Course quiz: Cybersecurity management and compliance Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Management and Compliance | Week 4 Quiz | Course quiz: Cybersecurity management and compliance Quiz Answers with you..
Enrol link: Cybersecurity Management and Compliance
Course quiz: Cybersecurity management and compliance Quiz Answers
Question 1)
Imagine you are the IT head for a medium-sized company that is heavily dependent on Azure for its IT infrastructure. A crucial regional data center faces an outage. Your primary VMs are currently in this data center. What can you do to ensure uninterrupted user access during this situation?
- Disconnect from Azure until the issue is resolved.
- Replicate personal VMs to a different Azure region (secondary location).
- Only rely on local backups of data.
Question 2)
You are a company executive assessing cloud platforms for storing sensitive company data. You read about Azure’s physical security measures. Which of the following measures is a part of Azure’s datacenter physical security protocols?
- Public access to datacenter facilities for viewing purposes.
- Two-factor authentication with biometrics and stringent access restrictions.
- Casual entry for staff and visitors without any checks.
Question 3)
You are designing a cloud infrastructure for a client and need a service that can enforce specific rules and effects over Azure resources to help maintain corporate standards and ensure compliance. Which Azure service would best meet this requirement?
- Azure Application Gateway
- Azure Private Link
- Azure Policy
Question 4)
Which Azure service provides a cloud-native Security Information and Event Management (SIEM) solution?
- Azure Sentinel
- Azure Policy
- Azure Monitor Logs
Question 5)
Your company has decided to adopt Microsoft Azure as its cloud platform. The CTO is looking for a comprehensive approach that guides the company throughout the cloud adoption process. She is particularly interested in understanding the business objectives, planning the adoption timeline, migrating existing workloads, and ensuring post-adoption governance. Which of the following Microsoft offerings would be most suitable for her needs?
- Azure Cloud Adoption Framework (CAF)
- Azure Active Directory (Azure AD)
- Azure Pricing Calculator
Question 6)
Which principle of the zero-trust model in the Microsoft Cloud Adoption Framework for Azure emphasizes granting the minimal level of access necessary for users to perform their functions?
- Principle of maximum access
- Principle of trust verification
- Principle of least privilege
Question 7)
What is one of the main uses of the Microsoft Service Trust Portal?
- To offer a platform for social networking among Microsoft cloud service users.
- To offer access to audit reports and whitepapers for understanding security and compliance mechanisms.
- To provide gaming content for Microsoft cloud services.
Question 8)
You are the security manager for a multi-cloud enterprise and are considering using Microsoft Defender for Cloud’s CSPM capabilities. Your CEO is concerned about additional costs. Which of the following statements would accurately address her concerns?
- All features of CSPM in Defender for Cloud are completely free.
- Microsoft Defender for Cloud charges for all CSPM features, including security recommendations and asset inventory.
- The foundational capabilities of CSPM in Defender for Cloud are free, but optional features such as attack path analysis and advanced threat hunting incur charges.
Question 9)
Which of the following best describes the shared responsibility model in Azure?
- Customers are solely responsible for all aspects of the cloud, including the underlying infrastructure.
- The shared responsibility model divides tasks between Microsoft and its customers, with specifics depending on the service model (IaaS, PaaS, or SaaS).
- Microsoft is solely responsible for all aspects of the cloud, including data and applications.
Question 10)
You are tasked with ensuring that your company’s application hosted on Azure remains operational even in the event of a datacenter failure. Which Azure feature would best help you accomplish this?
- Deploying the application in a single region without utilizing Availability Zones.
- Utilizing Availability Zones to operate the application across physically separate locations within a region.
- Categorizing your application as a “foundational service” in Azure.
Question 11)
True or False: Microsoft is solely responsible for the reliability of applications on Azure.
- True
- False
Question 12)
You are a cloud solutions architect working for a large corporation. The company wants to implement a new cloud-based application on Azure but needs to ensure that the application meets strict security and compliance standards. Which tool from Microsoft would you recommend to help define, enforce, and ensure that their cloud environment remains compliant?
- Azure Marketplace
- Azure Policy
- Azure Data Factory
Question 13)
Which of the following best describes the primary purpose of conducting a risk assessment before migrating to Microsoft Azure?
- To determine the cost of cloud services.
- To select the latest cloud technologies for implementation.
- To ensure the confidentiality, integrity, availability, and privacy of data and systems.
Question 14)
Imagine you are an admin for a large corporation that handles thousands of documents daily. You want a feature that can provide insights into classified content across the organization. Which Microsoft Purview feature would best suit this need?
- Content Explorer
- Data Map Essentials
- Data Lineage
Question 15)
Data Loss Prevention (DLP) primarily ensures that crucial data ______ within an organization’s designated boundaries.
- is deleted
- is labeled
- remains confined
Question 16)
Imagine you are the Data Compliance Officer for a multinational company. A new regulation has been introduced that requires businesses to validate and provide proof of record deletions. Which feature of Microsoft Purview’s records management system would you utilize to ensure compliance with this regulation?
- Start different retention periods when an event occurs with event-based retention.
- Migrate and manage your retention requirements with file plan.
- Review and validate disposition with disposition reviews and proof of records deletion.
Question 17)
Insider threats that intentionally harm the organization for personal gains or grievances are termed as ________.
- Malicious insiders
- External threats
- Accidental breaches
Question 18)
Which of the following actions can be part of the investigation process in Insider Risk Management? Select all that apply.
- Utilizing the User activity chart to delve into the specifics of user behavior.
- Exploring content through the Content explorer to get insights into user data access.
- Ignoring any anomalies in user behavior to avoid unnecessary conflicts.
- Conducting random background checks on employees without any specific alert.
Question 19)
Only those assigned to the ________ role group have access to the User Activity Reports page.
- Compliance Analysts
- Insider Risk Management Investigators
- IT Admins
Question 20)
Jennifer, a senior data analyst, is part of the Daily Sales group in her company. She needs to share a file with the Marketing Team for an upcoming project. Given the company’s implementation of Microsoft Purview Information Barriers (IB), what would be the outcome of her attempt?
- Jennifer will face restrictions and won’t be able to share the file with the Marketing Team.
- Jennifer can easily share the file, and the Marketing Team will access it without any restrictions.
- Jennifer will not be able to share the file because members of the Daily Sales group are prevented from interacting or sharing files with the Marketing Team.
Question 21)
Which of the following are core features of Microsoft’s data governance solutions? Select all that apply.
- Real-time Tracking
- Streamlined Administration
- Automation for Large Scale
- Manual Deletion
Question 22)
The Microsoft Purview Data Map offers an ________ classification feature when scanning data sources.
- Manual
- Intermittent
- Automated
Question 23)
Which of the following are main categories in the Federal Information Security Management Act (FISMA)? Select all that apply.
- Annual Security Reviews
- Risk Categorization
- Authorization to Operate
- Continuous Cloud Monitoring
Question 24)
Which of the following are main components of the National Institute of Standards and Technology (NIST) Framework? Select all that apply.
- Framework Core
- Technology Adaptation Protocols
- Framework Profiles
- Risk Mitigation Techniques
Question 25)
Which entity decides the purpose and method of processing personal data under the General Data Protection Regulation (GDPR)?
- Data Controller
- Processor
- Data Subject
Question 26)
Which of the following best describes the ISO 27001 standard?
- A universally accepted framework for an Information Security Management System (ISMS).
- A global standard solely for cybersecurity threats.
- A universal standard for environmental safety.
Question 27)
Imagine you are a manager at a company that is transitioning to a cloud-based infrastructure. You want to ensure that the cloud services you employ adhere to universally accepted protection controls. Which ISO/IEC standard would you refer to for this purpose?
- ISO/IEC 27017
- ISO/IEC 27000
- ISO/IEC 27002
Question 28)
Which of the following best describes Azure Blueprints?
- Azure Blueprints are JSON files that define the Azure infrastructure and its configurations.
- Azure Blueprints are templates that can be used to quickly set up governed Azure resources and services in a consistent and compliant manner.
- Azure Blueprints are used only for tracking and auditing purposes in Azure.
Question 29)
Which organization developed the Control Objectives for Information and Related Technologies (COBIT) framework for IT governance and management?
- Information Systems Audit and Control Association (ISACA)
- Information Technology Infrastructure Library (ITIL)
- National Institute of Standards and Technology (NIST)
Question 30)
The ______ framework comprises five domains, including Evaluate, Direct and Monitor (EDM) and Align, Plan and Organize (APO).
- Control Objectives for Information and Related Technologies (COBIT)
- Azure Audit Program
- National Institute of Standards and Technology (NIST) Privacy
Question 31)
Which Azure service supports the replication of VMs both between Azure regions and from on-premises infrastructure to Azure?
- Azure Virtual Desktop
- Azure Site Recovery (ASR)
- Azure Backup
Question 32)
Which Azure service offers a secure, cloud-based storage system for cryptographic keys, certificates, and other sensitive data?
- Azure Front Door
- Azure Application Gateway
- Azure Key Vault
Question 33)
True or False: The Azure Cloud Adoption Framework (CAF) focuses exclusively on the migration of data and applications to the Azure cloud.
- True
- False
Question 34)
True or False: The Microsoft Service Trust Portal focuses exclusively on data privacy and has no features related to compliance.
- True
- False
Question 35)
True or False: Microsoft Defender for Cloud’s integration with CSPM only provides security insights for Azure cloud services.
- True
- False
Question 36)
You are a cloud architect for a medium-sized company that is transitioning its applications to Azure. You’ve been tasked with setting up virtual machines across multiple regions for disaster recovery. Which of the following statements aligns with the shared responsibility model in this context?
- Microsoft will automatically set up cross-region replication for the virtual machines.
- While Azure provides the platform, the onus is on you to set up cross-region replication for resilience against potential regional failures.
- Microsoft will automatically detect regional failures and create a duplicate set of virtual machines in an active region.
Question 37)
What is the primary purpose of Azure Availability Zones?
- To manage user access and data for the services.
- To ensure high availability by housing independent power, cooling, and networking in physically separate locations within a region.
- To categorize Azure services based on their regional availability.
Question 38)
Consider an e-commerce company hosting its application on Azure. It wants to ensure the highest level of reliability for their application, especially during peak sales events. Which of the following would be a crucial step for the company in terms of reliability planning?
- Ignore any potential failure points as Azure will handle all disruptions.
- Rely solely on Microsoft’s service learning agreement (SLA) guarantees without setting their own target SLAs.
- Design the application’s reliability features based on its availability requirements and use availability zones for disaster recovery planning.
Question 39)
Which of the following describes the primary objective of compliance in the context of cloud services?
- To ensure adherence to regulatory, legal, and company standards and policies.
- To maximize profit margins for businesses.
- To guarantee the maximum uptime of cloud servers.
Question 40)
Which of the following methods does Microsoft Purview offer for data classification?
- Classification based on public opinion.
- Automated pattern recognition, such as sensitive information types.
- Using third-party plugins.
Question 41)
Which of the following best describes the primary function of Data Lifecycle Management (DLM)?
- It is a policy-based methodology that directs the movement of data from its creation to its eventual disposal.
- It is a strategy to prevent unauthorized access to sensitive information.
- It deals with sensitivity labels applied to classify data based on its importance.
Question 42)
John, an employee in a multinational company, is frustrated about not receiving a promotion. He decides to share proprietary information with a competitor as revenge. What type of insider threat does John’s action represent?
- Third-Party Threat
- Intentional Threat
- Accidental Data Breach
Question 43)
Which of the following best describes the purpose of User Activity Reports in managing insider threats?
- User Activity Reports facilitate the examination of potentially risky behaviors for specific users over a designated time frame, without necessarily linking them to an insider risk management policy.
- User Activity Reports only monitor users who have been previously linked to an insider risk management policy.
- User Activity Reports are used exclusively for employees that violate insider risk management policies.
Question 44)
Which of the following best describes the purpose of Communication compliance policies within an organization?
- To facilitate video conferencing between team members.
- To ensure that internal messaging aligns with corporate, legal, and regulatory standards.
- To encrypt all communication for added security.
Question 45)
Jane, a data analyst in a firm, is tasked with ensuring that company emails containing sensitive information are stored only for a specific period. She recalls a tool from Microsoft that can help her with this. Which Microsoft feature should Jane use for this purpose?
- Data Lifecycle Management
- Sensitivity labels
- Retention labels
Question 46)
Which of the following best describes the primary purpose of the Federal Information Security Management Act (FISMA)?
- To bolster the security framework around federal information systems in the United States.
- To mandate federal organizations to adopt cloud computing.
- To provide a standardized approach for cloud services and products.
Question 47)
The National Institute of Standards and Technology (NIST) Framework emphasizes aligning cybersecurity activities with ________ and integrating cybersecurity risks into an organization’s overall risk management strategy.
- technological advancements
- business objectives
- global standards
Question 48)
ISO 27001 is part of the larger _______ family which focuses on various aspects of information security.
- ISO/IEC 28000
- ISO/IEC 27000
- ISO/IEC 25000
Question 49)
True or False: Azure claims ownership over customer data and monitors the data stored on its platform.
- True
- False
Question 50)
True or False: Azure Front Door is limited to a specific Azure region and does not offer global scalability.
- True
- False
Question 51)
True or False: Azure Log Analytics Workspaces are mainly used for storing security policies and configurations.
- True
- False
Question 52)
You are a cloud security consultant working with a company that is adopting Azure. The company wants to ensure that security is embedded in its development and deployment processes. Based on the Microsoft Cloud Adoption Framework, which approach should you recommend?
- Integrating security with DevOps practices (DevSecOps) and aligning security with operational processes.
- Isolating security from development processes and handling it separately after deployment.
- Implementing security measures only in the final stages of deployment.
Question 53)
Imagine you work for a global financial institution that needs to stay compliant with various regional regulations. Which feature of the Microsoft Service Trust Portal would be most valuable to your organization?
- Compliance Manager, which helps with GDPR compliance.
- Data Privacy and Compliance Tools, specifically the Data Subject Requests section.
- Industry and Regional Information, providing compliance guidance for financial services by country/region.
Question 54)
True or False: Each Azure region consists of multiple Availability Zones.
- True
- False
Question 55)
True or False: The Center for Internet Security (CIS) benchmarks offer configuration standards for securing a system and have two security setting levels: Level 1 for basic security and Level 2 for enhanced security.
- True
- False
Question 56)
True or False: In Microsoft Azure’s shared responsibility model, the Cloud Service Provider (CSP) is solely responsible for both security and compliance for all cloud deployment types.
- True
- False
Question 57)
Sarah, a member of the IT department, noticed an alert on the Insider Risk Management dashboard that a certain user has accessed sensitive files multiple times within a short period. Given the nature of the alert, what is the most likely next step Sarah should take in the insider risk management process?
- Initiate an investigation using the User activity reports to thoroughly examine the user’s activities over the specified period.
- Send a reminder notice to the user without further examination.
- Dismiss the alert without further investigation.
Question 58)
Emily, a data administrator in a multinational corporation, receives an email notifying her of content nearing the end of its retention duration. The email advises her to review the content before deciding on its disposition. What feature of Microsoft Purview is being utilized?
- Automatic Classification with Microsoft Purview Data Map.
- Disposition Review in Microsoft Purview Compliance Portal.
- Custom Classification in Microsoft Purview Portal.
Question 59)
Imagine you’re an IT consultant for a federal agency. The agency wants to refine its security controls based on current risks and potential threats. Which primary category from the Federal Information Security Management Act (FISMA) would you advise the agency to focus on?
- Refine Controls Using a Risk Assessment Procedure.
- Minimum Baseline Controls.
- Document the Controls in the System Security Plan.
Question 60)
You are the CIO of a company that uses Microsoft Office 365. An employee accidentally sent confidential data to an unauthorized external email. What best describes this situation under the General Data Protection Regulation (GDPR)?
- It is a Data Protection Impact Assessment (DPIA) incident.
- It is a Data Subject Request (DSR).
- It may be considered a personal data breach.
Question 61)
You are an IT manager aiming to ensure that your cloud infrastructure deployments adhere to the ISO standards for security and compliance. Which of the following would be the most suitable approach in Azure to enforce and maintain such standards across multiple deployments?
- Relying solely on manual audits post-deployment to ensure compliance with ISO standards.
- Creating and applying Azure Blueprints that are aligned with ISO standards, ensuring each deployment within their scope adheres to these guidelines.
- Storing ARM templates locally and deploying resources without any connections to the templates.
Question 62)
Jane works at a multinational corporation and is considering a framework to help her organization align IT goals with business objectives. She needs a comprehensive framework that also provides guidance on assessing IT controls, best practices, and more. Which framework would you recommend to Jane?
- ISO/IEC 15504
- Control Objectives for Information and Related Technologies (COBIT)
- Azure Audit Program
Question 63)
Which of the following are crucial steps in preparing for defining cloud service privacy requirements? Select all that apply.
- Organizing preparatory resources
- Selecting a cloud service provider
- Researching new cloud technologies
- Determining privacy capabilities
Question 64)
Which of the following best describes the purpose of the Azure Cloud Adoption Framework (CAF)?
- To provide a list of Microsoft Azure’s cloud services and their pricing details.
- To provide best practices, documentation, and tools that help organizations effectively achieve their cloud adoption objectives.
- To serve as a platform for deploying and hosting applications on the Microsoft Azure cloud.
Question 65)
Which of the following describes the primary function of Cloud Security Posture Management (CSPM)?
- Managing the financial aspects of cloud deployments.
- Enhancing the speed of cloud migrations.
- Maintaining and enhancing cloud environments’ security through continuous assessment and automation.
Question 66)
Which of the following are integral components related to Microsoft Purview’s approach to managing and protecting data? Select all that apply.
- Data Classification
- Sensitivity Labels
- Retention Policies
- Data Encryption
Question 67)
Which of the following statements correctly describe the role of automated audits in compliance? Select all that apply.
- Automated audits create a transparent system.
- Automated audits replace the need for records management.
- Automated audits offer quick identification of irregularities.
- Automated audits only function reactively after a breach has been detected.
Question 68)
Fill in the blank: Insider risk management allows organizations to proactively _______, assess, and mitigate internal threats.
- Prioritize
- Monitor
- Identify
Question 69)
Emma, a risk investigator, receives a tip about a user’s potentially risky behavior. The user is not explicitly mentioned in any insider risk management policy. Which tool should Emma use to investigate this tip?
- Incident Response Plan
- User Activity Reports
- Alert Dashboard
Question 21)
Before devising strategies to protect and govern data, organizations must first understand the ________ and nature of the data they hold.
- extent
- type
- protection
Question 70)
Which of the following best describes the primary advantage of classifying data assets?
- To simplify their understanding, searching, and governance.
- To create multiple copies of data for backup purposes.
- To track the total number of data assets in an organization.
Question 71)
Which of the following are unique controls introduced in the ISO/IEC 27017 standard? Select all that apply.
- Shared roles and responsibilities within a cloud computing environment
- Allocation of duties
- Removal and return of cloud service customer assets upon contract termination
- Ensuring data availability
Question 72)
Which of the following are key principles of Control Objectives for Information and Related Technologies (COBIT)? Select all that apply.
- Separate Governance from Management
- Address Stakeholder Needs
- Maximize Cloud Utilization
- Ensure Rapid Deployment
Question 73)
Which of the following describes Azure’s approach to data security for customer data access by support personnel?
- All support personnel have default access to customer data.
- Only senior administrators are granted access to customer data.
- Access is denied by default and granted on a need-to-know basis.
Question 74)
Which of the following best describes the goal of resiliency in the context of reliability?
- To provide consistent access to your application.
- To return your application to a fully functioning state after a failure occurs.
- To define the permissible downtime for an application.
Question 75)
A finance company is migrating its applications to Microsoft Azure and has cataloged all the apps. One of the apps handles sensitive financial transactions and has access to PCI and PII data. In the event of a denial of access to this app, the company stands to lose a significant amount of revenue. Based on the provided information, how should the company classify the impact level of this app?
Low Business Impact (LBI)- High Business Impact (HBI)
- Medium Business Impact (MBI)
Question 76)
True or False: Microsoft Purview’s trainable classifiers can handle encrypted items.
- True
- False
Question 77)
Which of the following are potential impacts of insider threats on an organization? Select all that apply.
- Increased employee morale.
- Reputational damage.
- Improved operational efficiency.
- Financial loss.
Question 78)
True or False: Information Barriers (IB) in Microsoft Purview allow unrestricted two-way communication between all groups and users within Microsoft Teams, SharePoint, and OneDrive.
- True
- False
Question 79)
You’re working with a third-party vendor who requires access to specific resources in your Azure environment. You want to ensure that they only have access to the resources they require, and no more. Which Azure feature would you employ to achieve this?
- Role-Based Access Control (RBAC)
- Azure Private Link
- Azure Compliance Manager
Question 80)
True or False: In the Microsoft Cloud Adoption Framework for Azure, security operations emphasize the integration of security measures with the overall organizational mission and goals.
- True
- False
Question 81)
True or False: In the Infrastructure as a Service (IaaS) model within Azure, Microsoft is responsible for managing applications, data, and user access.
- True
- False
Question 82)
Fill in the blank: Privacy management ensures that personal data is collected, stored, used, and shared in compliance with ______ laws.
- data protection
- cybersecurity
- copyright
Question 83)
Under the General Data Protection Regulation (GDPR), a ________ is a security breach that can lead to the unintentional or illegal destruction, loss, alteration, unauthorized disclosure, or access to personal data.
- Personal data breach
- Data Subject Request (DSR)
- Data Protection Impact Assessment (DPIA)
Question 84)
True or False: One of the features of Azure Blueprints is resource locking, which ensures that the defined resources and configurations in a blueprint are protected from unwanted changes.
- True
- False
Question 85)
Which framework outlines the fundamental privacy functions, categories, and subcategories for cloud services?
- Control Objectives for Information and Related Technologies (COBIT) Framework
- Microsoft Azure Audit Program
- National Institute of Standards and Technology National Institute of Standards and Technology (NIST) Privacy Framework
Question 86)
Which of the following are key controls outlined in the ISO 27001 standard? Select all that apply.
- Access Control
- Organizational Culture
- Communications Security
- Information Security Policies