Graded assessment: Implement Platform Protection Quiz Answers
In this article i am gone to share Coursera Course: Implement Platform Protection by Microsoft | Week 4 Quiz | Graded assessment: Implement Platform Protection Quiz Answers with you..
Enrol Link: Implement Platform Protection
Graded assessment: Implement Platform Protection Quiz Answers
A large financial institution that handles sensitive customer data and performs numerous financial transactions daily faces the risk of cyber threats and potential cyber-attacks. They recently implemented a microsegmentation strategy to improve their network security. Why do you think microsegmentation is important for financial institutions?
- Makes the network infrastructure less complicated, making it easier to manage
- Allows unrestricted communication between all network segments
- Creates secure zones in data centers and Azure deployments
- Enables faster data transfer across your network, enhancing overall performance
Renee is designing an application to scale horizontally to meet the demands of an amplified load. She is particularly careful that in any event of a DDoS, her application should not depend on a single instance of a service, as that would create a single point of failure. Which of the following steps should she take to ensure this? Select all that apply.
- For Azure App Service, select an App Service plan that offers multiple instances.
- Configure your roles to use multiple instances for Azure Cloud Services.
- For Azure Virtual Machines, ensure that your VM architecture includes more than one VM.
- For Azure App Service, select an App Service plan that offers a single instance.
You are a network administrator for an MNC that utilizes Azure virtual networks for its cloud infrastructure. To do network configuration, you must first understand the use cases and advantages of using custom routes within a virtual network. Considering this scenario, why would you use a custom route in a virtual network?
- To connect to resources in the same virtual network hosted in Azure
- To connect to resources in another virtual network hosted in Azure
- To load balance the traffic within your virtual network
- To connect to your Azure virtual machines using RDP or SSH
You are a network architect for a large software firm with multiple Azure virtual networks deployed in various regions. You have decided to establish virtual network peering to enable seamless communication between these virtual networks. Considering this scenario, which of the following statements accurately describes virtual network peering?
- Used to send traffic between an Azure virtual network and an on-premises location over the public internet
- Use a VPN gateway to send traffic between Azure virtual networks
- Provides a low-latency, high-bandwidth connection
- Provides a limited bandwidth connection and is helpful in scenarios where you need encryption but can tolerate bandwidth restrictions
You are responsible for monitoring the network health of your Azure virtual network, including virtual machines and virtual networks. You use Azure Private Endpoint to connect securely using a private IP address from your virtual network, effectively bringing the service into your virtual network. If you want to make calls to Private Endpoints, which of the following ways can you use to enforce this?
- Manage the service endpoint in the DNS server used by your app.
- Go to the destination service and configure service endpoints against the integration subnet.
- Configure regional virtual network integration with your function app to connect to a specific subnet.
- Integrate with Azure DNS private zones.
The company you are consulting for has recently transitioned most of its infrastructure to Azure. They want to ensure the traffic to their Azure SQL Database is secure. Which Azure network security tool would you recommend securing their connection to the Azure SQL Database?
- Azure virtual network service endpoints
- Azure Network Watcher
- Azure Network Security Groups
- Azure Virtual Network
An Azure administrator wants to help secure traffic by using Firewall Manager to create Azure Firewall policies. The traffic originates via an Azure Virtual WAN/ExpressRoute connection from the organization’s on-premises environment. Which of the following statements about Azure Firewall Manager is true?
- Firewall Manager can only be used with Azure Virtual Networks and cannot be utilized in this context.
- This is an example of Firewall Manager being implemented in the hub virtual network architecture.
- This is an example of Firewall Manager being implemented in the secured virtual hub architecture.
- It’s not possible to use Firewall Manager to secure traffic in this context.
You are designing the network architecture for your Azure deployment. You have multiple virtual machines (VMs) with multiple network adapters each. You need to control the traffic flow through specific network adapters using network security groups (NSGs).
Which deployment model in Azure allows you to assign NSGs to a network adapter for fine-grained control over traffic flow?
- Classic deployment model
- Both the classic and Resource Manager deployment models
- Resource Manager deployment model
- Neither the classic nor Resource Manager deployment models
You are a cloud security administrator working with Azure Network Security Groups (NSGs) and Application Security Groups (ASGs).
You have a set of virtual machines (VMs) grouped in an Application Security Group (ASG) called AsgWeb. Additionally, you have another ASG called AsgDb that contains a separate set of VMs. You also have a Network Security Group (NSG) named “FrontendNSG” associated with a subnet that hosts the AsgWeb ASG.
Which of the following statements is correct regarding the configuration of ASGs and NSGs in Azure?
- Multiple ASGs can be associated with the Source field of the FrontendNSG NSG.
- Both WebServers and DatabaseServers ASGs can be associated with the Source field of the FrontendNSG NSG.
- The ASGs cannot be directly associated with the Source or Destination fields of the FrontendNSG NSG.
- Multiple ASGs can be associated with the Destination field of the FrontendNSG NSG.
In which of the following scenarios can service endpoints in Azure provide benefits? Select all that apply.
- Secure Azure services across several subnets in multiple virtual networks
- Filtering inbound traffic from the public internet
- Establishing communication with on-premises networks
- Filtering outbound traffic from a virtual network to Azure services
You are responsible for deploying a web application in Azure that requires Secure Sockets Layer (SSL) termination, protection against common exploits and vulnerabilities, and the ability to handle fluctuating traffic patterns.
Which features of Azure Application Gateway would you leverage to meet these requirements?
- Web application firewall (WAF), SSL termination, and autoscaling
- Static virtual Internet Protocol (VIP), load balancing, and traffic encryption
- SSL termination, autoscaling, and zone redundancy
- Transport Layer Security (TLS), core rule sets, and zone redundancy
You are responsible for securing multiple web applications hosted on Azure. You want to simplify security management and ensure better protection against threats and intrusions.
Which of the following options would be the most suitable solution?
- Secure each web application individually
- Deploy the web application firewall service on a separate server
- Use a local web application firewall solution for each web application
- Implement a centralized Azure web application firewall platform
You’re tasked with ensuring the integrity of the container images throughout their lifecycle in your organization’s Azure Container Instances (ACI) environment. What is a critical step to take in this process?
- Ignore any changes in the container images after deployment
- Do not restrict access to the container images
- Ensure that images with vulnerabilities are not run in production and perform regular audits of deployed images
- Save images in a public registry for easy access
TechStart Inc. wants to maintain efficient log management for its container ecosystem to troubleshoot and monitor its applications. Which Azure service should TechStart Inc. use to achieve this?
- Azure Active Directory
- Log Analytics
- Azure App Service
- Azure Kubernetes Service
Your company is setting up an Azure Container Registry (ACR) for the first time. Due to simplicity and ease of use, you have decided to use an authentication method that requires minimal setup. Which authentication method would you likely use for the scenario above?
- Azure AD identities
- Admin account
- Service Principal
- Individual login with Azure AD
After implementing Azure serverless computing, you’re looking at options for processing online orders for your restaurant. You want to understand the role of Azure Functions in this process. How are Azure Functions used in the processing of online orders?
- Azure Functions are used to create a new service instance.
- Azure Functions are used to manage events that occur within the system.
- Azure Functions update the restaurant’s website and mobile app.
- Azure Functions are used to process online orders, check order details, update the inventory, calculate the total, and confirm the order.
TechRetail Inc. has sensitive data that should not be directly stored in the code or configuration files of their Azure App Service application. They are seeking a solution that can securely manage these secrets. What features can TechRetail Inc. leverage in Azure App Service to secure sensitive data?
- Managed Identities and App Settings
- Azure Disk Encryption and App Settings
- Azure Key Vault and App Settings
- Web Application Firewall and App Settings
DD-Org is interested in leveraging Docker images in their AKS workloads. They are wondering how AKS accommodates this. How does AKS support the use of Docker images?
- Docker images are used to create the AKS clusters.
- Docker images can’t be used with AKS.
- Docker images can be transformed into AKS images for use in AKS.
- Docker images can be launched as Kubernetes pods in AKS.
TechCo wants to ensure a clear audit trail of who accessed what and when in their AKS clusters for compliance purposes. What feature will help them achieve this?
- Utilizing Kubernetes Service Accounts
- Manual logging of all authentication requests by the TechCo team
- Integrating Azure AD with AKS
- Running the az aks get-credentials command
GlobeCo wants to grant cluster-wide permissions for administrators or support engineers. Which Azure RBAC tool should they use for this purpose?
- Kubernetes Secrets.