Module quiz: Compliance solutions Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Management and Compliance | Week 2 Quiz | Module quiz: Compliance solutions Quiz Answers with you..
Enrol link: Cybersecurity Management and Compliance
Module quiz: Compliance solutions Quiz Answers
True or False: Microsoft Azure offers more than 50 compliance offerings to cater to different regions and sectors.
According to the shared responsibility model, for which types of cloud deployments in Microsoft Azure would responsibility for the operating system fall to the Cloud Service Provider (CSP)? Select all that apply.
- Software as a service (SaaS)
- Infrastructure as a service (IaaS)
- Platform as a service (PaaS)
John, an IT admin, is using Microsoft Purview’s compliance portal. He wants to gain insights into classified content across the organization. Which feature should John access to fulfill this requirement?
- Data Lineage
- Activity Explorer
- Content Explorer
Consider a scenario where a long-time employee in the finance department of a company becomes disgruntled due to a denied promotion. Out of resentment, he decides to modify the financial records of the company subtly, making them inaccurate. This action is an example of which type of insider threat?
- Third-party threat
- Accidental data breach
- Data corruption
True or False: The Alert dashboard allows users to see the total number of alerts generated by policy matches in the last 60 days.
You are the IT administrator for a large organization. There is a need to ensure that members of the finance team working on a confidential project do not communicate or share documents with specific groups in the company. Which Microsoft tool should you employ to achieve this?
- Communication compliance policies
- Microsoft Purview Information Barriers (IB)
- Microsoft Purview Privileged Access Management (PAM)
True or False: Microsoft Purview Communication Compliance supports the review and remediation of messages only in Microsoft Teams and does not extend to third-party platforms.
Anna, a new employee at TechnoCorp, is tasked with drafting a document that contains credit card information. She needs to make sure the document is appropriately classified and protected. Using the Microsoft data management principles, which of the following steps should Anna take first?
- Use a sensitivity label to classify the document, ensuring data protection features like encryption are applied.
- Delete the document after saving it to an external drive.
- Share the document with her team for feedback without applying any labels.
Which of the following accurately describes the role of a Data Steward in Microsoft Purview?
- A Data Steward oversees the definition, quality, and administration of specific data sectors and collaborates with counterparts on data management aspects.
- A Data Steward is the primary business authority responsible for ensuring data quality and protection.
- A Data Steward is responsible for the initial creation and capture of data in an organization.
Which of the following statements best describes the purpose of data classification in Microsoft Purview?
- Data classification is merely a cosmetic feature with no impact on data governance.
- Data classification in Microsoft Purview helps in understanding, searching, and governing data assets.
- Data classification is only used for tagging assets with built-in system classifications.
Which of the following statements best describes the CIS Benchmarks?
- They are a set of guidelines to improve the performance of cloud services.
- They are a proprietary system used by Microsoft Azure for compliance.
- They offer configuration standards for securing a system.
You are a Risk Manager at a financial firm planning to migrate to Azure. After inventorying your apps, you find that one of them deals with processing credit card payments and holds large amounts of sensitive customer data. This app is crucial for daily operations and generates significant revenue for the company. Based on the provided information, how should you classify this app’s business impact level?
- Low Business Impact (LBI)
- Medium Business Impact (MBI)
- High Business Impact (HBI)
True or False: Insider risks always arise from employees with malicious intent.
You are an investigator in a company’s IT department. You received a tip about a specific employee’s potentially risky behavior but noticed that the employee doesn’t fall under any insider risk management policy. Which tool would be most appropriate for inspecting the activities of this user?
- User activity reports
- Incident response plan
- Insider risk Alert dashboard
True or False: Microsoft offers only standard sensitivity labels and does not allow organizations to create custom labels.
True or False: Microsoft Purview’s Data Catalog mainly deals with the archiving stage of data management.
True or False: In Microsoft Purview, reviewers get only one email notification about disposition reviews allocated to them, and no follow-ups are sent afterward.
True or False: Microsoft suggests customers should avoid standardized risk and controls frameworks like ISO 27001 or NIST SP 800-53 for cloud risk assessment.
Which method of data classification in Microsoft Purview is driven by machine learning to categorize unique data like specific contracts or customer records?
- Trainable Classifiers
- Data Lineage
- Sensitive Information Types (SIT)
Which of the following best describes the primary purpose of data classification within an organization’s data management strategy?
- To encrypt all data within an organization.
- To comprehend an organization’s data layout and inform protection and governance strategies.
- To automatically delete outdated data.
Which of the following best describes the primary purpose of User activity reports in managing insider threats?
- They provide a count of all alerts that require review and triage.
- They only monitor users who are explicitly mentioned in an insider risk management policy.
- They facilitate the examination of potentially risky behaviors for specific users over a designated time frame, without necessarily linking them to an insider risk management policy.
You are an IT administrator for a medium-sized organization that uses Microsoft 365. Your compliance management team has raised concerns about potential communication violations occurring over email. What should you do to monitor email communications for compliance?
- Manually review all email communications.
- Implement Microsoft Purview Communication Compliance with policies specifically configured for Exchange Online.
- Disable all email communications within the organization.
Imagine you are a security officer for a global company and are considering Microsoft Azure for your company’s cloud operations. A top priority is ensuring that the cloud service you choose aligns with industry best practices for cyber defense. Which of the following tools or benchmarks would best guide your company in achieving a secure baseline configuration for Microsoft Azure?
- CIS Microsoft Azure Foundations Benchmark
- Microsoft Compliance Center
- Azure Security Center
Which of the following is a primary function of Microsoft Purview Privileged Access Management (PAM) in Office 365?
- It restricts unauthorized interactions between specific groups and users within Microsoft Teams and SharePoint.
- It monitors communications within an organization for compliance with corporate and legal standards.
- It safeguards organizations from potential breaches by controlling privileged administrative tasks through a just-in-time access process.
Imagine you work in a large organization, and you have just been designated the role of Data Curator in Microsoft Purview. As part of your responsibilities, a team member approaches you asking for read/write permissions for a particular set of assets. Who in Microsoft Purview has the authority to grant this request?
- The Data Curator has the authority to control read/write permissions for assets in a collection group.
- The Data Owner grants permissions for reading and writing to assets.
- The Data Steward has the authority to manage read/write permissions.
Which of the following are functions of information barriers (IB) in Microsoft Purview? Select all that apply.
- Information barriers monitor communications for unauthorized or inappropriate discussions.
- Information barriers regulate two-way communication and collaboration among groups and users within Microsoft Teams, SharePoint, and OneDrive.
- Once IB policies are activated, they ensure that certain users are restricted from communicating or sharing files with designated others.
- Information barriers enforce data access controls and restrictions to maintain compliance and security.
Which of the following best describes a feature of Microsoft Purview Communication Compliance’s customizable templates?
- They utilize machine learning to detect communication violations effectively.
- They allow automatic deletion of inappropriate messages without review.
- They enable integration with third-party applications for template customization.
Which of the following best describes an intentional threat that comes from inside an organization?
- An employee mistakenly sending confidential data to the wrong email address.
- An external hacker exploiting a vulnerability in the company’s security.
- An employee maliciously leaking confidential data to a competitor.