In this article i am gone to share Coursera Course: Implement Platform Protection All Weeks Quiz Answers with you..

Enroll Link:  Implement Platform Protection

Implement Platform Protection Coursera Quiz Answers

---

 

WEEK 1 QUIZ ANSWERS

 

Knowledge check: Defense concepts Quiz Answers

Question 1)
Noel is an Azure administrator responsible for managing network security in her firm’s Azure environment. His team is deploying a multi-tier application in Azure and needs to restrict access to the application’s backend database server from the internet while allowing only specific IP addresses to connect. Which Azure services should they use to enforce this network restriction that offers basic layer 3 and 4 access controls?

• Azure Web Application Firewall
• Azure Network Security Groups
• Application Security Groups
• Local Admin Password Solution (LAPS)

Question 2)
Steve is developing a web application that needs efficient handling of multiple concurrent user requests, management of sessions, and integration with several backend systems. According to you, which of the following is the primary goal of using an application server in such a scenario?

• Hosts all your web apps and lets users in the network run through them
• Hosts all your web and non-web apps in one place so that they can be accessed across the network
• Displays user interfaces and manages client-side interactions
• Manage and store all the critical data in a centralized database

Question 3)
You are responsible for monitoring the network health of your Azure virtual network, including virtual machines, virtual networks, and load balancers. Which tool should you use for monitoring and diagnosing network health in this scenario?

• Log Analytics
• Azure Network Watcher
• Agentless monitoring
• Azure Monitor

Question 4)
You are a network administrator for a large MNC setting up a virtual network infrastructure. Now, you need to plan and configure subnets within the virtual network to enable seamless communication and resource allocation. Considering this scenario, which of the following statements accurately describes virtual network subnets? Select all that apply.

• Each virtual network is isolated from other virtual networks.
• Subnets, like virtual networks, are scoped to a single Azure region.
• A subnet is a range of IP addresses within your virtual network.
• You can implement a single virtual network within each Azure subscription and Azure region.

Question 5)
As a network security expert, you have been hired by a large corporation to enhance its network’s safety measures. They have an existing firewall but are concerned it might not be enough.
Which additional type of firewall would you recommend supplementing the current one for a more comprehensive security strategy, and why?

• Application-layer firewall: These firewalls examine every application and its connection requests, adding another layer of inspection.
• Proxy server firewall: This type of firewall acts as an intermediary, further controlling and securing data flow into and out of the network.
• Packet filtering firewall: These firewalls inspect each data “parcel” (packet) traveling through the network.
• Stateful firewall: These firewalls inspect and remember details about network connections over time, enhancing the network’s memory about valid and invalid connections.

 

Knowledge check: Secure your solutions using distributed denial of service protection and firewalls Quiz Answers

Question 1)
Karen works as a cloud architect for an organization that has multiple virtual networks deployed in a cloud environment. The firm wants to safeguard and control how network traffic flows between virtual networks and any external destinations. They think that user-defined routes can help them in this situation. How do you think user-defined routes can help this organization? Select all that apply.

• Direct traffic through firewalls and virtual appliances
• Build, operate, and scale out your dynamic web application
• Ensure traffic passes through specified custom VMs
• Distribute incoming traffic among service instances

Question 2)
Sam’s team has been working on developing a multifaceted enterprise software solution. They encounter a situation during the development phase where the software is functionally correct, but its ability to recover from failures and start functioning again is measured low in the testing stage. Which one of the five pillars of software quality is most likely affected in this scenario?

• Resiliency
• Security
• Management
• Scalability

Question 3)
Imagine you are hired as a cybersecurity expert by a large financial institution that is going to launch a new online banking platform for its customers. The institution is concerned about attacks that could target its network and flood it with a substantial amount of seemingly legitimate traffic, causing the website to crash and putting its customers’ data at risk.
The financial institution has given you the task of providing a solution to prevent such attacks. How would you recommend the organization to directly block such attacks and ensure the security and availability of their web application?

• By configuring and deploying Azure Firewall
• By creating a DDoS protection policy
• By configuring Azure Monitor
• By using real-time telemetry

Question 4)
As the network security manager for a company’s Azure environment, you manage the cloud infrastructure. To manage traffic between virtual networks and the internet, the organization uses Azure Firewall. To provide access to certain Fully Qualified Domain Names (FQDNs) while ensuring security and compliance, you must set Azure Firewall rules.
How will you use FQDN tags to provide the Marketing division access to well-known social media networks while denying it to every other social media platform?

• Create a Network Rule with a specific FQDN tag for popular social media websites and apply it to the Marketing department’s VMs.
• Create a Network Rule with a specific FQDN tag for popular social media websites and apply it globally across all VMs.
• Create an Application Rule with a specific FQDN tag for popular social media websites and apply it to the Marketing department’s VMs.
• Create an Application Rule with a specific FQDN tag for popular social media websites and apply it globally across all VMs.

Question 5)
You are a global admin at a large multinational organization with multiple subsidiaries and business units across different regions. You have helped the company implement Azure Firewall Manager across their Azure virtual networks. How does Azure Firewall Manager simplify the management and monitoring of firewall policies for your organization’s diverse network infrastructure?

• Azure Firewall Manager integrates with third-party firewall solutions to manage and monitor firewall policies.
• Azure Firewall Manager provides a single pane of glass to create, manage, and monitor firewall policies across multiple Azure virtual networks.
• Azure Firewall Manager automates the deployment of virtual firewalls on each Azure virtual network.
• Azure Firewall Manager allows the organization to configure firewall rules individually on each Azure virtual network.

 

Knowledge check: Secure your solutions using VPNs Quiz Answers

Question 1)
A global IT organization has adopted Azure for its cloud infrastructure. They prioritize network isolation to ensure secure and controlled communication between their Azure resources.
Which of the following key aspects are crucial for achieving network isolation in Azure?

• Utilizing Azure Virtual Networks (VNets) to logically isolate Azure resources and control network traffic.
• Using a single Azure subscription for all resources to simplify network management.
• Enabling public IP addresses for all Azure resources to facilitate external communication.
• Implementing strong firewall policies to allow unrestricted communication between Azure resources.

Question 2)
You are a network engineer for a large software company. Your organization is migrating its infrastructure to a cloud-based environment and needs to adopt a virtual network architecture. For this, you need to configure the virtual network to have seamless connectivity and security. After configuring the settings of your virtual network, what is the next step?

• Name your virtual network
• Select a Resource group
• Select the IP addresses
• Configure Virtual Network peering with another VNet

Question 3)
Imagine you work as an IT administrator for a software development company experiencing a high demand for network services. To resolve this, you need to deploy a network virtual appliance (NVA) to enhance your network infrastructure. An NVA acts as a software-based solution to offer various network functionalities like firewalls, load balancers, or virtual private networks (VPNs). According to you, what are the steps typically involved in deploying an NVA?

• Using the Azure portal, deploy a Windows 2016 Server instance. Next, using Azure Application Gateway, add the Windows 2016 Server instance as a target endpoint.
• Configure a Windows virtual machine and enable IP forwarding after routing tables, user-defined routes, and ensure subnets have been updated. You can use a partner image from Azure Marketplace as well.
• Using Azure CLI, deploy a Linux virtual machine in Azure, connect this virtual machine to your production virtual network, and assign a public IP address.
• Download a virtual appliance from Azure Marketplace and configure the appliance to connect to the production and perimeter networks.

Question 4)
State whether True or False.
You configure forced tunneling in Azure via virtual network user-defined routes (UDR).

• True
• False

Question 5)
State whether True or False.
In Azure, you create a route table and then associate that route table with zero or one virtual network subnets. Each subnet can have zero or multiple route tables associated with it.

• True
• False

 

Visit this link:   Module quiz: Perimeter Security Quiz Answers

 

---

 

WEEK 2 QUIZ ANSWERS

 

Knowledge check: Network security groups and application security groups Quiz Answers

Question 1)
The IT Team of an organization needs to deploy multiple web servers and multiple database servers to Azure with restricted connectivity from the web servers to the database servers.
Which of the following Azure solutions is applicable for this? Select all that apply.

• Application security groups (ASGs)
• Network security groups (NSGs)
• A local network gateway
• Service endpoints

Question 2)
You are a cloud architect responsible for setting up the network security for a multi-tier application in Azure. The virtual network consists of two subnets and two virtual machines.
Which of the following statements is correct about processing inbound and outbound rules for NSGs?

• Azure processes inbound and outbound rules sequentially for each NSG associated with a subnet or network interface.
• Azure processes outbound rules first and then inbound rules for each NSG associated with a subnet or network interface.
• Azure processes inbound rules first and then outbound rules for each NSG associated with a subnet or network interface.
• Azure processes inbound and outbound rules simultaneously for all NSGs within a virtual network.

Question 3)
An organization wants to ensure secure and efficient communication between its Azure virtual machines (VMs) and Azure platform services like Azure SQL and Azure Storage.
As a security engineer of the organization, you are working on configuring service endpoint services.
Based on the scenario, which of the following statements is correct about service endpoints?

• For Azure SQL Database and Azure Storage, virtual networks must be in the same region as the Azure service resource.
• Service endpoints enable Azure VMs to access Azure SQL and Azure Storage as internal resources.
• Service endpoints require creating a separate virtual network for each supported Azure service.
• Service endpoints allow direct access to Azure VMs from external networks.

Question 4)
You are an IT architect responsible for designing the network infrastructure for a company that wants to securely connect its on-premises environment to Azure services.
What benefits does Azure Private Link offer, based on the given scenario? Select all that apply.

• Increased network performance and reduced latency
• Secure access to Azure services from on-premises and peered networks
• Improved scalability and high availability of services
• Enhanced data encryption and protection against data leakage

Question 5)
Alice, a system administrator, is managing an application in Azure. To secure her storage and network data, she plans to use private endpoints via Azure’s Private Link, which allows clients on a virtual network (VNet) to securely access Azure Storage data.
What is a key advantage of using a private endpoint for Azure Storage, and how can it be set up?

• Private endpoints improve data duplication and can only be created using the Azure portal, specifying the storage account and service to connect to.
• Private endpoints enhance storage data compression and can be created via Azure CLI only, not specifying any particular storage account.
• Private endpoints improve storage security by blocking public endpoint connections and can be created in the Azure portal, PowerShell, or Azure CLI, specifying the storage account and service to connect to.
• Private endpoints are primarily used for public endpoint connections and can be created using PowerShell, specifying the storage service only.

 

Knowledge check: Application Gateway Quiz Answers

Question 1)
Suppose you manage a web application that requires Secure Sockets Layer (SSL) encryption and efficient load balancing. Which of the following statements correctly describes how Azure Application Gateway can benefit based on the given requirement?

• Azure Application Gateway does not support SSL encryption, making it unsuitable for the given requirement.
• Azure Application Gateway offloads the CPU-intensive SSL termination workload from application servers, reducing their processing burden and enabling efficient SSL encryption for your web application.
• Azure Application Gateway exposes all ports on application servers directly to the web, increasing the attack surface and compromising the security of your web application.
• Azure Application Gateway is primarily designed for load-balancing HTTP traffic and does not support SSL encryption, making it unsuitable for the given requirement.

Question 2)
James is managing a web application hosted in Azure and needs to route incoming traffic based on specific uniform resource identifier (URI) paths. James wants to use Azure Application Gateway for this purpose.
Choose whether the following statement is True or False.
Application Gateway in Azure can make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers.

• False
• True

Question 3)
Imagine you’re a cloud solution architect working for a medium-sized enterprise. You’re implementing Azure Application Gateway in the company’s environment, and you need to ensure data communication is secure between the Application Gateway and the servers in the back-end pool.
How would you secure the data communication between the Application Gateway and the back-end pool servers?

• Deploying the Application Gateway without any certificate
• Using a public key in the Application Gateway
• Using a private key in the Application Gateway
• Implementing a self-signed certificate in the Application Gateway

Question 4)
You are configuring Azure Application Gateway v2 in your organization’s network. You must provide SSL certificate protection to your servers in the back-end pool.
What must you do to ensure SSL certificate protection in Application Gateway v2?

• Install the public key from the Application Gateway in the back-end pool servers.
• Use a self-signed certificate and install it directly into Application Gateway.
• Provide the certificate verified by the certificate authority for your servers’ SSL certificate in the back-end pool and include it as a trusted root certificate in Application Gateway.
• Implement the AZ network application-gateway auth-cert create command to add an authentication certificate.

Question 5)
You are setting up an Azure Application Gateway for a web application. The application is hosted across multiple sites and requires different back-end pools to handle requests based on host headers or host names.
Which type of listener would you configure in the Application Gateway?

• Frontend
• Multi-site
• Basic
• Back-end

 

Knowledge check: Web application firewall, Front Door, and ExpressRoute Quiz Answers

Question 1)
You are managing an Azure environment with an Application Gateway that serves multiple websites. Each website has different security requirements, and you want to customize the Web Application Firewall (WAF) settings for each individual site.
Which level of WAF policy should you use to achieve this?

• Per-URI policy
• Application Gateway policy
• Global policy
• Per-site policy

Question 2)
Eric manages a global web application that serves customers from various regions around the world. He wants to ensure optimal performance and high availability for the application by routing traffic to the nearest backend server and having failover mechanisms in place.
How does Azure Front Door optimize global web traffic routing and ensure high availability in this scenario?

• Front Door operates at Layer 3 or the network layer and uses the unicast protocol.
• Front Door operates at Layer 2 or the data link layer and uses the multicast protocol.
• Front Door operates at Layer 7 or the HTTP/HTTPS layer and uses split TCP-based anycast protocol.
• Front Door operates at Layer 4 or TCP/IP layer and uses anycast protocol.

Question 3)
Azure Front Door utilizes Anycast for routing both DNS and HTTP traffic, ensuring user traffic is directed to the closest environment in terms of network topology. In addition, Front Door organizes its environments into primary and fallback rings.
Which of the following statements accurately describes the purpose and functionality of the fallback Virtual Internet Protocol (VIP) in Azure Front Door?

• The fallback VIP is announced by environments in both the inner and outer rings, providing redundancy and fault tolerance for seamless application delivery.
• The fallback VIP is only announced by environments in the inner ring and serves as a failover mechanism.
• The fallback VIP is exclusively used for routing DNS traffic, ensuring efficient domain resolution and reducing latency for end users.
• The fallback VIP handles traffic overflow from the outer ring to the inner ring, ensuring smooth application performance during peak load situations.

Question 4)
You are responsible for securing the network connections between your organization’s on-premises network and Azure virtual networks using Azure ExpressRoute. You want to ensure the confidentiality and integrity of the data transmitted over these connections.
Which of the following statements accurately describes the purpose and functionality of MACsec and IPsec in Azure ExpressRoute?

• MACsec and IPsec are both encryption technologies used to secure data at the Media Access Control (MAC) layer for physical links between your network devices and Microsoft’s devices.
• MACsec encrypts data at the Media Access Control (MAC) layer for securing physical links between your network devices and Microsoft’s devices, while IPsec encrypts data at the Network Layer 3 for securing end-to-end connections between your on-premises network and Azure virtual networks.
• MACsec and IPsec are both encryption technologies used to secure data at the Network Layer 3 for end-to-end connections between your on-premises network and Azure virtual networks.
• MACsec encrypts data at the Network Layer for securing end-to-end connections between your on-premises network and Azure virtual networks, while IPsec encrypts data at the Media Access Control (MAC) layer for securing physical links between your network devices and Microsoft’s devices.

Question 5)
You are responsible for securing a web application and need to implement a Web Application Firewall (WAF) to inspect incoming requests and enforce security rules.
Which of the following statements regarding the features of WAF is correct?

• WAF allows you to create custom and managed rule sets for security hardening.
• WAF is typically deployed on a database server:
• WAF can only be deployed as part of the Azure cloud.
• WAF cannot act as an application delivery controller (ADC).

 

Visit this link:   Module quiz: Network security Quiz Answers

 

---

 

WEEK 3 QUIZ ANSWERS

 

Knowledge check: Configure and manage host security Quiz Answers

Question 1)
You’re the IT security lead in a fast-growing startup, and the number of devices connecting to your network is also increasing. As a result, endpoint protection is becoming increasingly critical to prevent potential cyberattacks. You’re considering using Microsoft Defender for Endpoint as your primary defense mechanism.
Which of the following best describes the function of Microsoft Defender for Endpoint?

• Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps networks prevent, detect, investigate, and respond to advanced threats.
• Microsoft Defender for Endpoint is designed to provide VPN services for secure remote connections.
• Microsoft Defender for Endpoint primarily secures sensitive data as an encryption tool.
• Microsoft Defender for Endpoint functions as a firewall blocking all unauthorized network traffic.

Question 2)
A large retail enterprise is going to launch an online shopping platform. While the client wants to make the platform easy for their employees and customers to use, it is also the client’s responsibility to ensure that sensitive customer data is not leaked. As one of the security measures, the IT team has recommended using privileged access workstations (PAWs). To protect these PAWs against cyber theft, the IT team has insisted on using a trusted and reputable supplier for all the hardware and software required to launch this platform.
By doing so, which risk has the IT team mitigated?

• Environment risk
• Physical attacks
• Supply chain tampering
• Usability risk

Question 3)
Imagine you work for a small enterprise whose majority workforce works from home. As a part of their IT team, you have recommended using Azure Bastion. This is because it enables the mobile workforce to connect to a VM using their browser and the Azure portal installed on their local computers. Furthermore, it is extremely secure as ______________.

• Bastion protects against port scanning
• Bastion has no hassle of managing NSGs
• Environment Azure Bastion sits at the perimeter of your virtual network
• Bastion supports TLS 1.2 and above

Question 4)
Imagine you are an IT security analyst for a large software firm that stores sensitive data in the Azure cloud. For better security, you decided to implement Azure Disk Encryption to safeguard the confidentiality of the data. This feature helps protect all information from unauthorized access while helping comply with industry regulations and mitigating the risk of data breaches. Which of the following are the potential advantages of implementing Azure Disk Encryption? Select all that apply.

• Controls and manages the disk encryption keys and secrets.
• Helps protect and safeguard data to meet your organizational security and compliance commitments
• Provides volume encryption for the OS and data disks of Azure virtual machines (VMs)
• Designs IP addressing schemes for virtual machines

Question 5)
TechNet Corporations has implemented Microsoft Defender for Cloud to strengthen the security of their cloud environment.
Which of the following statements accurately describes the process of generating security recommendations in Microsoft Defender for Cloud?

• Microsoft Defender for Cloud generates recommendations by analyzing the network traffic and identifying potential security vulnerabilities.
• Microsoft Defender for Cloud generates recommendations by analyzing the network traffic.
• Microsoft Defender for Cloud generates recommendations by periodically scanning the connected Azure subscriptions for outdated software versions and does not focus on identifying security misconfigurations.
• Microsoft Defender for Cloud generates recommendations based on the compliance status of resources and the specified security requirements of policies

 

Knowledge check: Configure and manage container security Quiz Answers

Question 1)
You are a cloud security analyst responsible for securing your organization’s applications deployed on Azure Container Instances. To do this, you should implement security best practices and recommendations to mitigate potential risks and safeguard sensitive data. Considering this scenario, which of the following are security recommendations for Azure Container Instances that you could use to optimize your container security? Select all that apply.

• Monitor and scan container images continuously
• Scan for vulnerabilities
• Use a public registry
• Protect credentials

Question 2)
As the head of your IT department, you have chosen Azure Container Instances (ACI) to facilitate deploying your AI applications. However, you’re concerned about the security of container images in a private registry.
What is the recommended practice for maintaining the security of container images in a private registry?

• Use a public registry for storing and retrieving images
• Ignore any vulnerability scans until a security breach is detected
• Share access to images with all team members for transparency
• Limit access to only a few users and perform regular audits of deployed images

Question 3)
TechStart Inc., a small technology operation, is developing a web application with multiple microservices. They have decided to use Azure Container Registry (ACR) for storing their container images.
What is one of the key benefits that TechStart Inc. would gain by using ACR?

• ACR enables them to store images only in a single Azure region
• ACR doesn’t support CI/CD pipelines
• Storing all images in a centralized location
• ACR integrates exclusively with non-Azure services

Question 4)
You are an Azure Solutions Architect working on a project that requires setting up an Azure Container Registry (ACR). For this registry, you must use an authentication method allowing role-based access.
Which of the following authentication methods best fits the described use case?

• Azure AD identities
• Service Principal
• Admin account
• Individual login with Azure AD

Question 5)
You are the owner of a small restaurant business. You are interested in implementing a cost-effective, scalable online ordering system. You have been researching Azure serverless computing as a potential solution and would like to understand better how it operates.
Which of the following describes how serverless computing works?

• Serverless computing apps run continuously
• Serverless computing requires you to set up and maintain physical servers
• You must manually configure and maintain the servers in serverless computing
• In serverless computing, you create an instance of the service and add your code. The serverless app runs only when an event triggers it

 

Knowledge check: Azure Kubernetes Service (AKS) Quiz Answers

Question 1)
You are a systems administrator at a software development company, and your team is considering adopting Kubernetes for container orchestration. You are tasked with evaluating the key features and benefits of Kubernetes.
How would you describe the primary focus of Kubernetes and its declarative approach to deployments backed by a set of APIs? Choose the statement that accurately describes Kubernetes’ primary focus and deployment approach.

• Kubernetes primarily focuses on managing the underlying infrastructure components, such as servers and virtual machines, for container-based applications
• Kubernetes primarily focuses on providing a procedural approach to deployments, allowing fine-grained control over every aspect of application management
• Kubernetes primarily focuses on managing the application workloads of container-based applications, abstracting away the underlying infrastructure components
• Kubernetes primarily focuses on managing the networking and storage components associated with container-based applications, while application workloads are secondary

Question 2)
Samantha is a DevOps engineer on a team deploying a microservices-based application on the Azure Kubernetes Service (AKS). As part of her role, she must research the different service types available in AKS and their use cases.
Which service type would be most suitable for a microservices-based application that needs to handle external customer traffic?

• Load Balancer service
• Cluster IP service
• Node Port service
• External Name service

Question 3)
You are a DevOps engineer for a software development company deploying a microservices-based application on Kubernetes. As part of your role, you must research available options for storing and persisting data. You must also determine the appropriate storage solution based on the application’s requirements.
Which storage option would you recommend for a microservices-based application running on Kubernetes where multiple pods need simultaneous access to shared data?

• Azure Files backed by Azure Premium storage
• Azure Disks backed by Azure Standard storage
• Azure Disks backed by Azure Premium storage
• Azure Files backed by Azure Standard storage

Question 4)
TechCo wants to ensure that only authorized developers can change their AKS clusters while leveraging their existing Azure AD identities. They need to define different access levels for other teams.
What would be the best approach for this?

• Use Azure AD with AKS to map Azure AD identities to Kubernetes roles and permissions
• Assign all developers blanket permission to make changes to any AKS cluster
• Manage permissions manually for each developer
• Use Azure AD alone to manage permissions for the AKS clusters

Question 5)
GlobeCo wants to create a system where permissions are defined and granted based on roles, ensuring a structured and secure approach to resource access within their AKS environment. They need to provide specific access to various namespaces.
What is the correct way to accomplish this?

• Use Kubernetes Secrets to manage access
• Use Azure RBAC to define ClusterRoles
• Use Azure RBAC to define Roles and use RoleBindings to assign permissions
• Assign every individual universal access to all namespaces

 

Visit this link:   Module quiz: Host and container security Quiz Answers

 

 

---

 

WEEK 4 QUIZ ANSWERS

 

Visit this link:  Graded assessment: Implement Platform Protection Quiz Answers