decomposing the application
• Code deployment

Question 7)
What is the purpose of regularly revisiting and updating threat models?

• To identify and eliminate single points of failure
• To ensure that defenses remain robust and relevant to the evolving threat landscape
• To enhance communication and collaboration between different teams

Question 8)
True or False: The SANS approach focuses solely on identifying and investigating threats and vulnerabilities.

• True
• False

Question 9)
What is the Process for Attack Simulation and Threat Analysis (PASTA) framework?

• A standardized toolset used to gauge the severity of security vulnerabilities
• A comprehensive risk assessment framework
• A modern and accessible threat modeling framework.
• A risk-centric threat modeling methodology that guides security teams through a comprehensive analysis of potential threats and vulnerabilities

Question 10)
Which of the following are challenges associated with using Common Vulnerability Scoring System (CVSS)? Select all that apply.

• Difficulty in assessing zero-day vulnerabilities.
• Interpretation subjectivity.
• Limited applicability to certain types of hardware vulnerabilities.
• Lack of context.

Question 11)
What are the fundamental principles upon which VAST is built?

• Complex analysis, slow response, and centralized management.
• Visualize threats, agile response, and simplify management.
• Rapid detection, tactical response, and streamlined operations.
• Dynamic response, simplified visualization, and enhanced management.

Question 12)
What is the primary purpose of the Microsoft Threat Modeling Tool 2018?

• Enhancing system speed and performance.
• Identifying and mitigating potential security threats in software and systems.
• Creating visual designs for software architecture.
• Facilitating communication among software developers.

Question 13)
What are the four phases of the Security Development Lifecycle (SDL) process tailored for fortifying Azure Virtual Networks?

• Threat Modeling, Network Design, Incident Response, Compliance
• Subnetting, Virtualization, Security Policies, Monitoring
• Encryption, Access Control, Logging, Performance Tracking
• Diagram Creation, Identifying, Mitigating, Validation

Question 14)
What type of vulnerability arises when an attacker can make requests to the internal resources of a system, potentially leading to unauthorized access to data, further attacks on internal systems, or even a complete system takeover in some cases?

• Server-side request forgery (SSRF)
• Memory Leak
• Typosquatting
• Type Confusion

Question 15)
What does the term “ATT&CK” stand for in the context of the MITRE ATT&CK Matrix?

• Advanced Techniques and Tactics for Cyber Killers
• Adversarial Tactics, Techniques, and Common Knowledge
• Advanced Technologies for Cyber Knowledge
• All Threats Tackled by Cyber Kryptonite

Question 16)
What is the primary purpose of the MITRE ATT&CK Matrix?

• Simulating real-world attack scenarios
• Educational resource, testing blueprint, reference, and guide for incident response
• Ethical hacking platform
  Post-incident analysis tool

Question 17)
True or False: Worms require human intervention, such as opening a file, to propagate.

• True
• False

Question 18)
Which of the following are common categories of IoT devices? Select all that apply.

• Entertainment IoT devices
• Military and defense IoT devices
• Residential IoT devices
• Commercial IoT devices

Question 19)
Which of the following steps are involved in the process of an IoT attack? Select all that apply.

• Exploitation
• Identification
• Authentication
• Propagation

Question 20)
Which of the following are risks associated with IoT attacks? Select all that apply.

• Convergence
• Malware infection
• Legacy and rogue devices
• Data theft

Question 21)
A company wants to implement a security measure that involves assessing device health to determine devices’ risk profiles and trustworthiness. What security measure is the company likely to focus on?

• Zero trust criteria
• Network segmentation
• Strong device identity
• Least-privileged access control

Question 22)
A business wants to focus on detailed customization and control over its IoT solution. Which approach is most suitable for the business?

• Utilizing platform services
• Relying on off-the-shelf software
• Using a managed app platform

Question 23)
An organization is concerned about unauthorized devices, unpatched systems, and potential risks in its OT and IoT network. Which feature of Microsoft Defender for IoT would be most beneficial for addressing these concerns?

• Advanced network mapping tools
• Continuous intelligence gathering
• Automatic asset discovery
• Threat intelligence updates

Question 24)
Which of the following are considered as common and enterprise-relevant attack surfaces? Select all that apply.

• Email
• SaaS platforms
• Removable devices

Question 25)
Which are the three fundamental principles of defense in depth? Select all that apply.

• Availability
• Defense in depth.
• Confidentiality
• Integrity
• Authentication
• Not quite

Question 26)
Fill in the blank: You can use advanced network security groups (or NSGs) configurations to implement ________ security rules and service tags.

• Identity
• Application
• Outbound
• Inbound

Question 27)
An organization aims to enhance security by minimizing potential damage in case of compromised accounts. Which security measure would be most suitable to achieve this?

• Strong perimeter defenses
• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Adaptive security

Question 28)
Fill in the blank: Azure Information Protection (AIP) ensures comprehensive classification and data labeling for enhanced ________.

• Threat detection
• Data protection
• Identity management
• Network security

Question 29)
Which of the following are network security features on Azure? Select all that apply.

• Azure Bastion
• Microsoft Sentinel
• Azure ExpressRoute
• Azure Policy
• Azure VPN Gateway

Question 30)
An organization wants to implement a strategy to identify suspicious activities and respond in real-time. Which tools can they leverage for this purpose?

• Azure Policy
• Azure Active Directory
• Azure Key Vault
• Azure Monitor

 

---

 

Question 31)
What is the second step in the threat modeling process?

• Determine countermeasures and mitigation
• Decompose the application
• Determine and rank threats
• Evaluate the impact of threats

Question 32)
True or False: Threat modeling is a reactive process for addressing security threats.

• True
• False

Question 33)
Which types of threats does the STRIDE model encompass? Select all that apply.

• Spoofing
• Elevation of privilege
• Information disclosure
• Viruses and malware

Question 34)
Which factors come into play when ranking threats? Select all that apply.

• Cost of implementing countermeasures
• Probability
• The attacker’s skillset
• Impact

Question 35)
Which are effective countermeasures for authentication bypass threats? Select all that apply.

• Enforce multi-factor authentication (MFA).
• Use complex and unique passwords for user accounts.
• Disable session timeouts.
• Implement strong authentication mechanisms.

Question 36)
What is the primary purpose of the Common Vulnerability Scoring System (CVSS)?

• Predict future vulnerabilities and threats
• Render threat identification and countermeasure design accessible to non-technical stakeholders
• Identify latent threats
• Gauge the severity of security vulnerabilities

Question 37)
What is Step 3 of the PASTA framework called?

• Threat analysis
• Defining objectives
• Defining the technical scope
• Application decomposition

Question 38)
Which of the following are real-world applications of Common Vulnerability Scoring System (CVSS)? Select all that apply.

• Vulnerability prioritization
• Risk assessment
• Threat modeling
• Patch management

Question 39)
Which benefits are associated with the visual dimension introduced by VAST for threat identification? Select all that apply.

• Real-time view of network vulnerabilities
• Enhanced security posture
• Improved resource allocation
• Faster threat detection and response

Question 40)
Fill in the blank: In the SDL process, the __________ phase involves crafting a comprehensive diagram or representation of software or systems.

• Identification
• Diagram Creation
• Mitigation
• Validation

Question 41)
Fill in the blank: Using the persistence tactic, adversaries can achieve persistence through ______________.

• System reboots
• Network configurations
• Startup or run rey Registry modification
• Scheduled tasks

Question 42)
True or False: Worms require human intervention, such as opening a file, to propagate.

• True
• False

Question 43)
Fill in the blank: IoT devices are typically made up of a circuit board with attached sensors that uses _______________ to connect to the internet.

• NFC (Near Field Communication)
• WiFi
• Bluetooth

Question 44)
Fill in the blank: IoT attacks work by exploiting vulnerabilities in the devices or networks, which can be due to various factors such as lack of updates, inadequate device management features, unencrypted data storage and exchange, outdated hardware, insecure network ports, and lack of ________________ protection.

• Data
• User
• Device
• Privacy

Question 45)
True or False: Unencrypted data in many IoT devices makes it challenging for attackers to intercept and read the data.

• True
• False

Question 46)
Which STRIDE model components are used to classify threats in the foundational architecture layers of IoT? Select all that apply.

• Deactivation of features
• Elevation of privilege
• Spoofing

Question 47)
Fill in the blank: Azure IoT offers a comprehensive suite of cloud services, edge components, and __________ managed by Microsoft.

• Web browsers
• Operating systems
• Mobile apps
• SDKs

Question 48)
True or False: Microsoft Defender for IoT focuses exclusively on Information Technology (IT) and does not consider Operational Technology (OT).

• True
• False

Question 49)
Fill in the blank: _______ can be used to effectively detect and block malicious traffic, including zero-day attacks.

• USB devices
• Email servers
• Next-generation firewalls
• Social media platforms

Question 50)
An organization wants to enhance its security monitoring and incident response capabilities in Azure. Which integrated solution would be most suitable for achieving this?

• Azure Application Gateway
• Microsoft Defender for Cloud with Microsoft Sentinel
• Azure Firewall Manager
• Azure Monitor Workbooks

Question 51)
An organization aims to enhance security by minimizing potential damage in case of compromised accounts. Which security measure would be most suitable to achieve this?

• Role-based access control (RBAC)
• Adaptive security
• Multi-factor authentication (MFA)
• Strong perimeter defenses

Question 52)
An organization aims to ensure regulatory compliance within Azure. Which service or tool is best suited for this purpose?

• Azure Firewall
• Azure Policy, Azure Blueprints, and Defender for Cloud
• Azure Key Vault

Question 53)
Which of the following are network security features on Azure? Select all that apply.

• Azure Bastion
• Azure VPN Gateway
• Azure ExpressRoute
• Microsoft Sentinel
• Azure Policy

Question 54)
Fill in the blank: __________ is the linchpin of data security, transforming data into an impenetrable fortress against unauthorized access.

• Access control
• Encryption
• Authorization
• Authentication

Question 55)
What are examples of countermeasures and mitigations in threat modeling? Select all that apply.

• Relocating servers
• Expanding the network infrastructure
• Implementing security controls
• Conducting penetration testing

Question 56)
Fill in the blank: Identifying an application’s vulnerabilities requires technical methods like conducting ____________ and ____________.

• User interface analysis, network monitoring
• Code reviews, vulnerability scans
• Penetration testing, intrusion detection

Question 57)
Fill in the blank: To prevent data leakage threats, it is recommended to implement ____________ for sensitive data.

• Data exposure restrictions
• Data anonymization
• Encryption

Question 58)
True or False: Threat modeling is only useful for large organizations with complex systems.

• True
• False

Question 59)
True or False: The Common Vulnerability Scoring System (CVSS) does not take into account an organization’s environmental context.

• True
• False

Question 60)
True or False: The validation phase in the SDL process assesses the effectiveness of security measures implemented during threat modeling.

• True
• False

Question 61)
What are key components to include in the Azure Virtual Network diagram during the Diagram Creation phase? Select all that apply.

• VPN and ExpressRoute
• Virtual Network Gateways
• Active Directory Domains
• Subnets

Question 62)
True or False: Zero-day vulnerabilities are well-known to software developers or vendors, allowing for immediate remedies when discovered.

• True
• False

Question 63)
Fill in the blank: Rootkits are especially challenging to detect and remove because they hide deep within a computer’s operating system or _______________.

• External hard drive
• Firmware
• RAM
• Software

Question 64)
Which of the following are essential Azure IoT platform services? Select all that apply.

• Azure App Services
• Azure Data Explorer
• Azure Digital Marketplace
• Azure IoT Hub

Question 65)
Which of the following is a key feature of Microsoft Defender for IoT?

• Manual asset discovery
• Active monitoring requiring agent installations on devices
• Basic network discovery tools
• Non-intrusive, passive, and agentless monitoring

Question 66)
Which are recommended advanced security controls for Azure environments? Select all that apply.

• Network security groups (NSGs) and application security groups (ASGs)
• Azure Application Gateway
• Azure firewalls
• Microsoft Defender for IoT
• Azure Front Door and Azure Content Delivery Network (CDN)

Question 67)
True or False: Identity-centric security emphasizes that security should primarily revolve around the network perimeter.

• True
• False

Question 68)
An organization needs to create secure encrypted private virtual tunnels between their on-premises network and Azure. Which Azure service should they utilize for this purpose?

• Azure ExpressRoute
• Azure Private Link
• Azure Bastion
• Azure VPN Gateway

Question 69)
True or False: Role-based access control (RBAC) is considered as a mechanism for enforcing access boundaries on Azure.

• True
• False

Question 70)
Which of the following accurately describes the three steps of threat modeling?

• Conduct user training, implement firewalls, and perform red teaming exercises
• Design the application, deploy security measures, and monitor network traffic
• Identify vulnerabilities, conduct penetration testing, and implement security controls
• Decompose the application, determine and rank threats, and determine countermeasures and mitigation

Question 71)
What are the benefits of threat modeling? Select all that apply.

• To enhance communication and collaboration between different teams
• To make informed decisions on risk acceptance, transfer, and mitigation
• To identify and address potential security threats before they manifest
• To document the different components and interactions within a system

Question 72)
True or False: The PASTA framework is a one-time process that does not require updates.

• True
• *B: False

Question 73)
Fill in the blank: To bolster the overall security posture, organizations following VAST can benefit from ____________.

• Enhanced resource allocation
• Complex cybersecurity processes
• Simplified management
• Reactive response strategies

Question 74)
Fill in the blank: In the mitigation phase for Azure Virtual Networks, the concept of “never trust, always verify” is put into practice by implementing critical Azure Virtual Network security controls. This includes Azure role-based access control (RBAC) and creating network security groups (NSGs). Additionally, RBAC enables granular __________, allowing precise definition of user access to Azure resources.

• Auditing
• Validation
• Monitoring
• Access Control

Question 75)
What is susceptible infrastructure?

• Physical structures resistant to disruptions.
• Physical structures or systems vulnerable to disruptions or failures.
• Virtual structures immune to vulnerabilities.
• Systems resistant to failures due to cyberattacks.

Question 76)
What type of IoT attack involves a cybercriminal wanting to gain control over an IoT device by using default passwords?

• Denial-of-service (DoS)
• Spoofing
• Firmware hijacking
• Use of built-in factory set passwords

Question 77)
True or False: Azure ExpressRoute establishes a dedicated, private connection between your on-premises network and Azure data centers, bypassing the public internet.

• True
• False

Question 78)
What is the first step in the threat modeling process?

• Evaluate the impact of threats
• Determine countermeasures and mitigation
• Determine and rank threats
• Decompose the application

Question 79)
Fill in the blank: The DREAD model stands for Damage, Reproducibility, Exploitability, Affected Users, and ____________.

• Discovery
• Distribution
• Discoverability
• Disturbance

Question 80)
What are the differences between tactics, techniques, and sub-techniques? Select all that apply.

• Techniques denote how an attack is carried out.
• Sub-techniques offer a more granular view within a broader technique.
• Tactics describe the adversary’s objective in a cyberattack lifecycle stage.
• Tactics explain why an attack is carried out.

Question 81)
What is the primary focus of the third layer, also known as the perimeter, in the defense in depth approach for Azure cloud security?

• Ensuring physical security
• Securing computing resources
• Protecting data integrity
• Guarding against network-based attacks

Question 82)
What is the shared responsibility model in cloud computing security?

• A model focused solely on user responsibilities in securing data and infrastructure
• A model where users have no responsibility for securing data and infrastructure
• A model where the cloud provider solely safeguards the data and infrastructure
• A model where providers and users collaborate to secure data and infrastructure

Question 83)
What is the SANS approach?

• A modern and accessible threat modeling framework
• A comprehensive framework to identify, assess, and mitigate security threats and vulnerabilities within software applications
• A risk-centric threat modeling methodology
• A standardized toolset used to gauge the severity of security vulnerabilities

Question 84)
Which are benefits of the MITRE ATT&CK Matrix? Select all that apply.

• Proactive security measures
• Improved threat detection
• Increased network speed and efficiency
• Automated software patching

Question 85)
True or False: Microcontrollers (MCUs) usually run a general-purpose operating system like Windows or Linux.

• True
• False

Question 86)
What is the Purdue model used for in the context of IoT security?

• To implement zero trust criteria
• To develop software applications
• To create hardware root of trust
• To safeguard network bandwidth

Question 87)
An organization wants to implement a security measure that uses machine learning to monitor and block malicious applications. Which measure would be most suitable for addressing this concern?

• Network security groups (NSGs)
• Adaptive application controls
• Just-in-time VM access
• Microsoft Defender for Cloud

Question 88)
What is the primary focus of modern identity security?

• Implementing rigid boundaries for network security
• Relying on strong perimeter defenses
• Managing access rights, authentication, and authorization
• Defending against external threats

Question 89)
True or False: The MITRE ATT&CK Matrix primarily focuses on post-incident scenarios.

• True
• False

Question 90)
An organization is concerned about protecting its devices from malware and other threats. Which solution would be most suitable for addressing this concern?

• Advanced endpoint security solutions
• Intrusion Detection and Prevention Systems (IDS/IPS)
• Security Information and Event Management (SIEM)
• Next-generation firewalls

Question 91)
True or False: Repudiation pertains to a user’s ability to disavow a specific event or action.

• True
• False

Question 17)
What are some characteristics of Trojan horses? Select all that apply.

• They replicate themselves across networks.
• They act as a “backdoor” for hackers.
• They encrypt user files.
• They appear genuine or harmless to users.