Cybersecurity Management and Compliance Coursera Quiz Answers
In this article i am gone to share Cybersecurity Management and Compliance Coursera Quiz Answers with you..
Enrol Link: Cybersecurity Management and Compliance
Cybersecurity Management and Compliance Coursera Quiz Answers
WEEK 1 QUIZ ANSWERS
Knowledge check: Cloud security planning
Your company recently experienced a minor data loss due to a server failure, and there was no robust disaster recovery plan in place. You discover Microsoft Azure and its associated services and start thinking about how to make use of it.
Which of the following strategies with Azure would best protect customer metadata during outages and ensure uninterrupted user access?
- Focus on training the IT staff using Azure Knowledge Center and Microsoft Learn so that they know how to respond in a disaster situation.
- Implement Azure’s Virtual Desktop service for business continuity and disaster recovery (BCDR), replicate personal VMs to a different Azure region, and ensure user identities are accessible at the secondary location using methods like profile containers.
- Backup the company’s data using Azure Backup to ensure that a duplicate is available.
You are a Cloud Security Analyst at a startup company that has recently migrated its operations to Azure. Your CEO is concerned about the security of the company’s data and asks you about Azure’s solutions for security log collection, analysis, and retention.
How would you recommend utilizing Azure’s tools to ensure the best practices for these tasks?
- Enable Azure Monitor Logs to collect telemetry data, use Azure Sentinel for SIEM, create a Log Analytics Workspace for storage, and set data retention policies for the logs.
- Use Log Analytics Workspaces for collecting logs and avoid any analysis tools as they might be too complex for the startup environment.
- Enable Azure Monitor Logs and directly store data in Azure Storage Accounts without analyzing.
- Just use Azure Sentinel for all security log collections, analysis, and retention, as it’s the most advanced service.
John, the IT Manager of WorldITS Corporation, received a request from the legal department to dispose of several old hard drives that were used for storing sensitive legal documents.
What method should John use to ensure the data is unrecoverable and meets regulatory compliance requirements for sensitive data disposal?
- Delete the files from the hard drives and store them in a locked cabinet.
- Employ media sanitization by physically destroying the hard drives.
- Format the hard drives and then recycle them.
Sarah is the Head of IT in a medium-sized company that uses multiple applications for managing customer data, finances, and inventory. The company integrated all these applications through Enterprise Application Integration (EAI) to increase efficiency, but this opens a vulnerability where an attacker could manipulate the application’s SQL queries to gain unauthorized access to the customer database.
Which measure should Sarah prioritize to mitigate this particular vulnerability?
- Conduct regular security audits to assess vulnerabilities.
- Implement input validation to sanitize user inputs.
- Encrypt sensitive data in transit and at rest.
John is the CISO of a healthcare organization that uses Microsoft Azure for its cloud infrastructure. The company works with a third-party vendor for an analytics solution and he wants to ensure that they have access only to the specific resources they need in the Azure environment and no more, to minimize the risk of unauthorized access.
Which Azure feature should John implement to achieve this?
- Implement role-based access control (RBAC).
- Set Data Retention Policies.
- Use Azure Private Link.
Self review: Design a security plan
The Microsoft Cloud Adoption Framework (CAF) and its principles allow you to securely migrate an enterprise to the cloud.
In the exercise Design a Security Plan, you were tasked with assisting GlobalTravel with the migration approach through the Cloud Adoption Framework. Respond to the following questions to make sure that you understood and executed the tasks correctly.
You are advising GlobalTravel on migrating to Azure. The company’s priority is to bolster the security measures for customer data during the migration.
Which of the following should be your immediate step?
- Implement Azure security best practices for data, using encryption and Azure Security Center.
- Migrate data without backups.
- Begin migration without reviewing existing security protocols.
Before starting GlobalTravel’s migration, you need to evaluate their digital estate.
What did you prioritize first?
- Documenting and prioritizing applications based on business criticality.
- Counting the number of servers.
- Moving all data to the cloud without categorization.
After assessing the skills readiness, you realized there are significant knowledge gaps in Azure proficiency.
What is your next move?
- Develop a tailored training plan based on the assessment results.
- Only consider hiring new talent.
- Ignore the gaps and continue with the migration.
You need to assign roles to the team members for the Azure migration.
Who would you likely assign to implement cloud governance?
- Jeremy Thompson (Lead Developer)
- Jane Doe (Senior DevOps Engineer)
- Bob Gray (Security Officer)
Knowledge check: Cloud Adoption Framework
TechGen, a growing tech company, has decided to move its on-premises data center to Azure cloud. As a cloud architect, you have been assigned to ensure a smooth cloud adoption process. The CEO has emphasized the importance of understanding the business objectives before adopting the cloud technologies.
Which phase of the Azure Cloud Adoption Framework (CAF) focuses primarily on defining the business justification for adopting cloud technologies?
After successfully moving to Azure cloud, TechGen has started to develop new cloud-native applications. However, they are also concerned about continuously improving security measures to protect their data and applications.
Which phase of the Azure Cloud Adoption Framework (CAF) should TechGen focus on to address their concern regarding improving security measures?
True or False: As part of the Planning stage in the Azure Cloud Adoption Framework (CAF) for adopting Microsoft Azure, the first step when defining and prioritizing workloads is to take inventory and rationalize your digital estate based on assumptions that align with your organization’s motivations and business outcomes.
You are a Cloud Architect and your organization has recently adopted Microsoft Azure using the Azure Cloud Adoption Framework (CAF). After moving several applications to Azure, your Chief Information Officer wants to ensure that resources are being used efficiently.
Complete the following sentence. To achieve this within the Azure CAF, you should ________________.
- Implement a service-based monitoring approach to keep track of the health of applications, measure end-user experience, and prioritize relevant alerts.
- Purchase additional cloud storage to ensure that there is always enough space.
- Manually check each application once a month for any issues.
As the cloud security team lead, you’re tasked with implementing strategies to safeguard critical assets in the cloud environment under the Microsoft Cloud Adoption Framework (CAF) for Azure. You’re working on the asset protection of customer data and need to ensure that it’s protected from unauthorized access and breaches.
What would be an effective strategy in asset protection?
- Rely on firewall rules to protect data.
- Monitor login activities as the sole means of protection.
- Implement encryption, data classification, and data loss prevention mechanisms.
Knowledge check: Data management and administration
You are the data privacy officer for a mid-sized tech company. The CEO wants to build trust with customers by openly communicating how their data is being collected, processed, and shared.
Which principle of Microsoft’s approach to data privacy should your company adopt?
You are the Chief Information Security Officer (CISO) at a healthcare organization that has recently migrated its data to Microsoft Azure. In the wake of a recent data breach, you need to understand how to respond and what tools can be used to handle data subject requests.
Among Microsoft’s resources, which tool should you primarily use to support these needs?
- The Microsoft Security Development Lifecycle
- The Microsoft Service Trust Portal
- The Microsoft Trust Center
You are a Data Protection Officer (DPO) at a large company using Microsoft’s online services to handle sensitive customer data. Recently, your company has decided to switch to another service provider. You are tasked with ensuring that all customer data is securely removed from Microsoft’s servers in compliance with data protection laws.
How does Microsoft handle the deletion of customer data after you end the subscription, and what action should you take to expedite the deletion process?
- Microsoft immediately deletes all customer data as soon as the subscription ends, and no further action is needed.
- Microsoft transfers all customer data to the new service provider as part of its data portability policy, and no further action is needed.
- Microsoft retains customer data for 90 days in a limited function account and then deletes it, but a request can be made to Microsoft Support for expedited deletion within three days.
Jane is the head of IT security in a medium-sized company that just started using Microsoft Defender for Cloud. She receives a message that the company’s secure score is relatively low and wants to improve it.
Which of the following steps should she take based on the Cloud Security Posture Management (CSPM) recommendations from Microsoft Defender for Cloud?
- Jane should ignore the recommendations and manually inspect all servers, databases, and storage resources for potential threats.
- Jane should deactivate the Defender CSPM plan as it is creating too many alerts.
- Jane should review the security recommendations, identify the security misconfigurations and weaknesses, and take actions to implement the recommendations.
Your organization is transitioning to Microsoft Azure and has strict compliance requirements for deploying resources. You’ve been tasked to ensure efficient deployment while maintaining adherence to compliance requirements.
Which Azure governance tool(s) would be most appropriate to use in this scenario?
- Microsoft Purview
- Azure Blueprints only
- Azure Policy only
- Azure Blueprints and Azure Policy
Knowledge check: Availability and continuity
Anna is the IT Manager of a multi-national company and wants to utilize cloud services for their new web application. Her primary concerns are ensuring that the application remains functional even if a disaster strikes in one datacenter, and she also wants high accessibility and low latency.
Considering Anna’s needs and based on the information provided, which of the following Azure offerings should she opt for?
- Azure virtual machines without manual replication across zones
- Non-zonal services
- Zone-redundant services
- Azure Traffic Manager
True or False: Microsoft handles all disaster recovery tasks, including virtual machine replication in Azure.
You are the cloud architect for a global company that has decided to move its services to Azure. In a recent board meeting, the CEO expressed concerns about potential downtimes and datacenter failures. You recall Azure’s infrastructure provisions for such challenges.
Which of the following best explains Azure’s infrastructure strategy to ensure high availability and disaster recovery for the company’s services?
- Azure solely relies on individual data centers for application hosting, which means services are susceptible to regional failures.
- Azure uses both regions and availability zones, where each region is a distinct geographic area with datacenters. Availability zones are separate locations within a region, each having its own power, cooling, and networking.
- Azure ensures high availability by solely depending on special regions like China East and Germany Central, which are operated under unique partnerships and models.
- Azure’s strategy is to only have availability zones without regions, with each zone being an isolated datacenter anywhere in the world.
Complete the following sentence. To cater to both reliability and scalability monitoring needs for an online sales platform while expecting a surge in traffic, you should _______ for full-stack monitoring, use _______ for deep insights into application health and configure Azure _______ based on metrics analysis.
- Solely depend on Azure AD Logs, Application Insights, auto-scaling for all Azure services
- Implement Azure Monitor, Application Insights, auto-scaling rules
- Use Azure Service Health, Application Insights, manual scaling alerts
You are an Azure architect for a multinational shipping company. The company’s board of directors has expressed concerns about potential large-scale disasters, such as hurricanes, affecting their tracking portal which is currently hosted in the East US Azure region. They’ve asked for your recommendations on how to make the system more resilient. While analyzing the current architecture of the tracking portal, you realize that some components are inherently global, some are regional, and some are configurable for multi-region support.
Which of the following approaches should you prioritize to ensure minimal disruption during a regional disaster?
- Increase the number of instances for each service in the East US Azure region to ensure that even if some instances fail, others remain operational.
- Replace all regional components with their on-premises equivalents to reduce dependency on Azure regions.
- Migrate all services to global components like Azure DNS and Azure CDN to ensure worldwide accessibility.
- Propose a multi-region architecture, replicating regional components to a secondary Azure region and ensuring that configurable components like Azure SQL Database and Azure Cosmos DB employ geo-replication.
Visit this link: Module quiz: Security administration Quiz Answers
WEEK 2 QUIZ ANSWERS
Knowledge check: Compliance management
Sophia is the IT head of a company that has just migrated to Microsoft Azure. She wants to ensure that the Microsoft Azure security configurations in their cloud environment align with the Center for Internet Security (CIS) benchmarks.
How can Sophia ensure that the Microsoft Azure security configurations in their cloud environment align with the Center for Internet Security (CIS) benchmarks?
- Sophia should deploy the Azure Blueprint specifically designed for the CIS Azure Foundations Benchmark.
- Sophia should contact the Center for Internet Security directly to manually implement benchmarks.
- Sophia should use Azure settings since they are already optimized for all compliance standards.
- Sophia should rely on the Azure Security Center.
True or False: When it comes to migrating applications to Microsoft Azure, the age, origin, and underlying technology of the applications have no bearing on their risk levels, and only the data they handle (like customer information) needs to be evaluated for risk.
Your IT manager wants a tool that will provide a holistic oversight of data scattered across different devices, applications, and locations due to data sprawl.
Complete the following sentence. The best Microsoft tool for this scenario is ________.
- Azure Storage
- Microsoft Teams
- Microsoft Purview
Julia is a Records Management Specialist at a large corporation. Recently, the company faced an internal audit issue regarding the improper handling of sensitive documents. To mitigate this, Julia wants to use a tool that can automatically label content as a record, set up specific retention and deletion policies for it, and ensure that the retention periods of the labels can’t be changed once applied.
Which of the following tools and strategies should Julia adopt for this requirement?
- Use Microsoft Purview to label content as a record and utilize regulatory record labels for stricter controls.
- Rely on automated audits in Microsoft Purview to check if documents are being handled correctly.
- Use Microsoft 365’s basic information protection capabilities without additional settings.
True or False: Microsoft Purview’s trainable classifiers can use AI and machine learning to classify encrypted data.
Self review: Identify and respond
In the exercise Identify and Respond, you were tasked with detecting and subsequently preventing an insider threat. Now you are ready to respond to the following questions to ensure that you understood and executed the tasks correctly.
A new employee in your organization tried to access the “employee_data.csv” file from the Azure Blob Storage.
Which Azure feature would immediately alert you about this unusual data access pattern?
- Just-In-Time (JIT) VM access
- Azure Security Center alerts
- Azure Sentinel deployment
After detecting an inside threat, you want to restrict a user’s access to the Blob Storage for only a limited duration.
Which Azure feature would you use?
- Just-In-Time (JIT) VM access
- Azure Policy implementation
- Azure Sentinel incidents
An organization wants to ensure that all blob storages have Azure Defender enabled.
Which feature should they implement?
- Azure Security Center activation
- Azure Sentinel deployment
- Azure Policy implementation
Given the scenario provided where a possible inside threat was simulated and detected using Azure Security Solutions:
Which of the following measures and features were implemented to detect and prevent the threat in the Azure environment? Select all that apply.
- Just-In-Time (JIT) VM Access was configured, allowing users limited-time access to the Blob Storage.
- Azure Activity log was connected as a data source to Azure Sentinel.
- A policy was enforced to require multi-factor authentication (MFA) for all Azure users.
- Activation of the Standard tier of Azure Security Center for enhanced security capabilities.
- Azure Policy was implemented to ensure that all VMs are encrypted.
Knowledge check: Insider risk
You are the IT Security Manager at HighTech Corp. One day, you receive an email from an employee named John, who mistakenly sent a file containing sensitive client data to a vendor, instead of an internal team. What is this incident categorized as?
- Sending information to the wrong recipient
- Data corruption
- Malicious insider attack
True or False: Insider risk management primarily focuses on external threats and does not consider risks posed by employees, contractors, and partners within the organization.
An organization has recently received a tip about a user’s potentially risky behavior. However, this user doesn’t usually fall under any insider risk management policy.
Complete the following sentence. To investigate the user’s activities over the past 60 days, the organization should utilize the _____________________.
- User activity reports
- Incident response plan
- Alerts dashboard
You are the Chief Compliance Officer at a large financial institution. Recently, there have been concerns about potential unauthorized discussions related to confidential projects, such as mergers and acquisitions. You need to implement a solution to monitor and manage potential legal risks in communications across the organization.
Which Microsoft 365 feature should you primarily consider to address this concern?
- Information Barriers (IB)
- Microsoft Purview Privileged Access Management (PAM)
- Communication compliance policies
True or False: If a message in Microsoft Teams violates a communication compliance policy, it is automatically removed without any notification to the sender or the recipient.
Knowledge check: Information Protection and data lifecycle
You are a data compliance officer for a company that recently adopted Microsoft 365. Your organization deals with different types of sensitive data. To make sure data is handled according to the nature of its content, you need to put measures in place.
Based on Microsoft’s guidelines, which initial step should you prioritize?
- Encrypt all data without labeling or classification.
- Immediately employ Microsoft’s data loss prevention (DLP) tool without understanding the nature of your organization’s data.
- Understand the data landscape, which includes determining the owner, categories, location, and inherent risks of the data.
- Delete all data that has been stored for over a year.
True or False: In Microsoft’s Purview, the Data Curator role is responsible for overseeing the definition, quality, and administration of specific data sectors.
Complete the following sentence. When content nears the end of its retention period in the Microsoft Purview Compliance portal, it undergoes a ________ review to decide the appropriate next steps, considering various factors like legal implications, audit considerations, and historical significance.
Imagine you are a Data Administrator for a multinational corporation, and you’ve recently been introduced to the Microsoft 365 suite. You have a large volume of sensitive company data that needs to be appropriately labeled and classified to comply with various global regulatory standards. You’re tasked with assessing and labeling content within the organization.
To understand the implications of the labels you intend to apply, which feature of the data classification tool in Microsoft 365 would you utilize?
- Zero change management.
- Custom classifications in Microsoft Purview.
- Data map visualization in Microsoft Purview.
True or False: After configuring a Conditional Access policy in Microsoft Purview, you must immediately set the policy state to “Turn it on right away” for the policy to be effective.
Visit this link: Module quiz: Compliance solutions Quiz Answers
WEEK 3 QUIZ ANSWERS
Knowledge check: Information Security Management Act
Anna, a new Cybersecurity Specialist at a federal agency, is assigned to prepare the agency’s systems to ensure they align with federal cybersecurity regulations. She is particularly keen on ensuring that the agency’s cloud services adhere to the required standards and that the general information security program is robust.
Based on this scenario, which of the following actions should Anna prioritize?
- Focus only on FedRAMP requirements and avoid FISMA guidelines.
- Ensure that the agency’s cloud services meet the standards outlined in FedRAMP and that the information security program aligns with FISMA requirements.
- Prioritize annual security reviews without risk categorization and the implementation of baseline controls.
True or False: The NIST Framework is specifically designed for the technology sector only.
Complete the following sentence. The NIST Framework serves as a comprehensive tool for organizations to systematically manage ________ risk.
Jane is a CFO at Globex Corp, a publicly-traded company in the United States. She’s been approached by the CEO to find ways to cut operational costs. The CEO suggests skipping some internal financial controls since they have always maintained a clean financial record.
Given what you know about the Sarbanes-Oxley Act, what should Jane’s response be?
- Implement the CEO’s suggestion but increase the insurance coverage to protect against any potential lawsuits.
- Politely decline the suggestion, explaining that non-compliance with SOX’s internal controls can lead to severe financial and legal repercussions.
- Agree with the CEO since the company has always maintained a clean record and these controls might be redundant.
True or False: Sofia, the Data Controller of TechCorp, a company that uses Microsoft Azure, received a Data Subject Request (DSR) from an EU resident asking for all his personal data to be deleted, and therefore Microsoft is responsible to carry out this request.
Knowledge check: ISO standards
As an IT security manager, Sophia is leading her team in implementing an Information Security Management System (ISMS) in accordance with ISO 27001 to ensure data security. They have just completed a risk assessment and are deciding on the appropriate controls to implement. One of the identified risks is unauthorized access to sensitive customer data during transmission.
Which of the following steps should Sophia and her team prioritize to address this risk effectively?
- Establish robust Physical and Environmental Security controls around the company’s server rooms.
- Focus on Human Resource Security by ensuring all employees and contractors are aware of their security responsibilities.
- Implement Communications Security controls, such as encryption during data transmission.
True or False: An organization utilizing Microsoft’s Office 365 services doesn’t need to worry about compliance with information security standards as Microsoft’s adherence to ISO/IEC 27001 and ISO/IEC 27017 ensures complete compliance on the part of the user organization.
Fill in the blank: Azure Blueprints help in maintaining standards like ISO by enforcing specific _______ and configurations, ensuring every deployment within their scope aligns with defined guidelines.
As an Azure administrator, you are tasked with setting up the Azure environment to maintain compliance with ISO standards during your organization’s move to the cloud. You are contemplating whether to use Azure Blueprints or ARM templates to ensure that every deployment within the scope adheres to the defined guidelines, and the setup allows for enhanced tracking and auditing of the deployments.
Which of the following approaches would be the most suitable to achieve the requirements stated above?
- Implement both Azure Blueprints and ARM templates independently, leveraging Blueprints for environment setup and ARM templates for defining infrastructure.
- Implement Azure Blueprints to enforce specific behaviors and configurations, apply resource locking and preserve relationships between blueprint definitions and assignments for enhanced tracking and auditing.
- Implement ARM templates as they offer a declarative syntax to define the infrastructure and its configurations, making the infrastructure easily replicable and reliable.
True or False: Azure Blueprints and ARM templates serve the same role in Azure deployment and management, and organizations should choose to implement either Azure Blueprints or ARM templates based on their specific needs and requirements.
Knowledge check: COBIT
You are the IT governance manager for a company and are tasked with implementing COBIT to align IT processes with business objectives, optimize IT resources, and manage IT risks and compliance. You’ve been asked to focus on stakeholder needs and balancing benefits, risks, and resources in IT investments. You should also ensure that Microsoft Azure services are adequately and effectively integrated, secure, and support the organization’s operational and compliance objectives.
Which of the following options is the most comprehensive and appropriate approach to meet the executive management’s requirements?
- Only employ the Azure Audit Program to concentrate on the adequacy and security of Microsoft Azure services.
- Leverage both the COBIT framework and the Azure Audit Program to ensure that IT governance and management are in sync with business goals, and that Microsoft Azure services are adequately secure and comply with organizational objectives.
- Implement only the COBIT Core Model to focus on evaluating, directing, and monitoring IT governance.
True or False: The COBIT framework consists of three domains: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); and Deliver, Service and Support (DSS).
XYZ Corp is implementing multiple frameworks like NIST, COBIT, and the Microsoft Azure Audit Program to maintain effective governance and management of their information and technology in the cloud. To ensure the privacy and compliance of their cloud services, the company plans to perform systematic processes to identify, analyze, evaluate and treat privacy risks.
To this end, XYZ Corp needs to conduct a _______ to determine the impact and benefits of the cloud services, identify necessary controls and measures, and comply with legal and regulatory obligations.
- Change Management Process
- Privacy Risk Assessment (PRA)
- Privacy Requirements Traceability Matrix (PRTM)
True or False: An organization solely relying on the Microsoft Azure Audit Program for defining its privacy requirements for cloud services will have a fully comprehensive and well-rounded understanding of its overall privacy, compliance, and governance stance, encompassing all aspects including business objectives, stakeholder needs, and legal obligations.
After conducting a Privacy Risk Assessment (PRA) to understand the privacy risks associated with cloud services, XYZ Corp created a document to map the privacy requirements derived from the PRA to the privacy controls and measures implemented by the enterprise and the cloud service provider (CSP).
This document will help XYZ Corp ensure that the privacy requirements are adequately and effectively addressed by the cloud services and to verify and validate the privacy controls and measures. What is the name of this document?
- Privacy Requirements Traceability Matrix (PRTM)
- Privacy Control Matrix (PCM)
- Privacy Risk Assessment Document (PRAD)
Visit this link: Module quiz: Laws and standards Quiz Answers
WEEK 4 QUIZ ANSWERS
Visit this link: Self review: Achieving compliance Quiz Answers
Visit this link: Course quiz: Cybersecurity management and compliance Quiz Answers