Graded assessment: Secure Your Applications Quiz Answers
In this article i am gone to share Coursera Course: Secure Your Applications by Microsoft | Week 4 Quiz | Graded assessment: Secure Your Applications Quiz Answers with you..
Enrol Link: Secure Your Applications
Graded assessment: Secure Your Applications Quiz Answers
Overview
The course-end graded quiz evaluates your understanding of the concepts covered in the course.
- No. of questions: 20
- Time estimate: 60 minutes
- No. of attempts: 3 attempts every 8 hours
Note: This weekly module quiz carries 20 marks and counts for 40% weightage in the overall grade for the course.
Question 1)
You own a web application that requires secure X509 certificates for authentication and encryption purposes. You are considering using Key Vault certificates support to manage your certificates effectively. Which of the following functionalities do Key Vault certificates support provide?
- Offers automatic renewal options with selected issuers, including Key Vault partner X509 certificate providers and CAs
- Ensures secure storage and management of X509 certificates without accessing private key material
- Allows the certificate owner to create or import X509 certificates through a Key Vault creation process
- Requires the certificate owner to provide contact information for notification regarding certificate expiration and renewal
- Enables the certificate owner to create a policy for Key Vault to handle the certificate’s lifecycle.
Question 2)
Sarah has a predefined Azure Key Vault Contributor role from Azure RBAC with a specific scope. While John doesn’t have any predefined role from Azure RBAC, he wants to know about the scope available for Sarah’s role. Please help John to find Sarah’s available scope for the Azure Key Vault Contributor role. Select all that apply.
- Key Vault
- Subscription
- Resource group
- Management group
Question 3)
As a cybersecurity analyst evaluating Azure Key Vault, you want to determine the key management options supported by the service. Which of the following options represents the keys supported by Azure Key Vault?
- Import and export keys
- Public and private keys
- Symmetric and asymmetric keys
- Soft and hard keys
Question 4)
New to the development team, Sarah is tasked with creating secrets in Azure Key Vault for an upcoming project. She is unfamiliar with the limitations of entering the secret name in Azure Key Vault. Would you be able to help her with the secret name limitations? Select all that apply.
- It can have a maximum length of 127 characters.
- It can contain special characters.
- It must be unique within the Key Vault.
- It can only contain alphanumeric characters and dashes.
- It can be up to 256 characters long.
Question 5)
You are a cloud solutions architect tasked with creating an authentication and authorization solution for a business that wants to use the unified Microsoft identity platform in Azure. The business has several web applications and APIs, and they want to guarantee a seamless user experience while maintaining high security. They don’t want to manage users in their directory. To accomplish this, you must choose the proper setup and parts. Which unified Microsoft identity platform element should you use to manage user authentication for the organization’s web applications?
- Azure Active Directory (Azure AD) Connect
- Azure Active Directory (Azure AD) Domain Service
- Azure Active Directory (Azure AD) identity protection
- Azure Active Directory (Azure AD) B2C
Question 6)
Ken, a developer, is working on a single-page application (SPA). He must implement authentication using the Microsoft identity platform and obtain access tokens for authorized requests to secure endpoints. Which version of MSAL.js supports using the authorization code flow in SPAs?
- MSAL.js 1.0
- MSAL.js 4.0
- MSAL.js 3.0
- MSAL.js 2.0
Question 7)
What is the key benefit of the OAuth 2.0 authorization code grant flow for web apps leveraging Azure AD as a federated authentication provider?
- Enhanced security by ensuring the web app never sees the user’s username and password.
- Seamless user experience with automatic sign in and token retrieval without redirection.
- Simplified implementation and reduced complexity in integrating Azure AD with web apps.
- Improved performance and reduced latency for authentication and authorization processes.
Question 8)
A company develops a cloud-based data processing service that needs to access a third-party API to retrieve and analyze data. The service operates independently and does not require any user-specific data or interaction. Which of the following options will be ideal?
- A backend service or daemon application (app) that accesses the third-party API independently.
- A desktop app that performs batch processes and manipulates local files.
- A mobile app that requires user authentication for accessing personal data.
- An enterprise web app that interacts with multiple user accounts and their data.
Question 9)
You are developing an application that requires user authentication using their Microsoft 365 accounts. In this scenario, what action should you take within Azure AD?
- Implement a custom authentication mechanism for Microsoft 365 accounts in Azure AD.
- Configure Azure AD to enable authentication with Microsoft 365 accounts.
- Assign appropriate permissions to your application in Azure AD to access Microsoft 365 accounts.
- Enforce multi-factor authentication for Microsoft 365 accounts in Azure AD.
Question 10)
Suppose a company called TechCo utilizes Microsoft Graph to manage employee data. TechCo decided to integrate a new project management application called “TaskMaster” with its employee management system. TaskMaster allows managers to assign tasks to employees and track their progress. To enable this integration, TechCo needs to define appropriate permissions for TaskMaster. Which among the following permissions should TechCo apply to enable TaskMaster?
- No permissions are required
- Application permission
- Delegated permissions
- User permissions
Question 11)
You are a cloud security engineer working for a large organization that recently migrated its infrastructure to the cloud. You manage identities and access to various cloud resources as part of your role. One of the key components you use is managed identity. Which of the following holds true for managed identities in cloud security?
- A user account created by an administrator with full administrative privileges.
- A role assigned to a user or group that grants specific permissions to access cloud resources.
- A centrally managed identity created by the cloud provider to authenticate and authorize access to cloud resources.
- A service account created by a developer for programmatic access to cloud resources.
Question 12)
You want to log the specific resource that carried out an action rather than the identity. Which type of managed identity should you use for audit logging?
- System-assigned identity
- App service-managed identity
- User-assigned identity
- Azure AD-managed identity
Question 13)
Jenny has purchased a web app domain. As per the prerequisites, she verified her domain with the web app. But she wants to be doubly sure about her domain with an email verification method. To whom should Jenny send an email?
- Resource provider
- Resource manager
- Global administrator
- Domain administrator
Question 14)
You manage secret values stored in the Azure Key Vault and ensure secure secret rotation. Which of the following steps would you take to configure a secret rotation? Select all that apply.
- Manually update the secret values every 90 days.
- Configure Event Grid and Function Apps to trigger automatic secret rotation.
- Utilize an Azure Automation script to automate the secret rotation process.
- Enable Azure AD authentication for the Key Vault and rotate the secrets using Azure AD access tokens.
Question 15)
Imagine you are tasked with managing a Key Vault system. You must perform various operations like creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. Which interface would you use for these tasks?
- Authentication interface
- Data plane interface
- Authorization interface
- Management plane interface
Question 16)
You are tasked with securing sensitive data in Azure using the Azure Dedicated Hardware Security Module (HSM). In this scenario, which specific use case would be most suitable for leveraging the capabilities of Azure Dedicated HSM to ensure the highest level of key security, compliance, and data protection?
- Using Azure Information Protection to secure data in Azure
- Running shrink-wrapped software on Azure Virtual Machines
- Managing encryption with customer-managed keys in Azure Storage. Feedback: Please review the video “Explore the Azure Hardware Security Module.”
- Migrating applications from Azure Virtual Machines to AWS EC2
Question 17)
You are a security engineer at a large enterprise. You know that Azure can host legacy and modern applications through infrastructure as a service (IaaS), virtual machines (VMs), and platforms as a service (PaaS). There are two aspects on which security responsibilities depend. Identify these security responsibilities. Select all that apply.
- PaaS
- SaaS
- IaaS
- On-premises
Question 18)
The security team in your organization has decided to provide the following permission to a user:
Read access for the management plane with no access to the data plane.
In which of the scenarios would this be the right decision?
- A user needs to read vault properties and tags without access to keys, secrets, or certificates
- A user needs unrestricted access to all vault secrets and certificates.
- A user must read vault properties and tags and delete a key stored in the Azure Key Vault.
- A user needs to modify a certificate in a key vault and access vault properties.
Question 19)
Your company has developed an app for health-related information and scorecards. They want to offer this tool to a wide range of users, including users from different organizations and individuals who may not be part of an organization. Which option would you choose from the supported account types when registering this application in Azure AD?
- Accounts in any organizational directory and personal Microsoft accounts
- Accounts in any organizational directory
- Personal Microsoft accounts only
- Accounts in this organizational directory only
Question 20)
Which scenario is an example of using the Microsoft Graph API for identity and access management?
- Using the Microsoft Graph API to authenticate and authorize users, manage user roles and permissions, and enforce security policies
- Using the Microsoft Graph API to provide information on trends, shared, and recently used files across the organization
- Using the Microsoft Graph API to create a chatbot that can schedule meetings with colleagues and customers, check calendar availability, and remind salespeople about the to-do list for the day
- Using the Microsoft Graph API to integrate Microsoft Teams and SharePoint so that team members can access real-time data from SharePoint directly within Teams