Graded assessment: Secure Your Data at Rest Quiz Answers
In this article i am gone to share Coursera Course: Secure Your Data at Rest by Microsoft | Week 5 Quiz | Graded assessment: Secure Your Data at Rest Quiz Answers with you..
Enrol Link: Secure Your Data at Rest
Graded assessment: Secure Your Data at Rest Quiz Answers
Your organization wants to minimize downtime and potential issues during Azure system updates.
Which benefit of Azure paired regions ensures a staged roll-out to minimize the impact?
- Physical isolation
- Region recovery order
- Sequential updates
- Data residency
You want to revoke a stored access policy for a specific customer due to a security incident. The customer’s account has been compromised, and there is a potential risk of unauthorized access to their data.
Which actions can effectively revoke the stored access policy? Select all that apply.
- Rename the stored access policy by changing the signed identifier
- Make the Start time parameter null
- Extend the expiry time of the stored access policy to a future date
- Delete the stored access policy
As a security consultant for a healthcare tech company, you are responsible for auditing data transactions. The company uses SAS tokens for secure data sharing.
What is one of the benefits of using SAS tokens from an auditing perspective?
- SAS tokens provide an alert system for any suspicious activities.
- Each SAS token is unique, which allows the tracing of activities back to a specific token.
- SAS tokens allow you to track data usage in real time.
- SAS tokens automatically log all data transactions.
What is the purpose of assigning two storage account access keys to a storage account?
- To ensure continuous access to the storage account during key rotation
- To provide redundancy for data backup
- To enable simultaneous access from different geographic locations
- To allow multiple administrators to manage the account simultaneously
You want to grant anonymous read access to a container and its blobs in Azure Blob Storage without sharing your account key or requiring shared access signatures.
Which authorization option should you use?
- Public access
- Azure AD
- Shared keys
- Shared access signature
Alice, a developer in your organization, is setting up Azure RBAC for Blob storage access. She needs to use shared access signatures (SAS) signed with Azure AD credentials.
Which Azure role should Alice assign to enable this functionality?
- Storage Blob Data Owner
- Storage Blob Data Contributor
- Storage Blob Data Reader
- Storage Blob Delegator
Your organization plans to move large amounts of data to the cloud for analytics. They need a service that allows accessible data sharing with different tools in Azure.
Which feature of Azure would be most suitable for this requirement?
- Azure File Sync
- Azure Files
- Storage Account Key
- Azure AD Domain Services Authentication
As a part of your new project, you are working with Azure Storage Services and Azure Files. Your company’s policy dictates that all connections should be encrypted.
Which of the following statements is true when secure transfer required is enabled?
- Azure Files connections can be made via SMB 3.0 without encryption
- Azure Files connections require SMB with encryption
- Azure Files connections are not affected by the Secure transfer required setting
- Azure Files connections can be made via SMB 2.1
You are an IT specialist working with a company that needs to store and process a significant amount of data. They’re considering Azure Storage due to its cost efficiency and robust security. They must use the most secure method to authorize their Azure Storage Account requests.
What is the most recommended way of authorizing requests to Azure Storage accounts?
- Shared Key authorization
- Azure AD
- Azure Disk Encryption
- Shared Access Signature (SAS)
Your organization is expanding its Azure infrastructure and adopting more Azure services. Your task is to ensure only traffic from your virtual network (VNet) can access the Azure SQL Databases.
What feature should you employ to achieve this?
- Data encryption
- Virtual network (VNet) service endpoints
- Role-based access control (RBAC)
You’re the IT director of a large educational institution that uses Azure SQL Database to store student information. The need for comprehensive control and management of identities that can authenticate and authorize activities within your database is paramount.
What built-in functionality does Azure SQL Database offer for this purpose?
- Transparent data encryption (TDE)
- Virtual Network (VNet) service endpoints
- Firewall rules
- SQL and Azure Active Directory (Azure AD) authentication
You want to connect to SQL Database using Azure AD password authentication but cannot access your domain.
How can you authenticate to SQL Database using Azure AD password authentication when you don’t have access to your domain?
- Use Windows Authentication and enter your Azure AD User name and Password
- Choose Azure Active Directory – Password in the Connect to Server dialog, and enter your Azure AD User name and Password
- Select Azure Active Directory – Integrated and provide your Azure AD User name and Password
- Select Azure Active Directory – Device Code and authenticate using a device code
You are a security engineer working for a large online retailer. Your company’s Azure SQL Database performance is suddenly declining, affecting the customer experience on your website. You want to use Azure SQL Database’s built-in features to diagnose and rectify the issue.
Which feature, also a prerequisite to using Azure threat detection on your Azure SQL database, should you use to track operations on the database for later inspection?
- Azure SQL Analytics
- Advanced Data Security for Azure SQL Database
- Azure SQL Database auditing
- Azure SQL Database Blob Storage
As a data manager, you have been asked to apply Azure Data Discovery and Classification for your organization’s Azure SQL Databases.
What are the main steps to implement Azure Data Discovery and Classification?
- Review the dashboard report, implement data protection, enable the feature, and apply labels and information types
- Configure VPN, enable Azure Data Discovery and Classification, review the dashboard report, and apply labels and information types
- Enable the feature, discover, and classify sensitive data, apply labels and information types, review the dashboard report, and implement data protection
- Enable Azure Disk Encryption, review the dashboard report, discover and classify sensitive data, and apply labels and information types
Imagine you are a cybersecurity engineer in a financial institution that uses Azure SQL Database to store and manage crucial customer information. It includes personal and financial information; therefore, protecting this data from security threats is of utmost importance to your organization. To ensure that, you are supposed to implement a data discovery and classification in Azure SQL Database.
What is the primary purpose of data discovery and classification in Azure SQL Database?
- To provide visibility into your database’s classification state
- To recommend how to investigate the threats
- To store the operations that occur on the database for inspection and analysis
- To enable advanced SQL security capabilities
Consider you are a cybersecurity analyst, and your team decides to enable Defender for open-source relational databases.
Which databases does Defender for open-source relational databases protect?
- Azure Database for PostgreSQL, Azure Database for MySQL, and Azure Database for MariaDB
- Azure Database for SQL Server, Azure Database for Oracle, and Azure Database for MongoDB
- Azure Database for PostgreSQL, Azure Database for Oracle, and Azure Database for MariaDB
- Azure Database for SQL Server, Azure Database for MySQL, and Azure Database for MongoDB
You are an IT security manager at a large multinational corporation that has adopted a multi-cloud strategy to leverage the benefits of different cloud service providers. The company uses a combination of Azure, AWS (Amazon Web Services), and Google Cloud Platform (GCP) to host various applications and store sensitive customer data securely. As part of your role, you ensure compliance with industry regulations and company policies across all cloud deployments.
You navigate to the regulatory compliance dashboard. What types of responsibilities can be managed through the compliance dashboard?
- Financial responsibilities for cloud services
- Only manual responsibilities related to security
- Compliance responsibilities for third-party vendors
- Automatic, manual, and shared responsibilities
You are a security engineer at a retail organization. Your organization uses Azure SQL Database to store customer information. While analyzing the features of Microsoft Defender for SQL, you discover it offers various features, so you plan to enable it.
In what way does Microsoft Defender for SQL help you?
- Manage the storage and retrieval of SQL data.
- Enable SQL database administrators to create queries.
- Provide advanced SQL security capabilities.
- Optimize the performance of SQL databases.
You are a data analyst at a telecommunications company that handles customers’ personal information. Your team frequently runs queries on the Azure SQL Database to generate reports.
Which Azure SQL Database feature allows you to control the visibility of sensitive data in query result sets to protect sensitive customer data and comply with privacy regulations?
- Microsoft Defender for Cloud
- Transport Layer Security network encryption
- Transparent data encryption
- Dynamic data masking
You are a security architect working for a large financial institution that handles sensitive customer data. The institution has strict security and compliance requirements, and data protection is a top priority. To enhance the security of your databases and ensure full control over encryption keys, you have decided to implement customer-managed transparent data encryption (TDE) in Azure SQL Database.
Where is the customer-managed asymmetric key stored in customer-managed transparent data encryption?
- Microsoft Trust Center
- Azure Managed Key Vault
- Azure Key Vault
- Azure SQL Database