Module quiz: Azure penetration testing Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Tools and Technologies | Module quiz: Azure penetration testing Quiz Answers with you..
Enrol Link: Cybersecurity Tools and Technologies
Module quiz: Azure penetration testing Quiz Answers
Question 1)
True or False: Using the CLI in penetration testing, testers can accomplish tasks faster by typing commands rather than navigating through menus in a GUI.
- True
- False
Question 2)
What are some best practices for conducting penetration testing in Azure? Select all that apply.
- Disabling all services and applications during testing.
- Ensuring necessary permissions from stakeholders.
- Running vulnerability scanning tools.
- Documenting assets in scope for testing.
Question 3)
True or False: Offensive techniques in penetration testing are designed to identify vulnerabilities and potential security gaps within a target environment.
- True
- False
Question 4)
Which steps are involved in performing penetration testing on Microsoft Azure? Select all that apply.
- Deploy resources and networks in the production environment.
- Execute the penetration test, including vulnerability scanning and application testing.
- Secure proper authorization and document the testing plan.
- Choose an appropriate testing approach, such as black box, white box, or grey box.
Question 5)
Which steps are involved in configuring Azure resources for penetration testing? Select all that apply.
- Configuring networking settings, including virtual networks, subnets, IP addresses, and security groups.
- Configuring resource settings, including name, region, size, and operating system.
- Creating a new Azure Web App.
- Configuring data storage options, access controls, and redundancy settings.
- Configuring identity and access management settings using Azure Active Directory (Azure AD) and role-based access control (RBAC).
Question 6)
True or False: Gobuster is used for directory and file brute-forcing and discovering hidden files and directories on web servers.
- True
- False.
Question 7)
A company needs a solution that offers a streamlined and efficient approach to automate security assessments. Which Azure service should they consider for conducting recurring penetration tests with simplicity and ease of use?
- Azure Active Directory
- Azure Automation
- Azure Logic Apps
- Azure Security Center (Microsoft Defender for Cloud)
Question 8)
What is the main objective of creating a runbook in Azure Automation for conducting penetration tests?
To automate ice cream production processes.- To streamline the creation of Azure Automation accounts.
- To define the specific steps and actions for penetration testing.
- To optimize Azure resource performance.
Question 9)
What is the first step in web application penetration testing using Azure CLI and Azure PowerShell?
- Analyzing security headers.
- Running penetration tests on web forms.
- Scripting fixes for vulnerabilities.
- Mapping out the attack surface of the web applications.
Question 10)
Which tool allows penetration testers to query and analyze the entire Azure resource landscape, aiding in identifying potential misconfigurations?
- Azure CLI
- Azure Active Directory PowerShell Module
- Azure PowerShell
- Azure Resource Graph Explorer
Question 11)
Which of the following are common CLI tools in penetration testing? Select all that apply.
- Aircrack-ng
- Burp Suite
- VB.Net
- Wireshark
- Network Mapper (Nmap)
Question 12)
Sarah, an Azure administrator, wants to perform penetration testing to assess the security of their Azure environment. She is aware of the rules of engagement and best practices for penetration testing in Azure. She has gathered the necessary permissions, documented assets in scope, and is ready to run vulnerability scanning tools. However, she receives an email that appears to be from Microsoft, asking her to provide her Azure login credentials for a “security audit.”
What should Sarah do in this situation?
- Reply to the email with her login credentials to expedite the security audit process.
- Ignore the email and continue with her penetration testing as planned.
- Forward the email to internal company’s security team for verification and avoid clicking on any links.
- Click on the link in the email and provide her Azure login credentials as requested.
Question 13)
True or False: Offensive techniques in penetration testing are designed to identify vulnerabilities and potential security gaps within a target environment.
- False
- True
Question 14)
Sam’s Scoops recently adopted Azure Security Center to enhance the security of its Azure environment. The IT team is responsible for configuring automatic testing and alert policies to ensure the integrity of their resources.
What are the key steps involved in configuring automatic testing in Azure Security Center for Sam’s Scoops? Select all that apply.
- Configuring an alert policy to notify you of vulnerabilities.
- Setting up a recurring schedule for vulnerability checks.
- Configuring a backup strategy for data protection.
- Creating an Automation account for penetration testing.
Question 15)
What is the goal of input validation testing in web application penetration testing?
- To optimize the application’s database.
- To identify vulnerabilities like SQL injection and cross-site scripting.
- To test the speed of the web application.
- To assess the user experience of the web application.
Question 16)
Fill in the blank: The Azure CLI command used to create a resource group is __________.
az create group –name “sams-scoop-RG” –location “East US”az create resource-group –name “sams-scoop-RG” –region “East US”- az resource-group add –name “sams-scoop-RG” –region “East US”
- az group create –name “sams-scoop-RG” –location “East US”
Question 17)
Which of the following are examples of offensive techniques used in Azure penetration testing? Select all that apply.
- Access control and identity management
- Intrusion detection and prevention systems
- Exploitation
- Vulnerability scanning
Question 18)
Fill in the blank: Before deploying Azure resources for penetration testing, it’s crucial to configure networking settings, including virtual networks, subnets, IP addresses, and ____________.
Server names- Security groups
- Resource tags
Question 19)
Which open-source web application security scanner is designed for use by both beginners and professional penetration testers and can identify vulnerabilities in web applications hosted on Azure?
- Splunk
- Burp Suite
- Wireshark
- OWASP Zap
Question 20)
True or False: After creating a runbook, you need to input your penetration testing commands or scripts using templates or runbooks within the runbook itself. Further configuration and scripting are required to perform the tests.
- True
- False
Question 21)
Fill in the blank: Out of the box, Azure Security Center allows you to receive notifications through various channels, including ________, SMS, or Azure Monitor.
- Azure Logic Apps
- Azure Monitor
Question 22)
What does the az login command do in Azure CLI?
- It initiates a login process to the Azure environment.
- It creates a new resource group.
- It creates a new Azure subscription.
- It lists all Azure subscriptions in the account.
Question 23)
True or False: Microsoft encourages penetration testing of Azure services and requires testers to report their findings to the company’s internal security team to help address security gaps.
- True
- False
Question 24)
You’re responsible for conducting penetration testing on an Azure environment. You want to simulate a real-world cyberattack to assess vulnerabilities in the Azure infrastructure. Which offensive technique should you use for this purpose?
EncryptionAccess control and identity management- Incident response plan
- Brute force attacks
Question 25)
John is responsible for configuring Azure resources for penetration testing. He wants to create an Automation account for testing purposes.
What should John do based on the scenario? Select all that apply.
- Create an Automation account with identical settings as a production account.
- Seek approval from the internal security team before creating an Automation account.
- Proceed to create an Automation account tailored to the requirements of penetration testing.
- Create an Automation account using his regular user account (non-administrator account).
Question 26)
What is the primary purpose of Azure Security Center (Microsoft Defender for Cloud) in the context of penetration testing?
- To automate testing and continuous monitoring of Azure resources for security issues.
- To create detailed reports on Azure resource performance.
- To provide free Azure resource credits for testing.
- To simulate cyberattacks on Azure resources.
Question 27)
You’ve been hired to assess Sam’s Scoops current IT infrastructure and recommend improvements to ensure the security of customer data. You decide to utilize both the Command Line Interface (CLI) and PowerShell to address the IT needs.
What’s a key advantage of using the CLI in penetration testing for Sam’s Scoops?
- It allows testers to execute commands rapidly and precisely.
- It provides a graphical interface for easy navigation.
- It consumes more system resources compared to GUI.
- It doesn’t support automation.
Question 28)
True or False: Azure penetration testing is a one-time process that does not require ongoing assessment and improvement.
- True
- False
Question 29)
You have completed an initial penetration test in an Azure environment and identified several vulnerabilities. What should you do next based on the penetration testing process?
- Ignore the vulnerabilities, as they were already identified.
Share the findings with external parties.Deploy additional resources in the production environment.- Review the findings and prioritize the identified vulnerabilities.
Question 30)
Why is automation with Azure CLI and Azure PowerShell important for web application penetration testing?
- It reduces the need for security professionals.
- It slows down the testing process.
- It ensures consistent and thorough evaluations.
- It only focuses on specific vulnerabilities.
Question 31)
What is the primary function of the Penetration Testing Execution Standard, or PTES?
- To develop software applications.
- To provide a structured approach for vulnerability assessment.
- To design secure encryption algorithms.
- To conduct network monitoring.