In this article i am gone to share Coursera Course: Identity Protection and Governance Coursera Quiz Answers with you..

Enrol Link:  Identity Protection and Governance

Identity Protection and Governance Coursera Quiz Answers

---

 

WEEK 1 QUIZ ANSWERS

Knowledge check: Deploy Azure Active Directory identity protection

Question 1)
Imagine that Neil works for an organization that uses Azure AD. As a security engineer, he wants to analyze risks that describe authentication requests for sign-ins that probably weren’t authorized by users. Which type of risk will he analyze for this purpose?

• Authentication risk
• Sign-in risk
• User risk 
• Conditional risk

Question 2)
Anne’s organization uses Azure AD. It has identified a user account that may have compromised credentials, and the user needs to create a new password. Which policy will enable this measure?

• Sign-in risk policy 
• User risk policy
• Multifactor authentication registration policy
• Conditional Access policy

Question 3)
Identity Protection has reported that a user’s credentials have been leaked. According to policy, the user’s password must be reset. Which Azure AD role can reset the password?

• Global administrator
• User administrator
• Security operator
• Security administrator

Question 4)
Identity Protection identifies risks in which of the following classifications?

• A typical travel
• Unregistered device
• Specific IP address
• Incorrect credentials

Question 5)
The compliance auditors want to ensure that as employees change jobs or leave the company, their privileges are also changed or revoked. They are especially concerned about the Administrator group. To address their concerns, you will implement which of the following?

• Automation with on-premises IAM
• JIT virtual machine access
• Azure time-based policies
• Access reviews

 

Knowledge check: Azure Active Directory Privileged Identity Management

Question 1)
Your organization is implementing the Zero Trust Model to eliminate unknown and unmanaged devices and limit lateral movement. The guiding principles of the Zero Trust Model are:

Verify explicitly: Always authenticate and authorize based on all available data points.
Use least privilegeaccess
Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.

What is meant by “use least privilege access”?

• Devices are enrolled in device management, and their health is validated.
• Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
• Implementing a true Zero Trust model requires that all components—user identity, device, network, and applications—be validated and proven trustworthy.
• Determine the criteria for healthy devices and Conditional Access for access to specific apps and data.

Question 2)
Privileged accounts identities have more than the normal user rights and, if compromised, allow a malicious hacker to access sensitive corporate assets. Helping secure these privileged identities is a critical step to establishing security assurances for business assets in a modern organization. Since identity management approaches have evolved from traditional, to advanced, to optimal, you might want to consider the optimal identity approach to secure privileged identities. Which of the following form the optimal approach? Select all that apply.

• Continuous protection to identity risk.
• No single sign-on is present between on-premises and cloud apps.
• User, location, devices, and behavior are analyzed in real-time.
• Passwordless authentication is enabled.

Question 3)
Imagine that your organization has hired two new team members. One of the team members needs the permanent admin role assignment, and the other needs to be eligible for an Azure AD admin role so it’s available when needed. Who can make the role assignments for the new team members?

• With Azure Active Directory (Azure AD), either an Authentication Administrator or an Application Administrator can make permanent Azure AD admin role assignments and make users eligible for Azure AD admin roles.
• With Azure Active Directory (Azure AD), either a Global Administrator or a Privileged Role Administrator can make permanent Azure AD admin role assignments and make users eligible for Azure AD admin roles.
• With Azure Active Directory (Azure AD), either a User Access administrator or a Key Vault administrator can make permanent Azure AD admin role assignments and make users eligible for Azure AD admin roles.
• With Azure Active Directory (Azure AD), either an Exchange Administrator or a Compliance Administrator can make permanent Azure AD admin role assignments and make users eligible for Azure AD admin roles.

Question 4)
As an administrator, you’ve received a request to approve an elevated role for a project manager. You follow this path to approve the request: Azure AD Privileged Identity Management > Tasks > Approve requests. When you select Approve requests, what two options are available?

• The options available when you select Approve requests are Duration and Provide justification.
• The options available when you select Approve requests are Approve and Deny.
• The options available when you select Approve requests are Renew or extend category assignments and Requests for identity activations.
• The options available when you select Approve requests, are Renew or extend role assignments and Requests for role activations.

Question 5)
Consider this scenario. Your organization maintains an IT Service Desk to provide customer technical support. The technicians working the service desk may occasionally need elevated privileges to assist customers. Perhaps a customer needs assistance with a printer; however, the support technician doesn’t have the Printer Technician role necessary to help the customer. What can administrators do to ensure that service desk technicians can get the roles they need at the time it’s needed to help the customer?

• The administrators can apply Conditional Access.
• The administrators can enable Windows Authentication.
• The administrators can provide a standalone Managed Service Account.
• The administrators can implement a workflow in Privileged Identity Management.

 

Knowledge check: Working with Azure Active Directory groups and guests in Azure Privileged Identity Management

Question 1)
Your Office Admins need to investigate certain incidents that occur every day. For this, they require just-in-time access to the Exchange Admin, Office Apps Admin, Teams Admin, and Search Admin roles. This is a time-consuming activity with four consecutive requests daily. Which feature of Azure AD Privileged Identity Management (PIM) will be helpful here?

• Collaboration using B2B guests
• Invite guest users
• Activate multiple role assignments
• Just-in-time policies

Question 2)
Simon, a security engineer, has activated a role in Privileged Identity Management (PIM). However, the activation has not instantly propagated to all the portals that require the privileged role. The activation is hence delayed. What can Simon do here?

• Request activation by using the ‘My roles’ navigation option in PIM
• Use multifactor authentication
• Send an e-mail notification to the approver
• Sign out of the Azure portal and then sign back in

Question 3)
Your organization uses Azure AD Privileged Identity Management (PIM) services. Imagine a situation where you need to enforce minimal requirements for your trusted employees and stricter requirements like approval workflow for your partners when they request activation into their assigned group. As a security engineer, is this possible for you to do?

• Yes
• No

Question 4)
Which of the following is not true for role-assignable groups?

• An admin cannot elevate to a higher privileged role
• The credentials of members of this group cannot be changed by other users
• Role-assignable groups have extra protection
• Various Azure AD roles can manage role-assignable groups

Question 5)
Your organization wants to bring Groups into Privileged Identity Management (PIM). Which are the Azure AD roles that cannot manage these Groups?

• Directory Writer
• Member
• Groups Administrator
• Global Administrator

 

Visit this link:  Module quiz: Identity protection and governance Quiz Answers

 

---

 

WEEK 2 QUIZ ANSWERS

Knowledge check: Core principles of enterprise governance

Question 1)
As a security manager, you know that your enterprise has recently moved to the cloud infrastructure. So, you will have shared responsibility between the cloud and Microsoft. You know that the host infrastructure’s responsibilities include the compute’s configuration, management, and security. Which among the following will share responsibility for host infrastructure?

• software as a service
• infrastructure as a service (IaaS)
• platform (PaaS) as a service
• On-premises datacenter

Question 2)
Samantha is a security manager in the enterprise. She knows about cloud security and different scopes of responsibilities that exist depending on the kinds of services she will use. But she wants to know who will be responsible for the data and identities in the cloud deployment types.

• Microsoft
• Cloud service provider
• Operating system
• Cloud customer

Question 3)
As a part of your job responsibilities, you need to evaluate public cloud services to identify suitable ones. You know that companies are facing challenges from higher security threats and retaining qualified security talent to respond to these threats. Identify the critical areas of security that Azure provides. This is a multiple-response question.

• Azure’s secure foundation
• Azure’s unique intelligence
• Real-time threat monitoring and advanced tools
• Azure’s built-in security controls

Question 4)
Which kind of information do you find in security recommendations?

• Summary
• The remediation steps
• View and edit the built-in initiatives
• The non-affected resources

Question 5)
You know that the management group levels allow you to create a hierarchy that integrates some strategies to meet your organizational needs. While working with Azure’s hierarchy of systems, you found certain advantages of the management group. These are:

I. You can group your subscription
II. Helps to apply unified policy and access management across all subscriptions
III. It doesn’t assist in applying policies but provides RBAC for all services

• I and II are correct
• Only II is correct.
• Only I is correct
• I, II, and III are correct

 

Knowledge check: Policies

Question 1)
Imagine Sara is a cloud administrator for an IT company. She knows that her company has recently moved to Azure infrastructure, so she wants to ensure that all the data are secure and compliant. She wonders which built-in roles she should grant her team member to access each Azure policy with reading and remediation triggers.

• Both Owner and Resource Policy Contributor roles
• Resource Policy Contributor role
• Owner role
• Sara has to create a custom role

Question 2)
You know that each policy definition in Azure policy has a single effect. Each policy has different effects. Identify the use of the Deny effect.

• Deny is used to block requests on intended action to resources.
• Deny effect prevents a resource request that doesn’t match defined standards through a policy definition and fails the request.
• Deny policy definition executes a template deployment when the condition is met.

Question 3)
As an IT administrator, you came across an initiative related to Defender for Cloud. Upon enabling it, the Microsoft cloud security benchmark becomes the default initiative and gets assigned to every registered subscriber. To customize this initiative, you can edit the policy’s parameters to enable or disable individual policies. For which security initiatives and policies, this statement fits best?

• Security recommendations
• View and edit the built-in default initiative
• Add regulatory compliance standards as initiatives
• Add custom initiatives

Question 4)
Which among the following policy will help to prevent access to the App Service on the public internet?

• Apps should disable public network access
• App slots should use a managed identity
• Apps should enable configuration routing to Azure Virtual Network
• Automation account should have managed identity

Question 5)
You are working as a cloud administrator and checking Azure’s built-in initiatives. The Kubernetes cluster pod security baseline standards depend on which workload?

• Configure Linux machines to run Azure Monitor Agent
• Linux data collection rule
• Enable Azure Monitor for Virtual Machine Scale Sets
• Linux-based workloads

 

Visit this link:  Module quiz: Policies, initiatives and recommendations Quiz Answers

 

---

 

WEEK 3 QUIZ ANSWERS

 

Knowledge check: Role-based access control

Question 1)
As a consultant, you are granted access to the resource group. But you want to explore the Azure Portal in detail and identify the list of roles that have been assigned to you. To identify roles, which will be your next step once you log in to the Azure portal?

• My permissions
• Go to the Activity log
• Go to the Storage account
• Search for the resource group

Question 2)
John is a cloud architect for an enterprise that has migrated its on-premises infrastructure to Microsoft Azure. As a part of his responsibilities, he has assigned General role to his team members.

Sara: Owner role
Roma: Contributor role
Rocky: Reader role
Samantha: User access administrator role

Amongst Sara, Roma, Rocky, and Samantha, who has full access to manage all resources and the ability to assign roles in Azure RBAC?

• Only Sara
• Only Roma
• Rocky and Samantha
• Sara and Roma

Question 3)
You know that Azure services exhibit their functionality and permissions through the resource providers. It will help you narrow down and regulate the permissions you need for a custom role. Which type of resources does Microsoft.Compute resource provider provide to you?

• Virtual machine resources
• Container instances
• Virtual network resources
• Billing resources

Question 4)
You know that the custom role allows you to monitor and restart the virtual machines if there are specific subscriptions. Which among the following actions you will use for compute, network, and storage resources?

• Read
• Monitor
• Start and restart

Question 5)
Tara is working as an Identity administrator in a large enterprise. As a best practice, she follows the principle of least privilege for permission delegation. In her Azure environment, multiple Azure container registries are deployed. In the present configuration, all developers have contributor permission on the Azure container registry, which must be limited to a subset of developers. These users should be able to upload container images.

• Contributor
• ACR Push
• ACR Pull
• Owner

 

Knowledge check: Monitor, maintain and protect resources

Question 1)
Imagine that you are an Azure administrator for a large e-commerce company. Your company heavily relies on its online platform, which includes a front-end website for customers, a back-end system for inventory management, and a database that stores all customer and transaction data.
Your Microsoft Azure infrastructure includes virtual machines (VMs), storage accounts, and Azure SQL databases. These resources are critical for the day-to-day operations of your organization; accidental deletion or modification can cause significant disruption and even loss of revenue.
What solution would you apply or enable to ensure no one accidentally deletes these resources?

• Internal load balancer (ILB)
• Health check
• TLS/SSL certification
• Resource locks

Question 2)
Only users with elevated roles and access can create, manage, or delete resource locks. You must have access to Microsoft.Authorization/ or Microsoft.Authorization/locks/ actions.

Which of the built-in roles are granted those actions? Select all that apply.

• Contributor
• User Access Administrator
• Reader
• Owner

Question 3)
As a user access administrator, you have been asked to apply a resource lock allowing users to view specific resources without modifying or deleting them. In this case, would you select the Read-only lock type?

• No
• Yes

Question 4)
Imagine that your organization has a policy of maintaining strict control over its cloud environment to ensure regulatory compliance, security, and cost efficiency. As the cloud architect, one of your responsibilities is to ensure that each department’s Azure resources are consistently set up following these policies. However, with each department setting up its resources independently, there’s a high risk of inconsistency and non-compliance with the company’s policies. How will you resolve this?

• Use Azure DevOps to manage resources
• Deploy Azure Blueprints
• Manually set up resources for each department
• Rely on Azure policy

Question 5)
Since you must have a subscription when using Azure resources, establishing a subscription management plan is critical. Management plans support cost control, resource optimization, security and compliance, scalability and agility, and governance and accountability. What is the recommended preparation for avoiding subscription limits, creating separate billing and security environments, and isolating data for compliance?

• Establish a dedicated identity subscription
• Transfer billing ownership
• Build a Subscription vending process
• Create additional subscriptions

 

Visit this link:  Module quiz: Role-based access control Quiz Answers

 

---

 

WEEK 4 QUIZ ANSWERS

 

Visit this link:  Graded assessment: Identity Protection and Governance Quiz Answers