Identity Protection and Governance

Identity Protection and Governance Quiz Answers + 100% Honest Review

Posted on by Niyander

In this post, I’m sharing a quick review of the Identity Protection and Governance course, along with useful insights to support your prep for the AZ-500 certification exam.

Just completed this second course in the Microsoft Azure Security Engineer Associate Professional Certificate? You’re now diving deeper into how Azure secures identities and governs access across cloud environments. This course expands on core identity protection mechanisms, introducing Conditional Access, Privileged Identity Management (PIM), and Azure policy controls. If your goal is to design secure, well-governed Azure solutions, this course builds directly on the foundation of Azure Active Directory — and I’ve got the review to guide your next steps.

Module quiz: Identity protection and governance Quiz Answers

Question 1)
Your organization wants to protect against identity-based risks by using Azure AD Identity Protection. How can it do so effectively?

  • Remediate and use the feedback to configure a policy
  • Configure a policy, investigate by using a report, and remediate
  • Configure an investigation policy and then remediate
  • Configure a report, remediate, and then configure a policy

Question 2)
As a security engineer, you want to analyze risks that describe authentication requests for sign-ins that probably weren’t authorized by users. Which type of risks will you analyze?

  • User risk
  • Authentication risk
  • Registration risk
  • Sign-in risk

Question 3)
Each day, Microsoft collects and analyzes trillions of anonymized signals as part of user sign-in attempts. These signals help to ___________.

  • Build patterns of good user sign-in behavior
  • Implement additional verification steps
  • Customize security measures as per user requirements
  • Secure user credentials

Question 4)
Your organization uses Azure AD for Identity Protection. To enhance security measures, it has recently implemented the multi-factor registration policy in order to _________.

  • Ensure the user goes through an additional verification step
  • Study the user’s standard behavioral patterns
  • Analyze every sign in and give it a risk score
  • Calculate the risk that the user’s identity was compromised

Question 5)
Your organization wants to add an extra layer of protection to protect its users. Toward this, you are implementing Azure AD multifactor authentication to safeguard access to data and applications while maintaining simplicity for users. Which one of its below features will help to enable this purpose?

  • It requires a challenging sign-in process
  • It delivers strong authentication through difficult-to-use authentication methods
  • It provides more security with more complexity
  • It mitigates threats with real-time monitoring and alerts

Question 6)
Imagine that you have implemented Identity Protection in your organization. You are reviewing the Risky users report. For each reported event, which of the following actions can you choose?

  • Delete the risk event
  • Confirm user compromise
  • Block user account
  • Dismiss user account

Question 7)
You work for an organization that uses Azure AD services. As a security engineer, you can use Conditional Access to enable which of the actions listed below?

Which options can you use to provide your users with a more convenient and secure authentication method?

  • Require multifactor authentication
  • Designate privileged user accounts
  • Dismiss risky user accounts
  • Block or grant access from specific time of day

Question 8)
You are about to embark on a new technology project. You want to ensure that you’re engaging the right stakeholders and that stakeholder roles in the project are well understood. Which of the following steps will help you do so? Select all that apply.

  • Plan alternatives
  • Plan communication
  • Plan rollback
  • Plan a pilot
  • Plan testing
  • Plan feedback

Question 9)
You work for an organization that relies heavily on cloud-based services and mobile computing. Hence it uses the Zero Trust model, which is based on the principle of “never trust, always verify.” Which of the following options illustrates this principle?

  • Identity and device health verification immediately after granting access
  • All components validated and proven trustworthy
  • Maximum blast radius and segment access
  • Unlimited lateral movement

Question 10)
As you have learned, identity management approaches have evolved over time. Enabling steps to a passwordless world are indicative of which approach?

  • Traditional identity approaches
  • Optimal identity approaches
  • Advanced identity approaches
  • Modern identity approaches

Module quiz: Policies, initiatives and recommendations Quiz Answers

Question 1)
Samantha is a security manager in the enterprise. She knows about cloud security and different scopes of responsibilities that exist depending on the kinds of services she will use. During her project, she wants to build an application very easily with low maintenance. Which service will she use to make her task easy?

  • Software as a service
  • Platform as a service
  • On-premises datacenter
  • Infrastructure as a service

Question 2)
Suppose you are a cloud administrator in a consulting firm. You want to ensure all resources and services deployed in Azure comply with the company’s security and compliance policies, but you found that there is an environmental impact, and your current resources are labeled as non-compliant. What will be your solution to make these resources compliant?

  • You will create exclusion concepts to assist in excluding the resources.
  • You will apply single policy assignments.
  • You will apply data to power the compliance view to aggregate results across the applied policies.
  • You will create a remediation job.

Question 3)
Jana is a cloud engineer. While auditing Azure Cosmos DB accounts, she found traffic from untrusted resources. For the safe side, she sets up the firewall rules on your Azure Cosmos DB accounts. Which policy applies to Azure DB accounts to prevent untrusted traffic?

  • She should enable policy auditing on the SQL server.
  • She should apply the policy from Azure Cosmos DB accounts which should have firewall rules.
  • She should apply the policy Azure Cosmos DB accounts to use customer-managed keys to encrypt data at rest.
  • She should apply the policy Azure Cosmos DB allowed locations.

Question 4)
Suppose you are a resource manager. As a part of your job responsibilities, you want to enforce and manage compliance across the Azure resources. To do so, you are referring to the Azure policies and its definition. Now, while referring to a code, you came across additional context and information. Which policy definition will fit here?

  • Mode
  • Parameter
  • Metadata
  • Description

Question 5)
Imagine that as a resource manager, User1 has requested to create new resource non-tag properties and add additional fields. Which Azure policy effect will you use to meet this criterion?

  • Disable
  • Append
  • Audit
  • Deny

Question 6)
As an IT administrator, you want to implement a group of policies to ensure compliance and security across the company’s Azure resources. Identify some practical functions for the security recommendations while creating group policies. Select all that apply.

  • Initiative
  • Recommendations
  • Edit default built-in initiative
  • Policies

Question 7)
Suppose you are a resource manager and you came across Azure initiatives that have 10 policies. Assume an initiative contains 10 policies, but a resource is exempt from one policy and remains compliant with the other nine policies. How will you register this resource in the rolled-up summary?

  • As exempt
  • As compliant
  • As conflict
  • As non-compliant

Question 8)
Which built-in initiative will allow you to directly assign initiative or manage its policies and compliance results within Microsoft Defender for Cloud?

  • Configure Advanced Threat Protection to be enabled on open-source relational databases
  • Configure Microsoft Defender for Databases to be enabled
  • Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances
  • Azure Security Benchmark

Question 9)
Imagine you’re a security engineer in a retail company and your company has moved to the cloud system recently. Which of the following will help you to enable a cloud security approach? Select all that apply.

  • Using cloud intelligence to improve detection or response time
  • Moving commodity responsibilities to the provider but do not reallocate your resources
  • Helps to share duties with the resource provider
  • Leveraging cloud-based security capabilities for more effectiveness

Question 10)
Which of the following initiatives has been given a new name ‘Enable Azure Monitor for virtual machines (VMs) with Azure Monitoring Agent (AMA)’ within the built-in initiative – Monitoring?

  • Configure Linux machines to run Azure Monitor Agent and associate them to a Data Collection Rule
  • Deploy Linux Azure Monitor Agent with user-assigned managed identity-based auth and associate with Data Collection Rule
  • Configure Windows machines to run Azure Monitor Agent and associate them to a Data Collection Rule
  • Legacy – Enable Azure Monitor for the Virtual Machine Scale Sets

Module quiz: Role-based access control Quiz Answers

Question 1)
Which of the following best describes role-based access control (RBAC) in Azure?

  • Azure RBAC is a pricing model that determines the cost of Azure resources based on the user’s role within the organization.
  • Azure RBAC is a system that restricts users from accessing Azure resources based on their geographical location.
  • Azure RBAC is a tool for automatically deploying Azure resources based on predefined templates.
  • Azure RBAC is an authorized system built on Azure Resource Manager. Users can be assigned different roles within the same subscription using RBAC.

Question 2)
You need to grant role-based access control to users within your organization. What role must you have in granting RBAC?

  • Billing Administrator
  • Reader
  • Network Contributor
  • User Access Administrator or Owner

Question 3)
With certain permissions or roles assigned to you, you can enable RBAC: To view the current roles assigned to you, where should you check?

  • Resource groups
  • Monitor
  • My permissions
  • Azure DevOps

Question 4)
RBAC and polices in Azure play a vital role in _____. While different, they both work together to ensure organizational business rules are followed by ensuring proper access and resource creation guidelines are met.

  • Cost Management + Billing
  • Governance strategy
  • Maintenance configurations
  • Resource remediation

Question 5)
Azure role-based access control (RBAC) has several built-in roles assigned to users, groups, service principals, and managed identities. Of the four roles within the General category, which of the following roles allows full access to manage resources without restricting the ability to assign roles in RBAC?

  • Reader
  • User access administrator
  • Owner
  • Contributor

Question 6)
As an Owner or User Access administrator, you’ve been asked to assign a custom role to a user. Who else can you assign custom roles to?

  • Domain users, public users, and external partners
  • Storage accounts, virtual machines, and subscriptions
  • Groups, service principals, and managed identities
  • Employees, functions, and app services

Question 7)
You have been asked to apply a resource lock allowing users to view and edit specific resources. Which lock type would you select?

  • Review
  • View/Edit
  • DoNotDelete
  • ReadOnly

Question 8)
By utilizing _____, companies can improve their operational efficiency, reduce the risk of errors and security breaches, meet compliance requirements, and avoid accidental deletions, unauthorized modifications and updates, inconsistent deployments, and resource management difficulties.

  • Resource locks
  • Virtual machines
  • Resource groups
  • Azure Monitor

Question 9)
Azure blueprints are a declarative way to orchestrate deploying various Azure resource templates and artifacts. With Blueprints, development teams can quickly create new environments while ensuring they comply with organizational standards. Which navigation path will lead you to Blueprints?

  • Azure portal > All services > Management and governance > Blueprints
  • Azure portal > All services > Identity > Blueprints
  • Azure portal > All services > Security > Blueprints
  • Azure portal > All services > Networking > Blueprints

Question 10)
Subscriptions are management, billing, and scale units within Azure AD and are hosted in your account’s tenant. An Azure AD may be trusted by multiple subscriptions. How many directories can a subscription trust?

  • One
  • Two
  • Zero
  • Five

Graded assessment: Identity Protection and Governance Quiz Answers

Question 1)
Kate works as a security engineer for a retail enterprise that uses Azure AD Identity Protection to configure Azure features that monitor and protect the identities of the tenant. Which of the following tasks would be part of her job? Choose all that apply.

  • Controlling and managing access to resources
  • Creating access reviews
  • Configuring policies
  • Determining the optimum IT team staffing requirements

Question 2)
Your organization, which uses Azure AD services, has come across an authentication request for a sign in that seems like it was not authorized by the user. As a security engineer in the IT team, which type of risk will you analyze here?

  • Sign-in risk
  • Registration risk
  • User risk
  • Verification risk

Question 3)
A non-profit organization that focuses on sponsoring the education of girls below the age of 12 based on certain criteria uses Azure AD to protect the identity of its users. It runs an app wherein the users can sign-up and select how they would like to contribute to the cause. As a member of their IT team, you have configured risk-based policies that can respond to any risky behavior. Which of the following actions will you qualify as risky? Choose all that apply.

  • You have detected a sign in from an infected device
  • You have detected a sign in after a long interval
  • You have detected a sign in from an anonymous IP address
  • One of the users has leaked credentials
  • You have detected a sign in from an IP address with suspicious activity

Question 4)
Your organization uses Azure AD for identity protection and has configured the relevant policies for this purpose. Anita from your organization has just found out that her credentials have been compromised, and she needs to create a new password. Which policy has helped her do so?

  • Sign-in risk policy
  • Registration risk policy
  • Conditional Access policy
  • User risk policy

Question 5)
Recently, your enterprise has faced several instances where anonymous individuals have tried to access the resources using employee credentials. While the IT team needs to address this risk, at the same time, they do not want to automatically block access every time this happens, as it would get in the way of work and timelines. As a part of this IT team, what measures would you recommend?

  • Configure the sign-in risk policy with a low threshold
  • Configure the sign-in risk policy with a medium threshold
  • Configure a user risk policy
  • Configure the sign-in risk policy with a high threshold

Question 6)
The IT team of a healthcare organization has decided to ramp up its protection measures due to several instances of compromised credentials. In keeping with this agenda, they have implemented Azure AD multifactor authentication because it provides strong authentication through a range of easy-to-use authentication methods. Which of the following ways can be used as an additional verification step? Choose all that apply

  • Verification code from mobile app
  • Email notification on registered address
  • Text message to phone
  • Notification through the mobile app
  • Call to phone

Question 7)
Your organization uses Azure AD. In order to strengthen its security measures, the IT team of your organization has decided to implement Identity Protection. Which of the following licensing plans will it require for this purpose?

  • Azure Active Directory Premium
  • Azure Active Directory Premium Plus
  • Azure Active Directory Premium P2
  • Azure Active Directory Free

Question 8)
Your company has recently undergone a compliance audit. The auditing team has strongly recommended that as employees change jobs or leave the company, their privileges also be updated accordingly. This is especially crucial for the Administrator group. As a security engineer, which of the following actions will you take to implement this recommendation?

  • Implement Azure time-based policies
  • Ensure automated blocking of users whenever there’s a role change
  • Implement just-in-time machine access
  • Implement access reviews

Question 9)
Your organization uses the shared responsibility model. It uses the cloud provider’s computing infrastructure. The cloud customer is responsible for the software components running on this infrastructure and hence requires maximum maintenance by the cloud customer. This is an example of which responsibility zone?

  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
  • Software as a Service (SaaS)
  • On-premises datacenters

Question 10)
Your organization uses the Infrastructure as a Service (IaaS) and hence the cloud provider’s computing infrastructure. However, irrespective of the deployment type, the organization will continue to be responsible for ___________. Choose all that apply.

  • Software applications
  • Endpoints
  • Access management
  • Accounts and identities
  • Information and data

Question 11)
Your organization is going to be audited for compliance. Hence it wants to ensure that all its Azure virtual machines (VMs) are encrypted to protect sensitive data that are compliant with regulatory requirements. Hence, as a member of the IT team, you decide to ___________.

  • Enforce a policy to apply secure settings
  • Apply Audit policies and then report on compliance
  • Control the types of resources you want to deploy
  • Enforce the use of tags on all resources

Question 12)
In your organization, like many others, identity and access management have become critical. To address this, the IT team has chosen and implemented Azure cloud security services after careful study and evaluation. One of the reasons is that Microsoft Azure is designed to ___________.

  • Identify the required security perimeter
  • Create a dynamic security parameter
  • Extend to security parameter for greater mobility
  • Reduce the security parameter for greater security

Question 13)
You work for a multinational company that recently migrated its IT infrastructure to the Azure cloud. It uses the Azure hierarchy systems to ensure they are organized efficiently and effectively. Toward this, you are using the Azure Resource Manager, which has four levels of abilities: Management group, Subscriptions, Resource groups, and Resources.

You have applied a policy at the Subscription level, and it is used for all the Resource groups and Resources in your subscription, and likewise, for the Resource group level. However, the policy will not be assigned to another Resource group. This is because _________.

  • The lower levels inherit their settings from the higher levels
  • The Resource group does not allow the same policy multiple times
  • Each policy is unique to a Resource group
  • The higher levels inherit their settings from the lower levels

Question 14)
Your firm has recently moved to Azure Cloud Services to ensure that all resources and services deployed in Azure comply with the company’s security and compliance policies. One recent policy that has come into play is to restrict the creation of resources outside the US region. Which of the main pillars of functioning Azure Policy does this come under?

  • Exclusion scope
  • Applying policies at scale
  • Real-time enforcement and compliance assessment
  • Periodic and on-demand compliance

Question 15)
Pete’s organization has recently migrated to the Azure cloud. To meet the security compliance criteria for the internal security policies, Pete must ensure that all the Azure resources in their environment are tagged with the environment tag. He wants to enforce this policy across their Azure subscription’s resource types and regions. Most of these policies have interchangeable effects. However, this is not true for __________.

  • DeployIfNotExists
  • Manual
  • Disabled
  • AuditIfNotExists

Question 16)
As an IT administrator, you need to implement group policies to ensure compliance and security across your company’s Azure resources. As a part of this exercise, you need to assess the organizational resources against the relevant policies and identify resources that don’t meet specified requirements. Which capability of Defender for Cloud will help you here?

  • Security initiatives
  • Security recommendations
  • Security policies
  • Customizing initiatives

Question 17)
You work for an IT firm that provides technology services to multiple clients. Hence it has access to a lot of very sensitive data, such as financial statements, customer details, and so on. Until recently, it was using public cloud services. However, they came across instances where confidential data belonging to the client was being leaked, despite robust security measures. Hence, they have now migrated to Microsoft role-based access control (RBAC). Which of the reasons below is most relevant for this move?

  • It is built on the Resource manager
  • Permissions can be delegated by following the principle of least privilege and at different scopes.
  • RBAC grants access to the users easily and quickly
  • This system assigns specific roles to each employee based on their job responsibilities

Question 18)
Anita is a cloud administrator for an IT firm that has started a new project on Microsoft Azure. In this project, multiple teams work on various Azure resources. Anita’s responsibility is to ensure that each employee has access to the resources they need while maintaining a balance between autonomy and central governance. She needs to grant Rohan access to manage all virtual machines in subscription. What action should be taken to give access by following the principle of least privilege?

  • Rohan should be added to the Virtual Machine Contributor role at the Resource group level.
  • Rohan should be added to the Contributor role at the subscription level.
  • Rohan should be added to the Global Administrator role.
  • Rohan should be added to the Virtual Machine Contributor role at the subscription level.

Question 19)
As a security engineer, you have been asked to design a secure and compliant Azure environment that can meet the company’s security and compliance requirements. You need to assign duties to the team members and grant necessary permissions in the Azure resource. This is so that the users can do their tasks without interfering with other subscription-related features. Which of the following will serve your purpose?

  • Security initiative
  • Security policy
  • Azure Policy
  • Azure RBAC

Question 20)
In your organization, your team manages a website hosted on Azure virtual machines (VMs). Your team has a new employee, Tom, assigned to managing VMs within the subscription. Tom needs to monitor and troubleshoot tasks such as restarting the VMs. You need to create a custom role for him. What will you include in creating this custom Azure role definition?

  • Operations allowed for Azure resources and the scope of permissions
  • Actions operations that you can scope to the tenant level
  • The assignment of the custom role
  • DataActions operations that you can scope to the tenant level

You might also like:  Secure Access with Azure Active Directory

Review

I recently finished the Identity Protection and Governance course on Coursera, and it’s an essential continuation in mastering secure identity and access management on Azure. Across four well-structured modules, the course walks you through Azure AD Identity Protection, RBAC, PIM, and policy governance — all critical topics for both the AZ-500 exam and real-world implementation.

What stood out most was the focus on privileged access management and risk remediation. The hands-on segments around configuring Conditional Access and setting up resource locks, blueprints, and policies provide practical knowledge for securing enterprise environments. The shared responsibility model and governance principles are clearly explained, offering a solid framework for access control strategy in the cloud.

If you’ve completed the previous course or already have a grasp on Azure AD basics, this one takes it up a notch. It’s especially valuable for professionals looking to strengthen their understanding of governance and identity security — both critical for becoming an Azure Security Engineer.

Category: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *