In this article i am gone to share Coursera Course: Manage Security Operations by Microsoft | Week 4 Quiz | Graded assessment: Manage Security Operations Quiz Answers with you..

Enrol Link:  Manage Security Operations

Graded assessment: Manage Security Operations Quiz Answers

Question 1)
As the Security Administrator for your organization, you need to effectively manage and analyze logs from Microsoft Sentinel and Microsoft Defender for Cloud to ensure the security of your infrastructure. You’re looking for a centralized storage and management location that allows you to collect, aggregate, and analyze logs related to application performance, infrastructure performance, and security. Which service should you use?

• Azure Storage 
• Log Analytics workspaces 
• Event Hubs 
• Logic Apps

Question 2)
Suppose you’re a Data Analyst. You’re tasked with retrieving and analyzing data from a Log Analytics workspace. Which statements accurately describe log query capabilities and the relationship between Log Analytics and Azure Data Explorer? Select all that apply.

• The structure of the tables within Log Analytics and Azure Data Explorer is different.
• Log queries in Log Analytics can only be used within the workspace and cannot be incorporated into alert rules or workbooks.
• Log queries in Log Analytics are written in Kusto Query Language (KQL), the same query language used by Azure Data Explorer.
• Data from a Log Analytics workspace can be included in an Azure Data Explorer query, enabling cross-environment analysis and integration.

Question 3)
You are responsible for ensuring the performance and availability of your organization’s critical applications. As part of your monitoring strategy, you want to configure alert rules in Application Insights to detect and handle performance and availability issues. You also want to specify the conditions that trigger an alert and determine who should be notified. Which feature in Application Insights allows you to configure alert rules for your application’s performance and availability?  

• Application map
• Availability testing  
• Alert configuration
• Performance monitoring

Question 4)
State whether True or False.
Configuring data sources for Log Analytics can be managed through the “Manage connected sources” option.

• True
• False

Question 5)
You are a System Administrator responsible for monitoring servers’ health and performance. You use Azure Monitor and Log Analytics to collect and analyze data from various sources. You have identified each server’s most recent heartbeat record to ensure they are actively reporting their status. In the given scenario, which Kusto query should you use to retrieve each server’s most recent heartbeat record?

• Heartbeat | summarize arg_min(TimeGenerated, *) by ComputerName
• Heartbeat | summarize max(TimeGenerated) by ComputerName
• Heartbeat | summarize min(TimeGenerated) by ComputerName
• Heartbeat | summarize arg_max(TimeGenerated, *) by ComputerName

Question 6)
Sandra is a DevOps Engineer responsible for managing a large-scale Kubernetes environment in Azure. She has recently enabled Azure Container Insights to monitor the health and performance of her Kubernetes workloads. Sandra wants to set up alerts to be notified when the CPU usage of a specific container exceeds a certain threshold. Additionally, she wants to ensure alerts are sent to a group of recipients via email. Which of the following options should she choose to achieve this?

• Configure alert rules in Azure Virtual Machine (VM) Insights and specify the CPU usage threshold for the specific container. Set up email notifications as the alert delivery method.
• Configure alert rules in Azure Container Insights and specify the CPU usage threshold for the specific container. Set up email notifications as the method of alert delivery.
• Configure alert rules in Azure Monitor Insights and specify the memory utilization threshold for the specific container. Set up email notifications as the alert delivery method.
• Configure alert rules in Azure Container Insights and specify the memory utilization threshold for the specific container. Set up email notifications as the alert delivery method.

Question 7)
Each Azure resource requires its own diagnostic setting; which of the following defines its criteria?

• Policies and subscriptions
• Subscription and storage
• Sources and destinations
• Configuration and data categories

Question 8)
As a security analyst, you are responsible for handling security alerts generated by Defender for Cloud. Today, you received an alert regarding a potential threat. What should be your next course of action? Select all that apply.

• Export the alert to Microsoft Sentinel for further analysis and investigation.
• Trigger a logic app to automate the remediation steps recommended in the alert.
• Ignore the alert and mark it as a false positive.
• Export the alert to a third-party Security Information and Event Management (SIEM) system for analysis.

Question 9)
You are a cloud administrator responsible for managing security policies in a Microsoft Azure environment. You want to make changes to the security policies at the subscription and resource group levels. However, you need to ensure that you have the necessary permissions. Which of the following statements is correct pertaining to making changes to security policies?

• You can modify security policies at the resource group level without requiring any specific permissions.
• You need Owner or Contributor permissions at the subscription level to modify security policies.
• Ignore the alert and mark it as a false positive.
• You can modify security policies at the subscription level without requiring any specific permissions.

Question 10)
To effectively monitor and audit operations on virtual machine resources in your Azure environment, which option would you choose?

• Enable the diagnostic extension to collect guest OS diagnostic data on VMs
• Use activity logs
• Enable Azure Monitor for VMs
• Enable Application Insights

Question 11)
As a cybersecurity analyst, you understand the importance of having security initiatives in your toolkit. How do security initiatives function and benefit your cybersecurity efforts?

• They simplify policy administration and reinforce security measures as a unified entity
• They streamline communication and collaboration among cybersecurity professionals
• They act as individual components working independently to achieve security objectives
• They optimize workload by reducing the number of policies required for effective security

Question 12)
You are reviewing security recommendations for your Azure resources and must decide which recommendation to remediate first. The goal is to prioritize the security controls with the highest potential to increase your secure score. When following the remediation steps for a recommendation in Azure, what happens once you have completed the instructions?

• The recommendation is automatically marked as resolved in the secure score pane.
• The secure score of your Azure resources is immediately updated based on the completed remediation.
• You receive a summary report indicating the impact of the completed remediation on your secure score.
• A notification is displayed informing you about the resolved issue.

Question 13)
You can create a new virtual machine (VM) using __________.

• Azure DevOps 
• Azure Functions
• Azure SQL Database
• Azure Cloud Shell

Question 14)
James is a software developer working on a project handling sensitive user data. He wants to secure the application and employ threat modeling to identify potential vulnerabilities. He starts by gathering a team of security experts and stakeholders to begin the threat modeling process. They carefully analyze the application’s architecture, data flows, and user interactions to identify potential threats and attack vectors. Through this process, they uncover a vulnerability in the authentication mechanism that could lead to unauthorized access to user data. By addressing this issue early in development, they can implement proper security controls and prevent a major data breach. Why will you use a data flow diagram to visualize the data flow within the application?

• To evaluate the performance of the application
• To determine the user interface design of the application
• To identify potential vulnerabilities in the flow of data within the application
• To estimate the development effort required for the application

Question 15)
You are a threat hunter with Microsoft Sentinel, a cloud-native Security Information and Event Management (SIEM) system. Your organization has detected suspicious activity on a user’s account and suspects a potential compromise. As a threat hunter, your task is to investigate the incident using Microsoft Sentinel’s capabilities. Based on the information provided, what do SOC analysts use to conduct threat hunting in Microsoft Sentinel to investigate the potential compromise of the user’s account?

• SOC analysts can enable built-in analytics alerts within your Microsoft Sentinel workspace and edit a few as per your requirements.
• SOC analysts can edit the built-in workbooks within Microsoft Sentinel to meet your requirements or create your workbooks from scratch.
• SOC analysts can use built-in investigation queries to investigate suspicious activity.
• SOC analysts can automate some of your security operations and make your SOC more productive with the ability to respond to incidents automatically.

Question 16)
You are designing a sample workspace in Microsoft Sentinel to monitor and respond to security incidents for a large organization. As part of the setup, you want to ensure effective data retention while maintaining compliance with data privacy regulations. What is the recommended maximum data retention period for security data in Microsoft Sentinel?

• 180 days
• 90 days
• 365 days
• 30 days

Question 17)
You are a security analyst responsible for monitoring and analyzing data in Microsoft Sentinel. As part of your role, you need to visualize data effectively to gain insights into potential security threats.
Which tool will allow you to visualize data and gain insights into security threats?

• Azure Log Analytics
• Azure Monitor
• Azure Sentinel
• Azure Dashboard

Question 18)
Imagine John is a cloud administrator. He is learning how to create a new Azure Monitor workbook to visualize and monitor data. He followed the documentation but found it confusing. In this question, you are asked to help John create a workbook. Are the below-given steps correct for creating a workbook?

1. Sign in to the Azure portal
2. Search and select Monitor
3. Under the Monitoring section, select Workbooks
4. Select Add workbook on the workbook page
5. You can select Open to open the existing workbook template
6. Select Edit to edit the workbook
7. Enter queries, visualization, and other information
8. Select Done editing you have completed the edit
9. Select Save.

• Yes
• No

Question 19)
The IT department of your organization has recently encountered a security breach where compromised users have been moving around the network and stealing information. As a security engineer, you have been tasked with creating an automated, multifaceted response to such incidents generated by rules that detect compromised users. Which of the following actions will you take?

• Use Microsoft Sentinel to create a playbook with the required automation rules
• Use Microsoft Defender for comprehensive threat prevention, detection, and response
• Use Microsoft Dev Box to streamline the development of secure workstations in the cloud
• Use Microsoft Entra to implement consistent security policies for every user

Question 20)
You are a Security Analyst responsible for investigating incidents with Microsoft Sentinel. You need to find a specific incident with the Incident ID, INC-123456. Which of the following steps should you take to locate this particular incident?

• Enable the Auto-refresh incidents option to automatically update the incident search results.
• Enter INC-123456 in the search box above the incidents grid and press Enter.
• From the Advanced search dropdown list, choose the Title parameter, enter INC-123456, and select Apply.
• From the Advanced search dropdown list, choose the Incident ID parameter, enter INC-123456, and select Apply.