All Coursera Quiz Answers

Course quiz: Identity and access solutions Quiz Answers

In this article, I will share the quiz answers for Week 5 of the Coursera course Cybersecurity Identity and Access Solutions using Azure AD by Microsoft. This content includes the Identity and Access Solutions Quiz answers.

Enrol Link:  Cybersecurity Identity and Access Solutions using Azure AD

Cybersecurity Identity and Access Solutions using Azure AD Week 5 Quiz Answers


 

Course quiz: Identity and access solutions Quiz Answers

Question 1)
Which of the following sentences best describes AD Connect Health?

  • A Microsoft tool that provides synchronization and identity management between on-premises Active Directory and Azure Active Directory.
  • A Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.
  • A Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.

Question 2)
Sam’s Scoops employees use a web-based interface to manage their Azure resources and interact with Azure services.
Complete the following sentence. ____________ is the name of the interface that can be used to interact with Azure services.

  • AD Intune
  • Azure portal
  • AD Connect

Question 3)
Which of the following packages includes dynamic group allocation?

  • Azure AD Premium P1
  • Azure AD Free
  • Azure AD Basic

Question 4)
Which of the following sentences best describes a tenant?

  • A purchase plan that provides access to a select number of Azure services and resources.
  • A trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.
  • A container for Azure resources that allows you to organize and manage them based on application, or environment.

Question 5)
Complete the following sentence. Azure Active Directory is located ______________________.

  • In the cloud.
  • Both on the cloud and on-premises.
  • On-premises.

Question 6)
Which tool does the following definition relate to?
A tool for synchronizing user accounts and passwords from on-premises AD to Azure AD.

  • Active Directory Migration Tool (ADMT)
  • Azure AD Connect
  • Active Directory Domain Services (AD DS)

Question 7)
What type of identity is used by services and applications to authenticate and authorize access to Azure resources?

  • User Identity
  • Device Identity
  • Service Principals

Question 8)
Complete the following sentence. You work for an organization and want to connect with an external identity, allowing them to _________.

  • consume your application or product.
  • use their product or service.
  • use another instance of Azure Direct.

Question 9)
Which of the following roles would you assign if you have hired a new manager and would like them to oversee enterprise applications?

  • Global Administrator
  • Global Reader
  • Applications Administrator

Question 10)
Currently, at your workplace, many different login credentials are being created for users. This has become difficult to manage. So, you propose a central source to manage all of your logins.

Which of the following can be used to act as a central identity provider?

  • Active Directory Federation Services (AD FS)
  • Web Services Federation (WS-FED)
  • Security Assertion Markup Language (SAML)

Question 11)
True or False: System configuration is a strength of using biometric data.

  • True
  • False

Question 12)
Which Microsoft Server manages user accounts and provides authentication for on-premises AD?

  • Azure AD Pass-through
  • Azure AD Application Proxy
  • Active Directory domain controller

Question 13)
You are an IT administrator for a company that has recently adopted a hybrid cloud environment, utilizing both on-premises Active Directory and Azure Active Directory (AAD). The company wants to ensure a seamless password experience for users, regardless of whether they are accessing resources on-premises or in the cloud. To achieve this, the IT team is exploring different services that synchronize password hashes between the on-premises Active Directory and Azure AD.
In this scenario, which service best matches the description?

  • Active Directory Federation Services (AD FS)
  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication

Question 14)
You are an IT security analyst responsible for implementing Conditional Access policies in your organization’s Azure Active Directory (AAD) environment. These policies help secure access to resources based on specific criteria. In your research, you come across various signals that are commonly used to determine Conditional Access.
Which of the following options represents the signals used for determining Conditional Access?

  • Secure foundation, remote work, and emerging threats.
  • User or group membership, device information or application-specific triggers.
  • Payroll application, MFA and industry regulations.

Question 15)
Complete the following sentence. The most restrictive access policy permissible when implementing Conditional Access is _______________.

  • Allow Access
  • Block Access
  • Multi-factor authentication (MFA)

Question 16)
Which of the following indicates that the insights were generated by cybersecurity experts?

  • The risk signal was raised as a result of high-quality heuristic-based detection.
  • The risk signal was identified as a result of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.

Question 17)
As a security specialist you are asked to consult with Sam on developing a good security posture. You meet with the company’s IT team and discuss various strategies to enhance security when implementing Conditional Access. They are particularly interested in measures that can provide effective protection against unauthorized access. You provide them with three options to consider.
Which of the following options represents a recommended best practice to enhance security when implementing Conditional Access?

  • Configuring granular policies for specific applications and requests.
  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.

Question 18)
Complete the following sentence. Restricting access to a network based on the protocol used in the request is __________ using Microsoft’s Conditional Access Policies.

  • Not advisable
  • Highly recommended
  • Not possible

Question 19)
Which of the following concepts refers to the permissions or actions relating to an Azure that are granted to an entity access to upon successfully authenticating?

  • Role Scope
  • Security Principal
  • Role Definition

Question 20)
Complete the following sentence. In role-based access control (RBAC), assigning ___________ determines who can receive a role assignment.

  • Eligibility
  • Privilege
  • Active status

Question 21)
What type of roles are the Global Administrator and Global Reader who grant permissions within Microsoft 365 or Azure AD?

  • Azure AD-specific roles
  • Cross-service roles
  • Service-specific roles

Question 22)
At work, there’s a team of developers who are working on a highly sensitive project that requires specialized access to certain resources.
Which Azure AD feature can help manage their access effectively?

  • Privileged access management
  • Identity lifecycle management
  • Access lifecycle management

Question 23)
Which of the following concepts pertains to limiting user access with Just-in-time and Just-enough-access?

  • Assuming breach
  • Least privileged access
  • Explicit verification

Question 24)
What are the key principles of the Zero Trust security strategy?

  • Explicit verification, least privileged access, and assuming breach.
  • Trust by default, open access, and legacy system protection.
  • Implicit verification, role-based access, and perimeter defense.

Question 25)
At work, you are tasked with managing Identity Governance. You are informed that you have to configure the system to allow users, including external guests, to request access to predefined access packages.
Which of the following approaches is most applicable to this?

  • Privileged access management
  • Access reviews
  • Entitlement management

Question 26)
Complete the following sentence. In Azure Active Directory, an application object serves as a template to create one or more ____________ objects, with each ____________ representing the application within a specific tenant.

  • Managed Identity
  • Service principal
  • Legacy

Question 27)
You have recently developed a web application that needs to access Azure resources programmatically. What would you use to ensure secure authentication and fine-grained access control for the application in Azure?

  • Managed Identity
  • User Principal
  • Service Principal

Question 28)
You are an Azure administrator for a large organization that is migrating its infrastructure to the cloud. You decide the following:
True or False: Using managed identities for Azure resources will save time as it reduces the need to manage credentials for the applications and services.

  • True
  • False

Question 29)
You have recently started work with Sam’s Scoops’ backend team. You would like to propose using Managed Identities for Azure resources.
Which of the following statements could you use as part of your argument?

  • Managed Identities, for Azure resources, simplifies and automates identity management within Azure AD.
  • Managed Identities, for Azure resources, provides seamless authentication without the need for credentials.
  • Managed Identities, for Azure resources, automates the management of credentials in Azure AD.

Question 30)
Complete the following sentence. Enforcing ________________ adds an extra layer of security to user accounts.

  • Multi-factor verification
  • Password complexity
  • Password vaults

 

Question 31)
Which line best describes AD Intune?

  • A Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.
  • A Microsoft tool that provides synchronization and identity management between on-premises Active Directory and Azure Active Directory.
  • A Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.

Question 32)
As part of Azure AD implementation, there are different packages that offer various features and functionalities. Which of the following packages includes basic group allocation?”

  • Azure AD Basic
  • Azure AD Free
  • Azure AD Premium P1

Question 33)
As an IT professional you are tasked with briefly explaining to your manager what exactly an Azure subscription entails.
Which of the following sentences best describes an Azure subscription?

  • An Azure subscription is a trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.
  • An Azure subscription is a purchase plan that provides access to a select number of Azure services and resources.
  • An Azure subscription is a container for Azure resources that allows you to organize and manage them based on application, or environment.

Question 34)
You are the IT administrator at your workplace, and your manager wants you to investigate how to create an Azure AD for the business. Where are you most likely to find Azure Active Directory?

  • Both on the cloud and on-premises.
  • On-premises.
  • In the cloud.

Question 35)
Sarah, an employee at Sam’s Scoops, needs to access Azure resources such as cloud-based applications and databases.
Which type of identity is associated with your specific user account and typically used to authenticate access to these Azure resources?

  • Service Principals
  • User Identity
  • Device Identity

Question 36)
True or False: You want others to connect with your product through Azure AD B2C which utilizes Azure AD services and consumes your application.

  • True
  • False

Question 37)
Which of the following roles would you assign if you have hired a new manager and you would like them to assess the business before deciding on their role?

  • Global Administrator
  • Global Reader
  • Applications Administrator

Question 38)
What is true about using biometric data?

  • Biometric data is easy to configure to a system.
  • Biometric data is a virtual means of authentication.
  • Biometric data is more secure.

Question 39)
You work for a company that has a variety of on-premises applications critical to its operations. The company wants to provide external users, such as partners and clients, with access to these applications, and the IT team is exploring different solutions.

In this scenario, which of the following services is defined as an on-premises service that allows external customers to engage with on-premises applications?

  • Azure AD Application Proxy
  • Azure AD Pass-through
  • Active Directory domain controller

Question 40)
In your organization, there is a critical application that contains highly sensitive data. The security team wants to ensure that only authorized individuals with the highest level of access privileges can interact with this application.

Which of the following Conditional Access policies would be considered the most restrictive?

  • Require multifactor authentication
  • Allow Access
  • Block Access

Question 41)
As an IT cybersecurity specialist, you notice a risk signal that has been flagged by the system, indicating a potential security issue. To determine if the signal was generated through auto-generation, you evaluate the available options.
Which of the following options best aligns with insights produced by the system’s automated processes, indicating the use of auto-generation?

  • The risk signal was identified as a result of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.
  • The risk signal was raised because of high-quality heuristic-based detection.

Question 42)
As a security specialist you are asked to consult with Sam on developing a good security posture. You meet with the company’s IT team and discuss various strategies to enhance security when implementing Conditional Access. They are particularly interested in measures that can provide effective protection against unauthorized access. You provide them with three options to consider.
Which of the following options represents a recommended best practice to enhance security when implementing Conditional Access?

  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.
  • Configuring granular policies for specific applications and requests.

Question 43)
There has been a breach in a competing company. As a result, the need to tighten access to all employees using more stringent policies is now a priority.
Which of the following are viable means of restricting access using Microsoft’s Conditional Access policies? Select all that apply.

  • Limiting access bases on time of day.
  • Restricting access for certain file types
  • Requiring MFA for all users.
  • Restricting access based on the protocol used in the request.

Question 44)
Which of the following concepts refers to the resources that an identity is granted access to upon successfully authenticating?

  • Role Scope
  • Role Definition
  • Security Principal

Question 45)
Which of the following statements accurately describes the relationship between eligibility and active status in role-based access control (RBAC)?

  • Eligibility determines who can receive a role assignment, while active status determines who can actively utilize the assigned role’s permissions.
  • Eligibility and active status both determine who can receive role assignments.
  • Active status determines who can receive a role assignment, while eligibility determines who can actively utilize the assigned role’s permissions.

Question 46)
You have started a new job at a prestigious company. Using Azure, the IT team has assigned your user ID with two roles, namely, Application Administrator and Groups Administrator.
Which of the following areas would you have permissions for?

  • Cross-service roles
  • Azure AD-specific roles
  • Service-specific roles

Question 47)
Which of the following concepts pertains to authentication and authorization based on all available data points?

  • Least privileged access
  • Explicit verification
  • Assuming breach

Question 48)
Complete the following sentence. Zero Trust challenges the traditional notion of trusting everything within a corporate firewall and instead assumes a “_______” approach.

  • Trust by default, validate occasionally.
  • Trust nothing, verify everything.
  • Trust everything, verify selectively.

Question 49)
Complete the following sentence. _____________ is a feature of Identity Governance which allows users, including external guests, to request access to predefined access packages.

  • Privileged access management
  • Access reviews
  • Entitlement management

Question 50)
Which of the following statements accurately describes the relationship between application objects and service principals in Azure Active Directory?

  • An application object represents a global application, while a service principal represents a local application within a specific tenant.
    An application object and a service principal object are synonymous and represent the same entity in Azure Active Directory.
    An application object serves as a template to create one or more service principal objects, with each service principal representing the application within a specific tenant.

Question 51)
True or False: A service principal is created from an application object in Azure Active Directory.

  • True
  • False

Question 52)
What are managed identities for Azure resources?

  • Managed identities for Azure resources are types of Azure Active Directory (Azure AD) authentication.
  • Managed identities for Azure resources provide a way to manage secrets, credentials, certificates, and keys.
  • Managed identities for Azure resources are identities in Azure AD that automate and simplify identity management for resources.

Question 53)
True or False: Managed identities for Azure resources eliminate the need for managing credentials.

  • True
  • False

Question 54)
True or False: Azure role-based access control (RBAC) helps manage access to Azure resources by assigning permissions to users, groups, and applications.

  • True
  • False

 

Question 55)
True or False: Azure resources can be managed by Azure AD.

  • True
  • False

Question 56)
Which of the following Azure AD editions offers standard management and security features at no cost?

  • Azure AD Premium P1
  • Azure AD Free
  • Azure AD Basic

Question 57)
Your company has hired a new manager to manage all the company’s resources.
Which of the following roles would need to be assigned to the new manager?

  • Global Reader
  • Applications Administrator
  • Global Administrator

Question 58)
Which of the following is a protocol used in establishing a cloud-based identity? Select all that apply.

  • Active Directory Federation Services (AD FS)
  • Security Assertion Markup Language (SAML)
  • Web Services Federation (WS-FED)

Question 59)
True or False: Conditional Access policies allow a granular level of control for a system such that a user can be required to provide further authentication, denied service, or given free access depending on certain criteria.

  • True
  • False

Question 60)
Which of the following indicates that the insights were generated through use of end user generation?

  • The risk signal was identified because of a manual feedback loop.
  • The risk signal was identified through review and analysis of the logs.
  • The risk signal was raised as a result of high-quality heuristic-based detection.

Question 61)
You are tasked with enforcing the security posture of your company. Which of the following best practice conditional policies would you implement when deciding on access for new employees?

  • Implementing multi-factor authentication (MFA).
  • Implementing risk-based policies that factor IP addresses.
  • Configuring granular policies for specific applications and requests.

Question 62)
What type of roles are the SharePoint Service Administrator and Teams Administrator who grant permissions within Microsoft 365?

  • Service-specific roles
  • Azure AD-specific roles
  • Cross-service roles

Question 63)
Complete the following sentence: __________is a specialized feature from Azure that enables an organization to provide fine-grained access to some specialized information.

  • Privileged access management
  • Access lifecycle management
  • Identity lifecycle management

Question 64)
An application object is used as a _______ to create one or more service principal objects.

  • Service
  • template
  • Identity

Question 65)
Complete the following sentence. Managed identities, for Azure resources, is the new name for the service formerly known as ______________.

  • Azure Synapse
  • Azure CLI
  • Managed Service Identity, or MSI

Question 66)
True or False: Azure Active Directory is a cloud-based Active Directory.

  • True
  • False

Question 67)
One of the network administrators at your workplace wants to ensure everyone understands the different tools available in relation to an Active Directory. The following scenario and question are put forward:
“Imagine you’re a network administrator responsible for managing user accounts, enforcing security policies, and deploying software updates across our on-premises Active Directory domain.
In this scenario, which tool do you think would be most suitable for these tasks?”

  • Azure AD Connect
  • Active Directory Migration Tool (ADMT).
  • Active Directory Domain Services (AD DS)

Question 68)
What type of identity is used by devices to access resources on AAD?

  • Device Identity
  • User Identity
  • Service Principals

Question 69)
You work for an organization, and you want to connect with an external identity through your Azure AD account, allowing them to consume your product or application.
Which of the following services would you use?

  • Azure AD B2C
  • B2B collaboration
  • B2B direct connect

Question 70)
There is a discussion on how best to protect the office resources work. The boss divided the staff into different teams, each with the task of making an argument for different security measures. Your team is tasked with arguing the use of biometrics.
Which of the following would you include in your argument?

  • Biometric data can’t be compromised through scams such as phishing.
  • Biometric data offers an additional layer of security.
  • Biometric data is easy to configure with sensors.

Question 71)
Which Microsoft service enables password propagation between on-premises and cloud-based Active Directories to enable a user to sign on to either of these with the same password?

  • Azure AD Application Proxy
  • Active Directory domain controller
  • Azure AD Pass-through

Question 72)
True or False: It is possible to reduce access based on the protocol used in the request.

  • True
  • False

Question 73)
The company you currently work at is medium-sized and you want to provide a user with access to a company resource.
True or False: Assigning the user with the Eligible status from the role-based access control (RBAC) drop-down menu allows the user to gain instant access.

  • True
  • False

Question 74)
Having joined a new company, you are advised that the company is taking the extreme stance that an intruder has already overcome some security measures.
Which of the following terms best summarizes this?

  • Explicit verification
  • Least privileged access
  • Assuming breach

Question 75)
Upon joining a new company, you are informed that the company employs Zero Trust, with regards to access.
True or False: In this case, Zero Trust means that your new company assumes that everything behind the corporate firewall is safe.

  • True
  • False

Question 76)
In creating a strong security posture for Sam’s Scoops, you want to convince your manager that a strong security perimeter is the best approach.
Which of the following statements could you use to motivate your argument? Select all that apply.

  • It increases visibility and control for organizations.
  • It reduces the attack surface for organizations.
  • It improves network perimeters for organizations.
  • It increases the speed in which identities can be created.

Question 77)
Which of the following sentences best describes an Azure resource group?

  • An Azure resource group is a container for Azure resources that allows you to organize and manage them based on application or environment.
  • An Azure resource group is a purchase plan that provides access to a select number of Azure services and resources.
  • An Azure resource group is a trusted instance of AAD that gives an individual or company access to manage Azure resources and services and contains billing information.

Question 78)
Complete the following sentence. Conditional Access policies consider various ____________ when making access controls in AAD.

  • Signals
  • Workplaces
  • Permissions

Question 79)
You are working as a Cybersecurity Analyst for a large organization. As part of your role, you are responsible for managing access controls and permissions for various entities within the organization’s systems. A colleague approaches you to gain more clarity around authentication.

Which of the following concepts refers to any entity that can be authenticated, such as a user, group, or service principal?

  • Role Scope
  • Security Principal
  • Role Definition

Question 80)
You want to use a universal template to create different entities with appropriate permissions.

True or False: You should inform your manager that you can use an application object as a blueprint to create service principals based on current company policies.

  • True
  • False

Question 81)
Sam’s Scoops has recently migrated from an on-premises Active Directory to Azure Active Directory, and uses AD Connect to synchronize and manage identities between the two directories.

Which of the following sentences best defines what AD Connect is?

  • AD Connect is a Microsoft tool that provides monitoring and reporting on the health of AD Connect and AAD synchronization.
  • AD Connect is a Microsoft tool that provides synchronization and identity management between an on-premises Active Directory and Azure Active Directory.
  • AD Connect is a Microsoft tool that provides mobile device and application management, as well as PC management capabilities for organizations.

Question 82)
True or False: Active Directory Federation Services (AD FS) is a centralized provider.

  • True
  • False

Question 83)
True or False: Identity Lifecycle Management is a feature of Azure that enables an organization to provide fine-grained control of who access some specialized information.

  • True
  • False

Question 84)
Complete the following sentence. Managed identities for Azure resources eliminate the need to manage __________.

  • certificates
  • keys
  • secrets

Question 85)
Which tool does the following definition relate to?

A tool that can extract passwords, group memberships, and other attributes associated with users and groups and duplicate them in the cloud.

  • Active Directory Domain Services (AD DS)
  • Azure AD Connect
  • Active Directory Migration Tool (ADMT)

Question 86)
What is the name of the interface used to interact with Azure services?

  • AD Connect
  • Azure portal
  • AD Intune

Question 87)
You are an IT administrator for a company that has recently adopted a hybrid cloud environment, utilizing both an on-premises Active Directory and Azure Active Directory (AAD). The company wants to ensure a seamless password experience for users, regardless of whether they are accessing resources on-premises or in the cloud. To achieve this, the IT team is exploring different services that synchronize password hashes between the on-premises Active Directory and Azure AD.
In this scenario, which service best matches the description?

  • Active Directory Federation Services (AD FS)
  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication

Question 88)
True or False: Device information, such as the operating system being used, can trigger a Conditional Access policy.

  • True
  • False

Question 89)
Which of the following Conditional Access best practices is most applicable to enhance security when all access to your network is to be conducted on-premises.

  • Implementing risk-based policies that factor IP addresses.
  • Implementing multi-factor authentication (MFA).
  • Configuring granular policies for specific applications and requests.

Question 90)
True or False: Entitlement management is a feature of Identity Governance which allows users, including external guests, to request access to predefined access packages.

  • True
  • False

Question 91)
Which service takes the form of a Windows Server role that enables single sign-on (SSO) and federated identity across different organizations or domains?

  • Azure AD Hash Synchronization
  • Azure AD pass-through authentication
  • Active Directory Federation Services (AD FS)