Graded assessment: Identity Protection and Governance Quiz Answers
In this article i am gone to share Coursera Course: Identity Protection and Governance by Microsoft | Week 4 Quiz | Graded assessment: Identity Protection and Governance Quiz Answers with you..
Enrol Link: Identity Protection and Governance
Graded assessment: Identity Protection and Governance Quiz Answers
Question 1)
Kate works as a security engineer for a retail enterprise that uses Azure AD Identity Protection to configure Azure features that monitor and protect the identities of the tenant. Which of the following tasks would be part of her job? Choose all that apply.
- Controlling and managing access to resources
- Creating access reviews
- Configuring policies
- Determining the optimum IT team staffing requirements
Question 2)
Your organization, which uses Azure AD services, has come across an authentication request for a sign in that seems like it was not authorized by the user. As a security engineer in the IT team, which type of risk will you analyze here?
- Sign-in risk
- Registration risk
- User risk
- Verification risk
Question 3)
A non-profit organization that focuses on sponsoring the education of girls below the age of 12 based on certain criteria uses Azure AD to protect the identity of its users. It runs an app wherein the users can sign-up and select how they would like to contribute to the cause. As a member of their IT team, you have configured risk-based policies that can respond to any risky behavior. Which of the following actions will you qualify as risky? Choose all that apply.
- You have detected a sign in from an infected device
- You have detected a sign in after a long interval
- You have detected a sign in from an anonymous IP address
- One of the users has leaked credentials
- You have detected a sign in from an IP address with suspicious activity
Question 4)
Your organization uses Azure AD for identity protection and has configured the relevant policies for this purpose. Anita from your organization has just found out that her credentials have been compromised, and she needs to create a new password. Which policy has helped her do so?
- Sign-in risk policy
- Registration risk policy
- Conditional Access policy
- User risk policy
Question 5)
Recently, your enterprise has faced several instances where anonymous individuals have tried to access the resources using employee credentials. While the IT team needs to address this risk, at the same time, they do not want to automatically block access every time this happens, as it would get in the way of work and timelines. As a part of this IT team, what measures would you recommend?
- Configure the sign-in risk policy with a low threshold
- Configure the sign-in risk policy with a medium threshold
- Configure a user risk policy
- Configure the sign-in risk policy with a high threshold
Question 6)
The IT team of a healthcare organization has decided to ramp up its protection measures due to several instances of compromised credentials. In keeping with this agenda, they have implemented Azure AD multifactor authentication because it provides strong authentication through a range of easy-to-use authentication methods. Which of the following ways can be used as an additional verification step? Choose all that apply
- Verification code from mobile app
- Email notification on registered address
- Text message to phone
- Notification through the mobile app
- Call to phone
Question 7)
Your organization uses Azure AD. In order to strengthen its security measures, the IT team of your organization has decided to implement Identity Protection. Which of the following licensing plans will it require for this purpose?
- Azure Active Directory Premium
- Azure Active Directory Premium Plus
- Azure Active Directory Premium P2
- Azure Active Directory Free
Question 8)
Your company has recently undergone a compliance audit. The auditing team has strongly recommended that as employees change jobs or leave the company, their privileges also be updated accordingly. This is especially crucial for the Administrator group. As a security engineer, which of the following actions will you take to implement this recommendation?
- Implement Azure time-based policies
- Ensure automated blocking of users whenever there’s a role change
- Implement just-in-time machine access
- Implement access reviews
Question 9)
Your organization uses the shared responsibility model. It uses the cloud provider’s computing infrastructure. The cloud customer is responsible for the software components running on this infrastructure and hence requires maximum maintenance by the cloud customer. This is an example of which responsibility zone?
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
- Software as a Service (SaaS)
- On-premises datacenters
Question 10)
Your organization uses the Infrastructure as a Service (IaaS) and hence the cloud provider’s computing infrastructure. However, irrespective of the deployment type, the organization will continue to be responsible for ___________. Choose all that apply.
- Software applications
- Endpoints
- Access management
- Accounts and identities
- Information and data
Question 11)
Your organization is going to be audited for compliance. Hence it wants to ensure that all its Azure virtual machines (VMs) are encrypted to protect sensitive data that are compliant with regulatory requirements. Hence, as a member of the IT team, you decide to ___________.
- Enforce a policy to apply secure settings
- Apply Audit policies and then report on compliance
- Control the types of resources you want to deploy
- Enforce the use of tags on all resources
Question 12)
In your organization, like many others, identity and access management have become critical. To address this, the IT team has chosen and implemented Azure cloud security services after careful study and evaluation. One of the reasons is that Microsoft Azure is designed to ___________.
- Identify the required security perimeter
- Create a dynamic security parameter
- Extend to security parameter for greater mobility
- Reduce the security parameter for greater security
Question 13)
You work for a multinational company that recently migrated its IT infrastructure to the Azure cloud. It uses the Azure hierarchy systems to ensure they are organized efficiently and effectively. Toward this, you are using the Azure Resource Manager, which has four levels of abilities: Management group, Subscriptions, Resource groups, and Resources.
You have applied a policy at the Subscription level, and it is used for all the Resource groups and Resources in your subscription, and likewise, for the Resource group level. However, the policy will not be assigned to another Resource group. This is because _________.
- The lower levels inherit their settings from the higher levels
- The Resource group does not allow the same policy multiple times
- Each policy is unique to a Resource group
- The higher levels inherit their settings from the lower levels
Question 14)
Your firm has recently moved to Azure Cloud Services to ensure that all resources and services deployed in Azure comply with the company’s security and compliance policies. One recent policy that has come into play is to restrict the creation of resources outside the US region. Which of the main pillars of functioning Azure Policy does this come under?
- Exclusion scope
- Applying policies at scale
- Real-time enforcement and compliance assessment
- Periodic and on-demand compliance
Question 15)
Pete’s organization has recently migrated to the Azure cloud. To meet the security compliance criteria for the internal security policies, Pete must ensure that all the Azure resources in their environment are tagged with the environment tag. He wants to enforce this policy across their Azure subscription’s resource types and regions. Most of these policies have interchangeable effects. However, this is not true for __________.
- DeployIfNotExists
- Manual
- Disabled
- AuditIfNotExists
Question 16)
As an IT administrator, you need to implement group policies to ensure compliance and security across your company’s Azure resources. As a part of this exercise, you need to assess the organizational resources against the relevant policies and identify resources that don’t meet specified requirements. Which capability of Defender for Cloud will help you here?
- Security initiatives
- Security recommendations
- Security policies
- Customizing initiatives
Question 17)
You work for an IT firm that provides technology services to multiple clients. Hence it has access to a lot of very sensitive data, such as financial statements, customer details, and so on. Until recently, it was using public cloud services. However, they came across instances where confidential data belonging to the client was being leaked, despite robust security measures. Hence, they have now migrated to Microsoft role-based access control (RBAC). Which of the reasons below is most relevant for this move?
- It is built on the Resource manager
- Permissions can be delegated by following the principle of least privilege and at different scopes.
- RBAC grants access to the users easily and quickly
- This system assigns specific roles to each employee based on their job responsibilities
Question 18)
Anita is a cloud administrator for an IT firm that has started a new project on Microsoft Azure. In this project, multiple teams work on various Azure resources. Anita’s responsibility is to ensure that each employee has access to the resources they need while maintaining a balance between autonomy and central governance. She needs to grant Rohan access to manage all virtual machines in subscription. What action should be taken to give access by following the principle of least privilege?
- Rohan should be added to the Virtual Machine Contributor role at the Resource group level.
- Rohan should be added to the Contributor role at the subscription level.
- Rohan should be added to the Global Administrator role.
- Rohan should be added to the Virtual Machine Contributor role at the subscription level.
Question 19)
As a security engineer, you have been asked to design a secure and compliant Azure environment that can meet the company’s security and compliance requirements. You need to assign duties to the team members and grant necessary permissions in the Azure resource. This is so that the users can do their tasks without interfering with other subscription-related features. Which of the following will serve your purpose?
- Security initiative
- Security policy
- Azure Policy
- Azure RBAC
Question 20)
In your organization, your team manages a website hosted on Azure virtual machines (VMs). Your team has a new employee, Tom, assigned to managing VMs within the subscription. Tom needs to monitor and troubleshoot tasks such as restarting the VMs. You need to create a custom role for him. What will you include in creating this custom Azure role definition?
- Operations allowed for Azure resources and the scope of permissions
- Actions operations that you can scope to the tenant level
- The assignment of the custom role
- DataActions operations that you can scope to the tenant level