In this article i am gone to share Coursera Course: Manage Security Operations by Microsoft | Manage Security Operations All Weeks Quiz Answers with you..

Enrol Link:  Manage Security Operations

Manage Security Operations Coursera Quiz Answers

---

 

WEEK 1 QUIZ ANSWERS

Knowledge check: Azure Monitor Quiz Answer

Question 1)
Which of the following tools/services provides a comprehensive overview of Azure Governance implementation?

• Azure Compliance Manager
• Azure Policy
• Azure Governance Visualizer
• Microsoft Defender for Cloud

Question 2)
Henry, a Cloud Administrator at a software development company, has been assigned the responsibility of monitoring the performance and functionality of an application deployed on Azure. He has to gain insights into how the code is performing and identify any issues or bottlenecks. Which is the most suitable method he can use to collect application monitoring data?

• Set up a tenant diagnostic setting.
• Install the Windows Azure Diagnostic agent on the VM running the application.
• Configure a log profile.
• Use Azure Monitor Application Insights SDK to instrument his code.

Question 3)
Which of the following visualizations within Azure Monitor provides a flexible canvas for data analysis and creating rich visual reports within the Azure portal?

• Log Analytics dashboards 
• Azure Monitor workbooks
• Azure dashboards
• Power BI 

Question 4)
You are responsible for managing the security of your organization’s infrastructure, which includes a combination of on-premises and cloud-based resources. You need a centralized security solution that can effectively monitor your workload’s overall health and security and provide recommendations to enhance your defense against security threats. Additionally, you want a solution that simplifies the configuration of security measures and seamlessly integrates with Azure services. Which service should you choose?

• Microsoft Cloud App Security
• Microsoft Sentinel
• Microsoft Defender for Cloud 
• Azure Active Directory Identity Protection

Question 5)
You want to share query results from Azure Monitor logs with users outside of Azure and leverage diverse visualizations. Which capability of Azure Monitor logs would you utilize for this purpose?

• Log data analysis
• Result visualization
• Log importation
• Log exportation

 

Knowledge check: Configure and monitor metrics and logs Quiz Answer

Question 1)
In your role as a Cloud Administrator for an e-commerce company, which component of the Azure portal would you use to interactively analyze data in the metric database and chart the values of multiple metrics over time?

• Azure Log Analytics
• Metrics explorer
• Azure Blob Storage
• Azure Functions

Question 2)
You have recently implemented Application Insights in your application to monitor its performance and health. You wish to identify the features of Application Insights that allow you to understand how users interact with your application and analyze their behavior.
Which feature of Application Insights can help you measure the user experience and analyze users’ behavior?

• Alert configuration
• Performance monitoring
• Availability testing  
• Usage analytics  

Question 3)
Sophia is a Cloud Architect responsible for managing an organization’s Azure infrastructure. She’s considering creating a Log Analytics workspace for their environment. In which of the following scenarios would it be necessary for Sophia to create a Log Analytics workspace? Select all that apply.

• When the organization wants to automate the deployment and management of virtual machines in Azure
• When the organization needs to track user activity and security events in Azure storage
• When the organization wants to monitor the performance of its on-premises computers using Microsoft System Center Operations Manager (SCOM)
• When the organization requires a centralized location to store Azure resource logs

Question 4)
You are a cloud administrator responsible for managing a Log Analytics workspace in Microsoft Sentinel. The Log Analytics workspace collects and analyzes data from various connected sources, such as virtual machines (VMs), containers, and applications. You must effectively configure and monitor these connected sources as part of your role. Which feature in Log Analytics allows you to configure and manage the connected sources, enabling data collection and analysis from various resources in your Sentinel environment?

• Azure Sentinel
• Data connectors
• Azure Insights
• Azure Monitor

Question 5)
State whether True or False.
Log Analytics workspaces can only store log data from Azure Monitor.

• True
• False

 

Knowledge check: Azure Monitor Alerts Quiz Answer

Question 1)
Question type: True or False
Your organization uses alert rules to promptly respond in a critical situation. Since it is a large-scale setup, these alert rules are required to monitor multiple resources. In this case, the criteria of the required conditions of all these resources can be evaluated simultaneously to optimize efficiency.

• True
• False

Question 2)
Your organization uses Azure Monitor Alert which notifies you when important conditions are found in your monitoring data. Sometimes, this involves a collection of notifications triggered by an alert. One of these alerts the IT team has configured is the web test, which fires multiple notifications via email and message when the results of availability test match defined the criteria. This collection is referred to as _________.

• An action group
• Criteria
• An action
• A signal

Question 3)
Your organization has recently undertaken an exercise to reduce costs and optimize resources in the IT division. Toward this, it uses diagnostic logs to keep detailed accounts of where and how the deployed resources are being used and what they are costing. These logs come from Azure services that deploy resources within an Azure subscription. Which of the following types of logs will they belong to?

• Activity logs
• Resource logs
• Guest OS diagnostic logs
• Tenant logs

Question 4)
While configuring properties for diagnostic logging, if you set the retention policy for WorkflowRuntime to 90 days and then 24 hours later, you set it to 180 days, the logs stored during those first 24 hours will be automatically deleted after 180 days.

• True
• False

Question 5)
Imagine you are a cloud infrastructure engineer working with Azure services. As you explore the Azure diagnostics settings to optimize log management, you come across a new feature called “Category Groups.” Now, you are curious about its purpose and potential benefits.
In Azure diagnostics settings, what is the primary purpose of “Category Groups”?

• To automatically update diagnostic settings for resource logs.
• To dynamically collect resource logs based on predefined groupings
• To manually select individual log categories for resource logs.
• To ensure compliance with auditing standards for resource logs.

 

Visit this link:   Module quiz: Configure and manage Azure Monitor Quiz Answers

 

---

 

WEEK 2 QUIZ ANSWERS

Knowledge check: Implement Microsoft Defender for Cloud Quiz Answer

Question 1)
As you analyze the Cyber Kill Chain, you encounter a critical phase of establishing a remote-control center. Can you identify which phase it is?

• Reconnaissance 
• Installation
• Exploitation 
• Command and Control (C2)

Question 2)
You are an IT administrator responsible for ensuring the security of your organization’s cloud environment. You have recently implemented Microsoft Defender for Cloud, a comprehensive solution for cloud security posture management (CSPM) and cloud workload protection (CWP). While reviewing its features, you come across a specific use case and must identify the appropriate solution within Microsoft Defender for Cloud.
Your organization is concerned about the overall security posture of its cloud environment and wants to identify and address any weak spots in the cloud configuration. Which feature of Microsoft Defender for Cloud should you utilize?

• Hybrid environment protection (HEP)
• Cloud workload protection (CWP)
• Multi-cloud security assessment (MCSA)
• Cloud security posture management (CSPM)

Question 3)
Imagine you are managing the settings of Microsoft Defender for Cloud. In this scenario, you want to control how Defender for Cloud integrates with other Microsoft security services. Which area of the Microsoft Defender for Cloud settings should you focus on?  

• Defender plans
• Auto provisioning
• Integrations 
• Email notifications

Question 4)
You are the administrator of an Azure subscription that has enhanced security features. You need to decide whether to turn on or off enhanced security for the virtual machines (VMs) in the subscription. Which option should you choose?

• Turn off enhanced security for all VMs.
• Keep enhanced security turned off for all VMs.
• Turn on enhanced security for a select few VMs.
• Turn on enhanced security for all VMs.

Question 5)
As an IT professional, you are tasked with implementing Defender for Servers to enhance the security of your organization’s server infrastructure. You want to ensure a smooth deployment and make informed decisions. Read the question and select the most suitable alternative. What is the primary function of Defender for Servers, and how is it deployed?

• Its main purpose is to detect and respond to advanced threats, and it is deployed through Azure Marketplace or the Microsoft 365 Security Center.
• It focuses on monitoring server performance and is deployed by configuring server OS settings.
• It provides server antivirus protection and is deployed by installing agents on each server.
• It enables server backup and disaster recovery, integrating with Azure Backup and Azure Site Recovery.

 

Knowledge check: Microsoft Defender for Cloud policies and recommendations Quiz Answer

Question 1)
You are a cybersecurity analyst tasked with setting up Microsoft Defender for Cloud. You want to understand the purpose of the default initiative, Microsoft Cloud Security Benchmark. Which of the following best describes its purpose? 

• To offer a comprehensive guide for maintaining regulatory compliance. 
• To provide insights on cost optimization strategies.
• To enhance collaboration and communication among team members.
• To provide recommendations for optimizing cloud performance. 

Question 2)
You are using Defender for Cloud to analyze the compliance status of your resources and receive security recommendations. You have set up specific initiatives and policies to guide the analysis. Based on the given information, which of the following statements is correct?

• Recommendations are generated when a policy from your initiative identifies non-compliant resources. 
• Recommendations are provided only for resources that meet the defined requirements of your initiatives. 
• The compliance analysis in Defender for Cloud is not based on specific initiatives or policies. 
• Defender for Cloud assesses resources against policies but offers no remediation suggestions. 

Question 3)
You are a security analyst who has recently implemented Microsoft Defender for Cloud to manage your organization’s cloud security. While analyzing the data and features of Microsoft Defender for Cloud, you come across suspicious activity on one of your cloud servers. You receive an alert regarding unauthorized access attempts. It would be best to take immediate action to protect your cloud environment.
Which course of action should you take?

• Contact your cloud service provider and request assistance in resolving the security issue
• Immediately block the suspicious IP address associated with the unauthorized access attempts
• Investigate the alert further and gather additional information about the unauthorized access attempts
• Ignore the alert and assume it is a false positive

Question 4)
You are the IT administrator for a large organization heavily relying on server infrastructure. You are evaluating different security solutions to protect your server endpoints. After thorough research, you come across Microsoft Defender for Servers, which includes Microsoft Defender for Endpoint. You are intrigued by this powerful combination and want to ensure it meets your organization’s security needs. Which of the following statements is true about Microsoft Defender for Servers?

• Microsoft Defender for Servers combines endpoint detection and response capabilities with additional security measures for comprehensive server protection
• Microsoft Defender for Servers only provides endpoint detection and response capabilities, without any additional security measures 
• Microsoft Defender for Servers is solely focused on server endpoint detection and does not offer response capabilities
• Microsoft Defender for Servers is a standalone product and does not include Microsoft Defender for Endpoint

Question 5)
You manage the security of your workloads in Azure. You want to assess the current security state and determine the secure score for your recommendations. How will you calculate the secure score in Defender for Cloud based on the provided information?

• The secure score is calculated by the ratio between your healthy and total resources in Azure workloads.
• The secure score is determined solely by the criticality of security recommendations for your workloads.
• The secure score is based on the health status of your resources and the total number of workloads in Azure.
• The secure score is determined by the total number of workloads in Azure.

 

Knowledge check: Protect against brute force attacks Quiz Answer

Question 1)
The IT department at a small-size enterprise has been busy dealing with a recent security breach in the systems of most of its employees. Which indication will lead the IT department to suspect a brute-force attack?

• The use of credentials that belong to an ex-employee
• Many failed sign-ins from many unknown usernames
• Successful discovery of complex login credentials by an outsider within the first few attempts
• Previously successfully authenticated from multiple remote desktop protocol (RDP) connections

Question 2)
Keith, a security engineer in the IT department at a small-scale organization, has been tasked with addressing a brute-force attack encountered in the systems of some of its employees. Which of the following actions should he take to restore security?

• Switch to simpler passwords for easy employee access
• Remove just-in-time (JIT) virtual machine (VM) access
• Approve all IP addresses that can access the ports
• Keep the ports open for a limited amount of time

Question 3)
Neil, an IT consultant for a web app enterprise, is evaluating the ports that have been recommended for just-in-time (JIT) access on the various virtual machines (VMs). He finds that specific other ports need to be included for JIT access on the VMs. Can he do so?

• Yes
• No

Question 4)
The IT department of your organization has been busy dealing with a series of very specific security attacks on the endpoint devices used by employees. These attacks have been caused by a new utility software one of the team members installed recently. Which type of malware would you attribute this security attack to?

• Trojan horse 
• Worm 
• Leech
• Virus 

Question 5)
The IT department of your organization uses Microsoft Defender for Cloud to protect their virtual machines (VMs) against malware. Defender for Cloud reports any endpoint protection issues detected on the machines. Which of the following is an example of these issues?

• Antimalware software integrated with Defender for Cloud
• Out-of-date antimalware signature
• Endpoint protection installed in the VM
• Microsoft Antimalware added as an extension

Visit this link:   Module quiz: Enable and manage Microsoft Defender for Cloud Quiz Answers

 

---

 

WEEK 3 QUIZ ANSWERS

Knowledge check: Enable and configure Microsoft Sentinel Quiz Answer

Question 1)
As a security analyst, you are responsible for monitoring and managing the security of a company’s network infrastructure. You use Microsoft Sentinel, a cloud-native security information and event management (SIEM) system, to manage and monitor security. One day, you receive an alert from Microsoft Sentinel about a potential intrusion attempt on a critical server. You have investigated the incident using Sentinel’s capabilities and discovered that the attacker gained unauthorized access to the server and attempted to exfiltrate sensitive data. You have proactively mitigated the attack and prevented data loss. Which of the following features of Microsoft Sentinel helped you to identify and respond to the intrusion attempt?

• Azure identity protection
• Data loss prevention
• Machine learning analytics
• Threat intelligence

Question 2)
Imagine John is a security operations center analyst, and his organization uses Microsoft Sentinel to monitor and secure infrastructure. While working with Microsoft Sentinel, which statement is true for log retention?

• Microsoft Sentinel automatically retains all logs indefinitely.
• Microsoft Sentinel retains log data based on the organization’s settings and requirements for a configurable period.
• Microsoft Sentinel has a fixed log retention period of 30 days.
• Microsoft Sentinel retains logs for a maximum of one year.

Question 3)
John is a cloud solutions architect working for a reputable IT consulting firm, and he has been assigned a task to create a new Azure workspace for their client, Contoso, a European-based company. The workspace will be used to centralize and manage their cloud resources, data, and analytics.
In this scenario, John must select the appropriate European region for the new workspace. Choosing the right region is crucial as it directly impacts data residency, compliance, and performance for Contoso’s cloud-based applications and services. While creating a new Azure workspace for Contoso in Europe, which region should John select to ensure compliance with data residency requirements and optimize performance for their cloud services?

• Central Europe
• West Europe
• North Europe
• East Europe

Question 4)
You are a cybersecurity analyst tasked with enabling Microsoft Sentinel to enhance an organization’s threat detection and response capabilities. As a part of the implementation process, you must configure various components and settings. What is the first step you should take to enable Microsoft Sentinel in your organization?

• Install the necessary agents on all endpoints.
• Create custom alert rules for specific security events.
• Configure data connectors for ingesting security logs.
• Assign user roles and permissions for accessing Sentinel.

Question 5)
You are configuring a data connection in Microsoft Sentinel to collect security logs from your on-premises network devices. Which type of data connector should you choose to achieve this?

• Azure Event Hubs
• Azure Monitor Logs
• Syslog
• Common Event Format (CEF)

 

Knowledge check: Detect threats and analyze data Quiz Answer

Question 1)
Alex is an IT engineer. Imagine he works as a data analyst for a retail company selling various products in physical stores and online. His task is to visualize and analyze the company’s sales performance over the past year to identify trends, patterns, and areas of improvement. To start visualizing the data, he uses line charts, bar graphs, and maps to provide a comprehensive overview of the company’s sales performance. Which feature in Microsoft Sentinel will he look to visualize and analyze data?

• Incident dashboard
• Hunting queries
• Workbook
• Data explorer

Question 2)
You are a security analyst tasked with exploring Microsoft Sentinel, a cloud-native security information and event management (SIEM) system. You want to get a report for your security data. For this, you have assigned this task to your team members. Identify who will help you to get your security data.

• Jana: Analytics alerts in Microsoft Sentinel
• Ron: Incidents in Microsoft Sentinel
• Sara: Threat hunting
• John: Workbooks in Microsoft Sentinel

Question 3)
As a security administrator in a large organization, you are tasked with improving cybersecurity measures and threat detection capabilities. One of your responsibilities is creating custom analytics roles for your security team to efficiently detect and respond to threats within the organization’s network and systems. Which action is appropriate when creating custom analytics roles to detect threats effectively?

• Grant access to personal user data to empower the custom analytics roles to investigate insider threats.
• Assign all available privileges to the custom analytics roles for comprehensive threat detection.
• Limit the custom analytics roles to only view and read data to avoid potential data breaches.
• Allow the custom analytics roles to modify critical system configurations to enhance threat response.

Question 4)
As a cybersecurity analyst in a large organization, you are tasked with configuring scheduled query analytics rules in Microsoft Sentinel to enhance threat detection and response capabilities. During the setup, you come across “entity mapping.” In configuring scheduled query analytics rules in Microsoft Sentinel, what is the purpose of entity mapping?

• Entity mapping enriches the rules’ output with vital information for investigation and response.
• Entity mapping enables automatic remedial actions for incidents.
• Entity mapping visually represents the data collected in the workspace.
• Entity mapping connects Microsoft Sentinel with external threat intelligence platforms.

Question 5)
You are tasked with configuring auditing and health monitoring for Microsoft Sentinel in your organization’s Azure environment. When configuring auditing and health monitoring for Microsoft Sentinel, which option should be enabled to collect and analyze security logs and generate actionable insights?

• Azure Monitor
• Activity Log Analytics
• Azure Security Center
• Azure Log Analytics

 

Knowledge check: Investigate and hunt for threats Quiz Answer

Question 1)
Paul, a Security Analyst, is investigating an incident and wants to visualize the relationships and connections between the various entities involved. Which feature in Microsoft Sentinel should Paul utilize to achieve this?

• Alerts tab
• Similar incidents tab
• Investigation graph
• Entities tab

Question 2)
You are a cybersecurity analyst with Microsoft Sentinel, a cloud-native security information and event management (SIEM) platform. You must use the Sentinel interface to look for particular security incidents or occurrences as part of your job. Which option allows you to set the time period for the search while utilizing Microsoft Sentinel’s job search feature?

• Search query
• Search scope
• Search index
• Time range picker

Question 3)
Using the data flow diagram to secure your systems and identify potential threats, you have selected a focus area and an associated framework. Which phase of the threat modeling process does this belong to?

• Break phase
• Design phase
• Fix phase
• Verify phase

Question 4)
In the IT department of a medium-scale organization, you have:

Robert (a developer)
Ashley (a program manager)
Dev (a tester)

They are developing their first threat model. Ashley has created a data flow diagram (DFD), which Robert is reviewing for possible threats. Reviewing these threats helps him understand __________.
Select all that apply.

• Trust boundaries
• Potential design flaws and how they can be fixed
• Types of threats
• The design as an asset

Question 5)
The IT department of your organization has recently encountered some unauthorized changes to the database. Which threat category in the STRIDE framework does this refer to?

• Elevation of Privilege
• Repudiation
• Spoofing
• Tampering

 

Visit this link:   Module quiz: Configure and monitor Microsoft Sentinel Quiz Answers

 

---

 

WEEK 4 QUIZ ANSWERS

 

Visit this link:   Graded assessment: Manage Security Operations Quiz Answers