All Coursera Quiz Answers

Course quiz: Cybersecurity tools and technologies Quiz Answers

In this article i am gone to share Coursera Course: Cybersecurity Tools and Technologies | Course quiz: Cybersecurity tools and technologies Quiz Answers with you..

Enrol Link:  Cybersecurity Tools and Technologies

 

Course quiz: Cybersecurity tools and technologies Quiz Answers

Question 1)
One of the primary responsibilities of the blue team in cybersecurity is _______________ network traffic for suspicious activity.

  • Monitoring
  • Analyzing
  • Managing

Question 2)
Imagine you work for Sam’s Scoops as a cybersecurity analyst. You are part of the red team, what would be one of the primary objectives of the red team in cybersecurity?

  • Monitoring network traffic and detecting suspicious activity.
  • Developing software patches and updates.
  • Managing physical security for the organization.
  • Conducting ethical hacking and penetration testing to identify vulnerabilities.

Question 3)
Sam has expressed concerns about the security of Sam’s Scoops online platform. As a cybersecurity consultant working at Sam’s, you have been tasked with conducting the reconnaissance phase of the test, what are its primary activities?

  • Information gathering, footprinting, and scanning.
  • Enumeration, exploitation, and reporting.
  • Social engineering, malware analysis, and intrusion detection.
  • Vulnerability assessment, escalation, and remediation.

Question 4)
Which of the following tools or strategies are used for locating vulnerabilities in a target system’s configuration or software?

  • Network sniffing and social engineering.
  • Nessus and vulnerability scanning.
  • Firewall configuration and antivirus software.
  • Port scanning and banner grabbing.

Question 5)
Which of the following methods is primarily used to manipulate database queries?

  • SQL injection
  • Cross-site scripting (XSS)
  • Buffer overflow
  • Payload injection

Question 6)
One of the goals of the escalation stage in a penetration test is achieving __________.

  • privilege escalation
  • data exfiltration
  • vulnerability assessment

Question 7)
If you are tasked with the reporting and remediation stage of a penetration test in cybersecurity, what are the best practices that you would implement?

  • Share the report only with the IT department.
  • Provide specific and actionable recommendations.
  • Include a summary of the penetration tester’s background and qualifications.
  • Use only technical language in the report.

Question 8)
What is the goal of implementing the MITRE ATT&CK framework?

  • Evaluating financial risks in cybersecurity.
  • Documenting cybersecurity policies.
  • Decreasing the adaptability of an organization’s cybersecurity.
  • Improving threat detection and response capabilities.

Question 9)
You are tasked with conducting a black box test on Sam Scoops applications. The application, known as “SecureGuard,” is designed to manage user authentication and authorization for sensitive financial data.

What is the primary focus of black box testing during Sam’s Scoops’s SecureGuard application security assessment? Select all that apply.

  • Identifying potential vulnerabilities in the application’s source code.
  • Testing SecureGuard’s compatibility with various operating systems.
  • Assessing the efficiency of SecureGuard’s code implementation.
  • Evaluating the application’s functionality without knowledge of its internal workings.

Question 10)
You are a cybersecurity specialist tasked with conducting white box testing for a critical software application in Sam’s Scoops which deals with sensitive customer data. What would be the primary purpose of white box testing at Sam’s Scoops for their critical software application? Select all that apply.

  • To ensure that all possible execution paths within the software are covered.
  • To identify and remediate security flaws at the source code level.
  • To evaluate the software’s performance under various real-world conditions.
  • To subject the software to random data inputs to check its response.

Question 11)
What is the primary characteristic of grey box testing?

  • Gives you partial knowledge of the system’s internals.
  • Gives you zero knowledge of the system’s internals.
  • Focuses solely on the system’s functionality.
  • Gives you complete knowledge of the system’s internals.

Question 12)
How can Azure Firewall Premium IDPS reduce false positives?

  • By using intrusion prevention techniques.
  • By employing signature-based detection.
  • By increasing the number of alerts.
  • By blocking all incoming traffic.

Question 13)
Sam’s Scoops recently implemented Azure Firewall Premium IDPS to enhance its cybersecurity. If you were configuring the IDPS rules and policies on the IDPS, which options would be found in the IDPS tab of the Azure Firewall Premium policy settings? Select all that apply.

  • Manage signature rules.
  • Activate IPDS in “alert” mode or “alert and deny” mode.
  • Add specific IP addresses to the bypass list.
  • Configure private IP ranges.

Question 14)
What is the most likely action the IT manager at Sam’s Scoops would take in response to a potential DDoS attack alert from the network based IDPS?

  • Increase network bandwidth to accommodate the attack.
  • Disconnect the entire network to prevent further attacks.
  • Ignore the alert and continue normal network operations.
  • Block the IP address associated with suspicious traffic.

Question 15)
What is the primary purpose of a well-designed firewall strategy in Azure?

  • To reduce the cost of Azure services.
  • To simplify Azure management and deployment.
  • To increase network performance and speed.
  • To protect Azure resources from unauthorized access and cyber threats.

Question 16)
Which Azure Firewall feature allows you to control the order in which rules are applied?

  • Rule priorities
  • Rule conditions
  • Rule types
  • Rule actions

Question 17)
If you were designing the integration of network security groups (NSGs) and Azure Firewall in Microsoft Azure what would be your primary consideration?

  • To prioritize the rule order, avoid overlapping rules, and enable logging and monitoring.
  • To eliminate NSGs to avoid rule conflicts with Azure Firewall.
  • To integrate NSGs and Azure Firewall without any specific design considerations.
  • To focus solely on application-level filtering without considering network rules.

Question 18)
What encryption methods are used by a Point-to-Site VPN gateway connection for secure communication?

  • Both Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec)
  • Internet Protocol Security (IPsec) only
  • Point-to-Point Tunnelling Protocol (PPTP) only
  • Secure Sockets Layer (SSL) only

Question 19)
To give their Azure virtual network users safe access, Sam’s Scoops has developed a Point-to-Site VPN solution. The effective configuration and management of this VPN solution is the responsibility of Sam’s Scoops’ IT department. Select all that apply.

Which Point-to-Site (P2S) VPN connection authentication mechanism would work best for keeping Sam’s Scoops virtual network users safe, with regards to Windows, macOS, Android, iOS, and Linux devices? Select all that apply.

  • Active Directory Domain Server authentication
  • SMTP authentication
  • Azure Active Directory authentication
  • Certificate authentication

Question 20)
If you wanted to address vulnerabilities effectively in your organization, what is one of the strategies you could use from the vulnerability management process?

  • Prioritizing vulnerabilities based on their alphabetical order.
  • Ignoring vulnerabilities until a permanent solution is available.
  • Implementing additional security controls, such as firewalls, intrusion detection systems, or access controls.
  • Waiting for software vendors to release patches without any immediate action.

Question 21)
Sam’s Scoops is a growing company that uses Microsoft Azure for its cloud infrastructure. They are concerned about the security of their Azure environment and want to implement best practices for vulnerability management. The IT manager at Sam’s Scoops is studying the provided content to ensure that their Azure environment is well-protected against potential threats.

Which Azure security tool focuses on identity-based attacks and insider threats, using behavioral analytics and machine learning?

  • Azure Application Gateway
  • Microsoft Defender for Identity
  • Azure Web Application Firewall (WAF)
  • Azure Information Protection (AIP)

Question 22)
Which CLI tool is used for searching for specific patterns within text files, logs, and outputs from other tools, aiding in identifying relevant information?

  • Grep
  • Wireshark
  • Metasploit Framework
  • Burp Suite

Question 23)
If you wanted to retrieve a list of active virtual machines in your Azure environment, which of the following PowerShell commands would you use?

  • Get-AzKeyVault
  • Get-AZVM
  • Get-AZNetworkSecurityGroup
  • Get-AZSQLDatabase

Question 24)
Which of the following activities are not encouraged during penetration testing in Azure environments, according to Microsoft’s Rules of Engagement? Select all that apply.

  • Scanning other Azure customer’s assets.
  • Running vulnerability scanning tools on your Azure virtual machine.
  • Attempting phishing attacks on Microsoft’s employees.
  • Conducting distributed denial-of-service (DDoS) attacks.

Question 25)
What is the primary objective of offensive techniques in the context of Azure penetration testing?

  • To develop an incident response plan.
  • To strengthen security measures and prevent unauthorized access.
  • To identify vulnerabilities and potential security gaps within a target environment.
  • To implement access control and identity management.

Question 26)
Sam’s Scoops is a rapidly growing company that relies on Microsoft Azure for its cloud infrastructure. As part of their ongoing security measures, they decide to conduct penetration testing on their Azure environment to identify vulnerabilities. Which of the following steps form part of the penetration testing process? Select all that apply.

  • Conduct penetration testing without any testing environment setup.
  • Choose penetration testing tools that align with Azure’s policies and security guidelines.
  • Obtain proper authorization and document the testing plan.
  • Select an appropriate testing approach, such as clear box testing.

Question 27)
Sam’s Scoops, a rapidly growing company, is preparing for a penetration testing exercise to ensure the security of its Azure resources. They have just configured an Automation Account in their Azure environment to automate various operations and management tasks. Now, they need to take the next steps in securing their resources.

What should Sam’s Scoops do after configuring their Automation Account in Azure for penetration testing? Select all that apply.

  • Create tags for the Automation account.
  • Set the network connectivity configuration to private access.
  • Skip the validation step and proceed with testing.
  • Review the Automation Account settings and deploy it.

Question 28)
Sam’s Scoops is planning to conduct a penetration test to identify the vulnerabilities of its web applications hosted on Azure. As the IT security manager, you are tasked with selecting an open-source penetration testing tool specifically designed for this purpose. Which tools fit this criteria? Select all that apply.

  • OWASP Zap
  • Metasploit framework
  • SQLMap
  • Hydra

Question 29)
Which steps are part of the process of web application penetration testing using Azure CLI and Azure PowerShell? Select all that apply.

  • Automating input validation tests.
  • Prioritizing vulnerabilities based on their potential impact.
  • Analyzing security headers.
  • Installing additional web application security tools.

Question 30)
Why is creating an Automation account important in the context of penetration testing in Azure Security Center (Defender for Cloud)?

  • To set the start time for penetration testing.
  • To configure the recurrence frequency.
  • To generate alert policies.
  • To execute automated penetration tests.

 

Question 31)
Which of the following is a primary responsibility of the blue team in cybersecurity?

  • Managing cloud infrastructure.
  • Developing security policies.
  • Monitoring network traffic for suspicious activity.
  • Conducting penetration tests.

Question 32)
What is the primary objective of the red team in cybersecurity?

  • Developing security policies.
  • Monitoring network traffic for suspicious activity.
  • Assessing regulatory compliance.
  • Identifying vulnerabilities and weaknesses in an organization’s defenses.

Question 33)
Imagine you are tasked with conducting the reconnaissance stage of penetration testing for an organization, which of the below best describes its main purpose?

  • To report on the progress of the penetration test.
  • To exploit vulnerabilities in the target system.
  • To gather valuable information about the target’s systems, applications, and users.
  • To identify potential attack vectors.

Question 34)
True or False: Nessus and vulnerability scanning are typically utilized to uncover vulnerabilities in a target system’s configuration or software.

  • True
  • False

Question 35)
Sam’s Scoops recently conducted a penetration test to assess the security of their internal systems. After completing the testing phases, they are now in the reporting and remediation stage.

What should be included in the report during this stage for Sam’s Scoops penetration test? Select all that apply.

  • A summary of the testing methodology employed during the penetration test.
  • A plan for future penetration tests.
  • A detailed list of vulnerabilities found during testing.
  • An appendix with screenshots and network diagrams.

Question 36)
What is the primary focus of white box testing?

  • Identifying potential vulnerabilities by examining the internal structure, design, and code.
  • Analyzing system functionality without knowledge of internal workings.
  • Testing the system’s functionality without any knowledge of its internal workings.
  • Manipulating the inputs and observing the outputs.

Question 37)
Which type of testing combines elements of both black box testing and white box testing?

  • Red box testing
  • Black box testing
  • Grey box testing
  • Clear box testing

Question 38)
How can Azure Firewall Premium IDPS reduce false positives?

  • By blocking all incoming traffic.
  • By employing signature-based detection.
  • By using intrusion prevention techniques.
  • By increasing the number of alerts.

Question 39)
What is the purpose of the bypass list in Azure IDPS?

  • To add specific IP addresses as safe zones.
  • To edit private IP ranges.
  • To remove all private IP ranges.
  • To list private IP ranges for identification.

Question 40)
If Sam’s Scoops implemented an Intrusion Detection and Prevention System (IDPS) to protect its network infrastructure and critical assets. Which of the following would be a correct response by the IPDS to a Distributed Denial of Service (DDoS) attack? Select all that apply.

  • Engage a cybersecurity firm to investigate the attack and provide recommendations for network hardening.
  • Implement a failover system to redirect traffic to alternative servers during the attack.
  • Activate DDoS mitigation techniques like traffic filtering, rate limiting, and diverting traffic to absorb the attack.
  • Start a social media campaign to inform customers about the attack.

Question 41)
Sam’s Scoops is exploring key design principles and techniques for firewall implementation in Azure. If Sam wanted to implement traffic segmentation in their Azure environment, which of the following would best describe traffic segmentation’s main purpose?

  • Preventing lateral movement of threats and reducing the attack surface
  • Accelerating data transfer between virtual networks
  • Reducing the number of virtual networks
  • Ensuring backward compatibility with legacy systems

Question 42)
In Azure Firewall, which type of rule is based on fully qualified domain names (FQDNs)?

  • Source IP rules
  • Rule priorities
  • Application rules
  • Network rules

Question 43)
Sam’s Scoops IT team is currently in the process of enhancing network security to protect their Azure resources. They are currently integrating network security groups (NSGs) and Azure Firewall to optimize their security and traffic flow within their Azure environment.

What of the following is a key design consideration they must make when integrating the network security groups (NSGs) with Azure Firewall for network security in Microsoft Azure? Select all that apply.

  • Creating non-overlapping rules between NSGs and Azure Firewall
  • Enabling logging and monitoring on the on-premises firewall
  • Limiting the use of Azure Firewall
  • Ensuring rule prioritization

Question 44)
Sam’s Scoops is in the process of implementing a Point-to-Site (P2S) VPN gateway connection. Which of the following would best describe what key benefits and features a Point-to-Site (P2S) VPN gateway connection will bring to Sam’s Scoops? Select all that apply.

  • Integration with Azure services.
  • Support for only Windows operating systems.
  • Security and encryption.
  • Scalability and elasticity.

Question 45)
Sam’s Scoops has recently undergone a comprehensive cybersecurity assessment that revealed several vulnerabilities in their IT infrastructure. They are planning to address these vulnerabilities as part of its vulnerability management process. What is the first step Sam’s Scoops should take in their vulnerability management process?

  • Establish a risk tolerance policy.
  • Conduct a risk assessment of all vulnerabilities.
  • Apply patches and updates to all systems.
  • Identify vulnerabilities in its IT infrastructure.

Question 46)
Which Azure security tool focuses on protecting web applications from common web vulnerabilities and attacks, including SQL injection and cross-site scripting (XSS)?

  • Azure Information Protection (AIP)
  • Microsoft Defender for Identity
  • Azure Web Application Firewall (WAF)
  • Azure Application Gateway

Question 47)
To obtain details about Azure Key Vaults, you should use the ______________ PowerShell command.

  • Get-AZVM
  • Get-AzureADUser
  • Get-AzKeyVault

Question 48)
Which of the following is a potential consequence of not testing Azure resource security?

  • Increased vulnerability to cyberattacks
  • Improved network speed
  • Enhanced data encryption
  • Decreased cloud costs

Question 49)
Which of the following is an example of an offensive technique in Azure penetration testing?

  • Developing an incident response plan.
  • Encryption of data at rest and in transit.
  • Access control and identity management.
  • Vulnerability scanning.

Question 50)
Sam’s Scoops is a rapidly growing company that relies on Microsoft Azure for its cloud infrastructure. As part of their ongoing security measures, they decide to conduct penetration testing on their Azure environment to identify vulnerabilities. Which of the following steps form part of the penetration testing process? Select all that apply.

  • Select an appropriate testing approach, such as clear box testing.
  • Obtain proper authorization and document the testing plan.
  • Conduct penetration testing without any testing environment setup.
  • Choose penetration testing tools that align with Azure’s policies and security guidelines.

Question 51)
Which of the following are steps for configuring Azure resources for penetration testing? Select all that apply.

  • Creating various types of resources, such as virtual machines and databases.
  • Setting up auto-scaling for virtual machine instances.
  • Configuring identity and access management using Azure Active Directory and RBAC.
  • Configuring storage options and access controls.

Question 52)
What is the main objective of setting up Metasploit and other penetration testing frameworks on Azure?

  • To immediately start conducting penetration tests.
  • To create Azure administrator accounts.
  • To customize and prepare the framework for penetration testing on Azure resources.
  • To ensure compatibility with Azure’s security policies.

Question 53)
Which of the following web application security headers are analyzed during penetration testing with Azure CLI and Azure PowerShell?

  • Content Security Policy (CSP)
  • That’s correct. Content Security Policy (CSP) is an important security header analyzed during penetration testing.
  • HTTP Cache-Control
  • HTTP User-Agent
  • HTTP Content-Type

 

Question 54)
What is one of the primary objectives of the red team in cybersecurity?

  • Managing incident response procedures.
  • Monitoring network traffic for suspicious activity.
  • Identifying vulnerabilities and weaknesses in an organization’s defenses.
  • Conducting penetration tests.

Question 55)
You are tasked with the crucial enumeration stage of penetration testing. But what makes enumeration an essential phase in penetration testing? Select all that apply.

  • It ensures that all vulnerabilities are patched immediately.
  • It helps testers identify weaknesses that potential attackers could exploit.
  • It allows testers to gather information about the target system, including its IP address, operating system, and open ports.
  • Enumeration helps testers prioritize areas of the system for further testing.

Question 56)
Sam’s recently conducted a penetration test to evaluate the security of their internal systems. After achieving privilege escalation during the penetration the team aimed to extract sensitive data from the compromised system. Which methods could they have used for data exfiltration? Select all that apply.

  • Network tunneling.
  • File transfer protocols like FTP, SCP, and SFTP.
  • Conducting phishing attacks on employees.
  • Exploiting known software vulnerabilities.

Question 57)
Why is it important to use clear and concise language in a cybersecurity penetration test report?

  • To add complexity to the report.
  • To ensure the report remains lengthy.
  • To simplify the technical content for all stakeholders.
  • To focus solely on technical audiences.

Question 58)
What is the primary goal of the tactics section in the MITRE ATT&CK framework?

  • Providing a knowledge base of adversary tactics and techniques.
  • Listing the names of cyber threats.
  • Explaining the techniques used by adversaries.
  • Describing the impact of cyberattacks.

Question 59)
What is the primary focus of black box testing?

  • Analyzing internal code structure.
  • Debugging and optimizing the system.
  • Examining system functionality without knowledge of internal workings.
  • Conducting load testing.

Question 60)
In the Azure Firewall Premium policy, what does the alert and deny option mean when configuring IPDS mode?

  • It blocks harmful traffic without sending alerts.
  • It sends alerts and blocks harmful traffic.
  • It sends alerts but doesn’t block harmful traffic.
  • It neither sends alerts nor blocks harmful traffic.

Question 61)
Sam’s Scoops is interested in setting up firewall rules using Azure Firewall to enhance the security of its Azure environment. What types of rules would Azure Firewall offer for Sam’s Scoops to configure?

  • IP rules and port rules
  • Domain rules and protocol rules
  • Network rules and application rules
  • Inbound rules and outbound rules

Question 62)
Which authentication method for Point-to-Site VPN clients allows users to connect to Azure using their Azure Active Directory (Azure AD) credentials?

  • Certificate authentication
  • Active Directory Domain Server (AD DS) authentication
  • RADIUS server authentication
  • Azure AD authentication

Question 63)
What is the primary purpose of conducting vulnerability scanning in the vulnerability management process?

  • To continuously evolve and keep up with emerging threats and new vulnerabilities.
  • To identify potential vulnerabilities in networks, systems, and applications.
  • To identify all vulnerabilities in an organization’s environment.
  • To simulate attacks and attempt to exploit known vulnerabilities.

Question 64)
What is one of the key strategies for addressing vulnerabilities effectively in the Azure environment?

  • Implementing automated security controls to minimize human error.
  • Conducting security assessments and vulnerability scans only once a year.
  • Applying patches only when security updates are several months old.
  • Ignoring vulnerabilities until they are exploited.

Question 65)
Which of the following CLI tools are essential for conducting comprehensive security assessments in penetration testing? Select all that apply.

  • Wireshark – Network Protocol Analyzer
  • Malicious Software Removal Tool by Microsoft
  • Grep and Regular Expressions
  • Nmap – Network Mapping

Question 66)
Sam’s Scoops relies heavily on Microsoft Azure for its cloud computing needs. The company’s IT team is considering conducting penetration testing to assess the security of their Azure environment. What is the first step they should take before conducting penetration testing in their Azure environment?

  • Disable all security updates on Azure systems to identify vulnerabilities more easily.
  • Share their testing plan with other Azure customers to gather their insights.
  • Conduct a distributed denial-of-service (DDoS) attack to assess Azure’s response capabilities.
  • Ensure that they have the necessary permissions from all stakeholders.

Question 67)
What is the primary goal of penetration testing in Microsoft Azure?

  • To exploit vulnerabilities in the Azure environment.
  • To deploy dedicated testing environments within Azure.
  • To simulate real-world cyberattacks and assess the system’s ability to withstand them.
  • To secure proper authorization for conducting tests.

Question 68)
Which penetration testing tool provides various exploitation tools for privileged escalation, packet sniffing, screen capture, and pivoting, making it modular and extensible?

  • Gobuster
  • Metasploit framework
  • SQLMap
  • Network Mapper (Nmap)

Question 69)
What is the purpose of configuring alert policies in Azure Security Center (Defender for Cloud) during penetration testing?

  • To create a schedule for penetration testing.
  • To specify the start time of the penetration test.
  • To publish the runbook.
  • To track and respond to security issues.

Question 70)
True or False: The blue team is primarily responsible for managing cloud infrastructure in cybersecurity.

  • True
  • False

Question 71)
During the reconnaissance stage of penetration testing, what activities are typically performed?

  • Exploiting vulnerabilities in the target system.
  • Gathering valuable information about the target’s systems, applications, and users.
  • Testing the target’s intrusion detection systems.
  • Conducting security awareness training for employees.

Question 72)
What is the primary purpose of Azure Firewall Premium IDPS?

  • To optimize cloud application performance.
  • To protect Azure resources from malicious traffic.
  • To manage cloud infrastructure.
  • To automate cloud resource provisioning.

Question 73)
Which Azure network topology is designed to centralize network services in a hub virtual network while connecting it to spoke virtual networks?

  • Azure Firewall with private endpoints
  • Virtual network peering
  • Hub and spoke
  • High availability zones

Question 74)
What is the advantage of using Active Directory Domain Server (AD DS) authentication for Point-to-Site VPN in Azure?

  • It allows users to connect from any device, including non-Windows devices.
  • It supports Azure Multi-Factor Authentication (MFA) for added security.
  • It integrates with an organization’s existing domain credentials for authentication.
  • It eliminates the need for a RADIUS server for authentication.

Question 75)
What is the primary focus of vulnerability scanning during penetration testing in Azure?

  • Developing a penetration test report.
  • Simulating real-world cyberattacks.
  • Identifying common vulnerabilities such as misconfigurations and weak access controls.
  • Exploiting identified vulnerabilities.

Question 76)
The security team of Sam’s Scoops is planning to use Azure CLI and Azure PowerShell for web application penetration testing to strengthen their defenses. Which of the following tasks can be automated using Azure CLI and Azure PowerShell in web application penetration testing? Select all that apply.

  • Identifying the attack surface of web applications.
  • Automating input validation tests to uncover vulnerabilities like SQL injection and cross-site scripting (XSS).
  • Simulating authentication bypass attempts to evaluate the strength of authentication and authorization mechanisms.
  • Conducting physical security assessments of data centers hosting Azure resources.

Question 77)
What is the primary goal of the escalation stage in a penetration test?

  • All of the above
  • Achieving privilege escalation
  • Consolidating access to systems
  • Extracting sensitive data

Question 78)
What is the role of the resource development tactic in the MITRE ATT&CK framework?

  • Acquiring tools and resources needed to carry out an attack.
  • Hiding malicious activity from detection.
  • Executing malicious code on a target system.
  • Gaining higher privileges on a target system.

Question 79)
Sam’s Scoops takes cybersecurity seriously and decides to conduct penetration testing to ensure that its Azure environment is secure from potential threats. They hire a team of cybersecurity professionals who will perform offensive and defensive techniques to evaluate the security of their Azure environment.
What is the primary purpose of offensive techniques in Azure penetration testing? Select all that apply.

  • To implement measures that protect Azure environments from potential threats.
  • To identify vulnerabilities and potential security gaps within the Azure environment.
  • To develop an incident response plan.
  • To monitor network traffic for signs of malicious activity.

Question 80)
Azure supports __________ per gateway in a Point-to-Site VPN gateway connection.

  • up to 5,000 concurrent connections
  • up to 10,000 concurrent connections
  • up to 1,000 concurrent connections
  • unlimited concurrent connections

Question 81)
Which command can be used to retrieve information about Azure Active Directory users, including roles and group memberships?

  • Get-AzADUser
  • Get-AzLog
  • Get-AzKeyVault
  • Get-AzNetworkInterface

Question 82)
Sam’s Scoops is planning to implement recurring penetration tests using Azure Automation. You are responsible for setting up the necessary configurations. Which of the following steps forms part of the process that you follow to do this?

  • Run the penetration test on the selected resources.
  • Configure an Azure Automation account.
  • Create a runbook in Azure Automation.
  • Define a specific schedule for the penetration test.

Question 83)
Which white box testing technique involves subjecting the system to various inputs, including edge cases and malformed data, to identify potential vulnerabilities or weaknesses in input validation and error handling mechanisms?

  • Fuzz testing
  • Code review
  • Branch testing
  • Path testing

Question 84)
During black box testing, which step involves executing test cases and comparing actual results with expected results?

  • Defect reporting
  • Test case design
  • Requirement analysis
  • Test execution

Question 85)
What is the primary purpose of rogue access point detection in network security?

  • To identify unauthorized wireless access points.
  • To install additional security software on access points.
  • To enhance network speed and performance.
  • To block all wireless network access.

Question 86)
Sam’s has decided to conduct a penetration test to identify vulnerabilities and improve their security measures. As part of the penetration testing process, they reach the third stage: “Exploitation.” Which of the following best describes the primary goal of the exploitation stage in penetration testing?

  • To analyze the payload injected into the system.
  • To identify vulnerabilities in the target system.
  • To report vulnerabilities to the system owner.
  • To gain unauthorized access to the target system.

Question 87)
If you were conducting grey box testing, which of the following approaches can be used during penetration testing to evaluate a system’s security? Select all that apply.

  • API testing
  • Data flow analysis
  • Code review
  • Functional testing

Question 88)
What action can Azure Firewall Premium IDPS take when it detects malicious traffic?

  • It can optimize network performance.
  • It can notify the user.
  • It can block the user’s Azure resources.
  • It can log the event.

Question 89)
Which of the following CLI tools is specifically designed for web application security testing in penetration testing?

  • Wireshark
  • Burp Suite
  • Metasploit Framework
  • Network Mapper (Nmap)