Module quiz: Active Directory access, protection, and governance management Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Identity and Access Solutions using Azure AD by Microsoft Week 3 | Module quiz: Active Directory access, protection, and governance management Quiz Answers with you..
Enrol Link: Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD Week 3 Quiz Answers
Module quiz: Active Directory access, protection, and governance management Quiz Answers
Question 1)
True or False: Role-based access control (RBAC) is a security framework that assigns permissions to users based on their roles within an organization.
- True
- False
Question 2)
An administrator wants to configure a Conditional Access policy that will prompt a user to go through multi-factor authentication (MFA) when certain signals are detected. Which of the following are common signals that Conditional Access policies can consider? Select all that apply.
- The length of time since the account password was last changed.
- Named location information.
- Real-time sign-in risk detection.
- Random application triggers.
Question 3)
You have assigned a User Administrator role, which grants permissions for managing resources that live in Azure AD. Which of the following role categories does this fall under?
- Privileged roles
- Service-specific roles
- Azure AD-specific roles
- Cross-service roles
Question 4)
True or False: Azure AD’s role-based access control (RBAC) allows you to define and manage roles with specific sets of permissions, granting access only to those who truly need it.
- True
- False
Question 5)
The administrator at Sam’s Scoops has decided to build an access management approach for the company that is based on the Zero Trust model. Which of these security principles should be followed to align with this model? Select all that apply.
- Mandate regular password changes.
- Provide the least privileged access.
- Verify access attempts explicitly.
- Don’t allow external users.
Question 6)
Complete the following sentence. Many experts believe that ______ is the new security perimeter.
- encryption
- data
- identity
- network
Question 7)
Which of the following statements about securing privileged access with Azure AD Privileged Identity Management (PIM) is true?
- Azure AD PIM requires Azure AD Premium P1 licenses to be enabled.
- Azure AD PIM does not support managing custom roles, only built-in Azure resource roles.
- Azure AD PIM does not provide any fine-grained access control options for role assignments.
- Azure AD PIM allows for permanent admin role assignments, with no expiration date.
Question 8)
What can be managed using Azure AD PIM?
- Only built-in Azure resource roles.
- Only custom roles in Azure AD.
- Both built-in Azure resource roles and custom roles.
- Only Azure AD Premium P2 licenses.
Question 9)
Which of the following statements is true regarding just-in-time (JIT) access?
- JIT access helps maintain security without sacrificing operational productivity.
- JIT access provides permanent access to privileged accounts.
- JIT access is not recommended for securing critical data and resources.
- JIT access requires users to authenticate multiple times for each application.
Question 10)
Using Privileged Identity Management (PIM), you would like to assign a role to a user that applies immediately and provides access for an indefinite amount of time. Which of the following assignment types would you use?
- Permanent eligible
- Time-bound active
- Time-bound eligible
- Permanent active
Question 11)
What is one of the benefits of using role-based access control (RBAC)?
- Centralized administration for individual user permissions.
- Increased security by limiting access to necessary resources.
- Increased complexity.
Question 13)
You have assigned a Teams Administrator role, which enables the assignee to manage features in the Microsoft Teams application. This app, which resides separately of Azure AD, is used by employees in the organization for communication. Which of the following categories does the Teams Administrator role fall under?
- Cross-service roles
- Azure AD-specific roles
- Privileged roles
- Service-specific roles
Question 13)
What is the main policy engine within the Zero Trust model?
- Intrusion Detection System (IDS)
- Firewall
- Zero Trust Application Gateway
Conditional Access
Question 14)
True or False: Identity governance involves managing and controlling access to resources based on least privilege principles.
- True
- False
Question 15)
Which of the following best describes the concept of just-in-time (JIT) access?
- JIT access grants permanent access to applications and systems, ensuring continuous availability.
- JIT access limits privileged access based on location, actions, and timing, providing precise control over when and where users can access privileged accounts.
- JIT access provides immediate access to all applications and systems, without any restrictions.
- JIT access is a security practice that allows users to access applications and systems without any authentication.
Question 16)
Consider an organization that uses cloud-based applications but does not yet have an access management system. It is considering Azure AD because of the capabilities made possible by Privileged Identity Management (PIM). Which Azure AD license should this organization acquire to enable PIM as a tool?
- Azure AD Free license
- Azure AD Premium P2 license
- Azure AD Basic license
- Azure AD Premium P1 license
Question 17)
What does Privileged Identity Management (PIM) help minimize?
- The number of permissions granted to regular users.
- The number of applications and systems in Azure AD.
- The number of authentication methods required for users.
- The number of people with access to secure information.
Question 18)
Consider an organization in which an employee is temporarily designated as a Project Manager for several days, while the true Project Manager is on vacation. As an administrator using Privileged Identity Management (PIM), you would like to assign a role to this user that requires activation and limits their access time to specific start and end dates. Which of the following assignment types would you use?
- Time-bound eligible
- Permanent eligible
- Permanent active
- Time-bound active
Question 19)
After an audit revealed that certain employee accounts continued to have privileged access that was no longer needed, the administrator at Sam’s Scoops decided to implement role-based access control (RBAC). Which steps should be taken as part of this process? Select all that apply.
- Identify the roles that exist within an organization.
- Assign permissions to roles.
- Set the authentication method that applies to a role.
- Define what actions users are allowed to take.
Question 20)
What is the purpose of using Conditional Access templates in Azure AD?
- To implement access controls only for remote work scenarios.
- To deploy preconfigured policies aligned with Microsoft’s recommendations.
- To create complex access control policies from scratch.
Question 21)
The administrator at an organization worries about potential security issues due to poorly managed access and wants to use Privileged Identity Management (PIM) to take a more secure approach. Which statement best describes how PIM can help to accomplish this?
- PIM is a feature that grants permanent privileged access to all users in Azure AD, increasing flexibility.
- PIM helps minimize the number of people with access to secure information, reducing the risk of unauthorized access and inadvertent impact on sensitive resources.
- PIM only supports time-bound access to Azure resources, excluding other Microsoft Online services.
- PIM allows users to have unlimited access to resources in Azure AD, Azure, and other Microsoft Online services.
Question 22)
True or False: Conditional Access policies in Azure AD are based on if-then statements, where a user must complete a specific action to access a resource.
- True
- False
Question 23)
You have assigned a Security Administrator role, which allows for management of security features within Azure AD, as well as separate security services like Microsoft Defender for Cloud Apps. Which of the following role categories does this fall under?
- Privileged roles
- Azure AD-specific roles
- Cross-service roles
- Service-specific roles
Question 24)
What are the two types of role definitions in Azure AD?
- Fixed roles and flexible roles.
- Built-in roles and custom roles.
- Basic roles and advanced roles.
Question 25)
What is the primary benefit of just-in-time (JIT) access?
JIT access eliminates the need for authentication when accessing applications and systems.JIT access grants permanent access to privileged accounts for all users.- JIT access increases the availability of applications and systems for all users.
- JIT access reduces the risk of unauthorized access to critical data and resources.
Question 27)
Imagine that an organization wants to change its security approach to provide the least access that users need to perform privileged operations. Which features does Privileged Identity Management (PIM) have that would assist in implementing this approach?
- Time-bound access to resources, self-service role assignment, and access reviews
- Time-bound access to resources, approval-based role activation, and multi-factor authentication enforcement.
- Permanent access to all resources, self-service role assignment, and access reviews
- Permanent access to all resources, multi-factor authentication enforcement, and access reviews.
Question 28)
An employee at Sam’s Scoops needs a very specific set of permissions that isn’t covered by any of the built-in roles in Azure AD, so an administrator must create a custom role. Before the employee gains the permissions, which steps must the administrator follow? Select all that apply.
- Defining the role by selecting desired permissions from a preset list.
- Creating a new Azure AD tenant.
- Verifying the user’s identity through multi-factor authentication.
- Assigning the role to users or groups.
Question 29)
Which of the follow can you manage in Privileged Identity Management (PIM)? Select all that apply.
- Conditional Access
- PIM for Groups
- Azure AD roles
- Self-service password reset (SSPR)