Module quiz: Security, compliance and identity Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Threat Vectors and Mitigation by Microsoft Week 4 | Module quiz: Security, compliance and identity Quiz Answers with you..
Enrol Link: Cybersecurity Threat Vectors and Mitigation
Cybersecurity Threat Vectors and Mitigation by Microsoft Week 4 Quiz Answers
Module quiz: Security, compliance and identity Quiz Answers
True or False: Security compliance is only important for businesses that operate internationally.
A pharmaceutical company is trying to develop a new drug and needs to manage the risks involved in its development process, as well as ensure that it adheres to all relevant regulations. Which process should the company implement?
- Focus only on risk management.
- Focus only on compliance management.
- Implementing both Risk Management to identify and mitigate risks and Compliance Management to adhere to relevant regulations.
According to the GDPR, processing of personal data is always unlawful.
The GDPR only considers browser cookies as personal data if the user explicitly provides their name and contact information.
A cloud-based service provider wants to assure its customers that it has effective controls in place to safeguard data privacy and security. Which auditing procedure should the cloud-based service provider undergo to demonstrate this assurance?
- SOC 2
An organization wants to simplify user access and provide a smoother user experience by allowing users to use a single digital identity to access resources across multiple security domains. Which concept should the organization implement?
- Active Directory
- Access Control
- Identity Federation
Which of the following best describes the role of Active Directory (AD) in identity management?
- AD is used for website development.
- AD is used for managing individual identifiers.
- AD is used for data storage and backup.
Single sign-on (SSO) technology increases the number of passwords a user needs to remember.
What are the three principles guiding the layered security approach known as defense in depth?
- Password protection, data encryption, and email security.
- Network segmentation, DDoS protection, and firewall implementation.
- Confidentiality, Integrity, and Availability.
In the Zero Trust Model, trust is assumed once you are inside the network.
What is the primary difference between risk management and compliance?
- Risk management involves identifying and mitigating risks, while compliance involves ensuring adherence to laws, regulations, and ethical standards.
- Risk management involves identifying risks while compliance involves adhering to a specific set of rules.
- Risk management is an optional process while compliance is mandatory for all organizations.
What is one of the rights provided to individuals by the General Data Protection Regulation (GDPR) regarding their personal data?
- Right to unlimited data storage
- Right to erasure (right to be forgotten)
- Right to free services
According to the General Data Protection Regulation (GDPR), what must companies do before storing or accessing cookies on a user’s computer?
- They must obtain explicit and informed consent from the user.
- They must store cookies without informing the user.
- They can store cookies as long as they inform the user within 30 days.
Which cybersecurity standard is developed and published by the International Organization for Standardization and focuses on establishing an Information Security Management System (ISMS) through a risk-based approach?
- SOC 2
- ISO 27001
What does identity refer to within the information security world?
- The distinctive representation of a user or system within a network.
- The hardware ID of a device.
- The name of an individual.
Sara is an IT administrator at a mid-sized company and is considering implementing single sign-on (SSO) to improve security and efficiency. She is aware that SSO has some potential drawbacks. Which of the following measures should Sara consider implementing to mitigate the risk of a single point of failure in SSO?
- Sara doesn’t need to worry as SSO is inherently secure.
- Share the SSO credentials with only a select few in the organization.
- Implement multi-factor authentication (MFA) and regularly update security protocols.
Damon owns a chain of clothing shops. He has been a victim of theft and corporate espionage by employees and suppliers. He wants to secure his business based on the Zero Trust Model. Which of the following practices aligns with the Zero Trust Model principles?
- Damon checks IDs at the entrance and allows free access within the store once verified.
- Damon provides all employees with unrestricted access to all areas of the store but installs security cameras.
- Damon installs security cameras, requires identity verification for accessing sensitive areas, and limits access rights to only what is necessary for an employee’s specific task.
An e-commerce company operating in Europe and the United States is looking to ensure that they are compliant with data security laws. Which of the following should they consider as part of their compliance strategy?
- Ensuring compliance with GDPR in Europe and being attentive to local data protection regulations in the United States.
- Ensuring compliance with GDPR in Europe but ignoring HIPAA as they are not a healthcare company.
- Ensuring compliance with local data protection regulations in the United States but disregarding GDPR as they are not based in Europe.
Which of the following is true about using single sign-on (SSO) technology? Select all that apply.
- Improved user convenience.
- Increased number of passwords to remember.
- Increased complexity of authentication process.
- Reduced password-related issues.
A risk heat map is a tool used in compliance management to ensure adherence to laws and regulations.
XYZ Corp, a US-based company, offers online services to customers in Europe. Which of the following statements is true regarding XYZ Corp’s obligation to comply with GDPR?
- XYZ Corp does not need to comply with GDPR because it is based in the US.
- XYZ Corp must comply with GDPR.
- XYZ Corp only needs to comply with US data protection laws.
- The General Data Protection Regulation (GDPR).
- The Browser Transparency Act.
- The Cookie Consumption Law.
Alice is an IT administrator who uses Active Directory (AD) to manage user accounts and computers within her company’s network. She wants to enforce a security policy that requires all computers within the network to have the latest antivirus software installed. Which feature of AD should she use to efficiently apply this policy to all computers?
Manually installing antivirus software on each computer.
- Creating individual user accounts for each computer.
- Using Group Policies to define and enforce settings across multiple computers.
Defense in depth is a security strategy that relies on one strong layer of protection.
PCI-DSS is a cybersecurity standard that primarily focuses on the protection of patients’ medical records and other health information.
Active Directory (AD) employs Access Control Lists (ACLs) to implement authorization, which defines who has access to objects in the directory and what operations they can perform.
What is one of the guiding principles of the Zero Trust Model?
- Assume everything inside the network is safe.
- Trust but verify.
- Verify explicitly.
Your organization is migrating its data to Azure cloud services. As a security consultant, you have been tasked with implementing a defense in depth strategy. Which of the following layers would you consider crucial in your security strategy?
- Focus only on physical security.
- Focus only on data protection.
- Consider data protection, application security, compute security, network security, perimeter security, identity and access, and physical security.
Active Directory primarily serves as a user authentication and authorization service.