Secure Access with Azure Active Directory Coursera Quiz Answers
In this article i am gone to share Coursera Course: Secure Access with Azure Active Directory Coursera Quiz Answers with you..
Enrol Link: Secure Access with Azure Active Directory
Secure Access with Azure Active Directory Coursera Quiz Answers
WEEK 1 QUIZ ANSWERS
Knowledge check: Introduction to Azure Active Directory
Question 1)
Your organization has recently migrated its on-premises applications and infrastructure to Azure. However, an old enterprise application developed about 15-20 years back cannot use modern authentication methods. How will you ensure you can still run this application on the cloud?
- Use Conditional Access policy
- Use Azure Active Directory Domain Services
- Add the application users to Azure Active Directory
- Use multifactor authentication
Question 2
You are implementing hybrid identity for your organization. The authentication method installs an agent on on-premises servers that authenticate against the Active Directory. When an Azure AD user account tries to authenticate, password authentication is handled on-premises through these servers and Active Directory. Which authentication method have you used here?
- Multifactor authentication
- Azure AD pass-through authentication
- Azure AD password hash synchronization
- Federated authentication
Question 3
You are currently using a free license of Azure Active Directory. Which situation requires you to purchase an Azure Active Directory Premium P2 license?
- You want to use the Identity Protection feature to protect applications from identity risks.
- You want to provide self-service password reset for Azure AD users.
- You want to do on-premises Active Directory synchronization.
- You want to use self-service password reset for users based on-premises.
Question 4
Let us say you are an Azure security engineer in an organization that uses Azure AD to manage user authentication and access to cloud resources. One day, you notice a spike in suspicious login attempts, with multiple failed sign ins from unfamiliar IP addresses. After investigating the logs, you discover these attempts are part of a large-scale phishing campaign. Which feature or service of Azure AD will you use to address this situation quickly?
- Azure AD Identity Protection
- Azure AD Connect
- Azure AD Domain Services
- Azure AD Conditional Access policy
Question 5)
As an Azure security engineer, you are deciding on the role assignment for Emily, an employee of your organization. Emily needs permission only to track data in the Microsoft 365 compliance center, Microsoft 365 admin center, and Azure. Which role assignment is correct?
Apply the rule of least privilege. This rule states that you should provide users and applications only the access and permissions they need to do their job and no more.
- Global Administrator
- Compliance Administrator
- Application Administrator
- Compliance Data Administrator
Knowledge check: Manage users in Azure Active Directory
Question 1)
Your retail organization, BuyForSure Inc., recently created an Azure subscription. You have been tasked with creating the following users in Azure Active Directory (Azure AD).
Maria, a Database Administrator at BuyForSure Inc.
Patrick, a Project Manager who recently joined BuyForSure Inc.
Linda, who works in SportyFeel Inc. and supplies material to BuyForSure Inc.
John, a marathon runner who buys shoes and other supplies from BuyForSure Inc.
Whom will you add as a B2C user in Azure AD?
- Linda
- Patrick
- John
- Maria
Question 2)
You’re a License Administrator in an organization that has an Azure subscription. You’ve been tasked with assigning a license to a user who has recently moved to a new project in Azure Active Directory (Azure AD).
Which of the following actions should you perform before assigning the license?
- You should assign the Global Administrator role to the user.
- You should change the user’s user principal name (UPN).
- You should check if you’ve specified the user’s usage location.
- You should check if the user’s display name is specified.
Question 3)
You work at an organization that provides an online gaming platform for K12 students. All your users are registered in Azure Active Directory (Azure AD). However, the government has issued a new mandate that requires legal age classification for your users. How will you provide this information?
- You should update your users’ minor consent in the Contact Information category.
- You should update the users’ date of birth in the Identity category.
- You should classify your users’ according to their legal age in the Settings category.
- You should update your users’ age group and consent provided for minors in the Parental controls category.
Question 4)
You’re a Security Engineer at BuyForSure Inc. Your organization has entered into a tie-up with Soles Inc. to meet your design requirements. You’ve added the team members of the external organization as guest users to your Azure Active Directory (Azure AD) tenant. For ease of execution, you have added them to the Design group. What will be their default permissions? Select all that apply.
- They can read the object ID for the joined groups.
- They can search for groups by their display name or object ID (if allowed).
- They can read hidden Microsoft 365 group memberships for joined groups.
- They can manage the properties, ownership, and membership of groups.
Question 5)
You’re a Security Engineer at BuyForSure Inc. and have multiple users in your organization. To improve the security posture, you need to ensure the Azure AD administration portal is not accessible by non-admin users. How can you restrict access to the Azure AD administration portal?
Solution: Change the Administration portal setting on the User settings page in Azure AD.
Does the solution meet the goal?
- Yes
- No
Knowledge check: Manage groups in Azure Active Directory
Question 1)
You’re a Security Engineer Associate at BuyForSure Inc. Your organization has collaborated with an external organization, Soles Inc., to create bespoke orders. You’re tasked with creating a group to share SharePoint resources with external members.
Which group will you create to provide external members access to internal resources?
- Security
- Service principals
- Application object
- Microsoft 365
Question 2)
You created a group with the group membership type set to Dynamic. However, you must add a different set of users and change the membership type to Assigned. What properties can you edit in Azure Active Directory (Azure AD)? Select all that apply.
- Group type
- Group name
- Object ID
- Membership type
Question 3)
BuyForSure Inc. has five offices in California, London, New Delhi, Berlin, and Melbourne. John, the Helpdesk Manager, has been tasked with delegating Helpdesk Administrators. Which feature in Azure Active Directory (Azure AD) can John use to delegate administrators such that they only manage users in the region they support?
- Azure AD Privileged Identity Management (PIM)
- Administrative units
- Role-based access control (RBAC)
- Azure AD Connect
Question 4)
Azure AD External Identities is a feature that makes it possible for you to allow people outside your organization to access your apps and resources. External members can access your resources by signing in using their preferred identity. Based on your organization’s needs, Bella, an Azure AD B2B collaboration user, is homed in account state 3.
Which of the following descriptions best suits account state 3?
- Homed in the host organization’s Azure AD with UserType = Guest and credentials that the host organization manages
- Homed in the host organization’s on-premises AD and synced with the host organization’s Azure AD
- Homed in a Microsoft or other account and represented as a guest user in the host organization
- Homed in an external instance of Azure AD and represented as a guest user in the inviting organization
Question 5)
As an Application Owner at BuyForSure Inc., you can set up self-service app management for Azure AD Gallery or Security Assertion Markup Language (SAML)–based apps in your Azure AD tenant. This way, you can manage guest users even if they haven’t been added to the directory. However, self-service app management for Azure AD Gallery and SAML-based apps requires some initial setup by an Administrator. What are the steps involved? Select all that apply.
- Configure the application for self-service.
- Enable Self Service Group Management.
- Grant full administrative access to the application to all guest users.
- Create a group to assign to the app.
Visit this link: Module quiz: Managing users in Azure Active Directory Quiz Answers
WEEK 2 QUIZ ANSWERS
Knowledge check: Authentication methods in Azure Active Directory
Question 1)
Suppose an organization wants to enable self-service password reset (SSPR) in Azure Active Directory. Which of the following users have the privilege to do so?
Vanessa: Global Administrator
Ramen: Authentication Policy Administrator
Joel: SSPR Administrator
- Vanessa and Joel only
- Vanessa and Ramen only
- Joel only
- Vanessa, Ramen, and Joel
Question 2)
Suppose Sandra works as a scientist in a defense company. The password is managed on-premises. Which of the following conditions should hold true for her to be able to use self-service password reset (SSPR)?
- MFA is enabled
- Password writeback is configured
- Passwords are managed using Enforce Cloud
- Two-gate policy is enforced
Question 3)
You work as an Azure security engineer in a government department. The user accounts are synchronized from an on-premises AD DS environment using Azure AD Connect. You have not enabled Enforce Cloud password policy.
Which password policy will apply to the users?
- Cloud password policy
- Azure AD and cloud password policy
- On-premises password policy
- Azure AD Password Policy
Question 4)
You work as an Azure security engineer in a retail organization. Below are some users in your organization:
James: Global Administrator
Tom: B2C User Flow Attribute Administrator
Jessica: Application Administrator
Sarah: Authentication Administrator
For which of the users will the two-gate policy be enforced?
- Jessica and Sarah only
- James only
- James and Tom only
- James, Jessica, and Sarah
Question 5)
You are working as a Security Engineer Associate for an airline that has employees across the globe. The airline uses Azure Active Directory. Which authentication method would provide the employees the most flexibility, usability, and security?
- Only password
- Password and SMS verification
- Password and OTP on software token
- Microsoft Authenticator app
Knowledge check: Multifactor and passwordless authentication
Question 1)
Suppose you work as a Security Engineer Associate for a financial consultancy. The employees have their own designated Windows PC. The biometric and PIN credentials are directly tied to the user’s PC. Considering the authentication method’s usability, availability, and security, which authentication method would you recommend to the organization?
- Password and SMS verification
- Windows Hello
- Password and voice call verification
- Passwordless only
Question 2)
Suppose a user in your company has entered a PIN incorrectly multiple times. Which multifactor authentication (MFA) settings should you configure to ensure the user cannot use MFA after too many denied authentication attempts in a row?
- Block/unblock users
- Report suspicious activity
- Account lockout
- Allowed attempts
Question 3)
Suppose you work as a Security Engineer Associate for a defense company that is very security sensitive. Its employees are not allowed to use their phones as a second factor for authentication. Which of the following authentication methods would be suitable for the company?
- Windows Authenticator app
- Microsoft Authenticator app
- FIDO2 security keys
- Temporary Access Pass
Question 4)
Suppose you work as a Security Engineer Associate in a company that operates in UK and Spain. You’ve customized the multifactor authentication (MFA) voice message in Spanish. You have not customized the MFA voice message in English. Jane, an employee in the Spain office, authenticates in English and receives the MFA voice call for authentication. Which of the following holds true regarding the MFA voice call?
- Jane will hear the standard Spanish message.
- Jane will have the option to choose between English and Spanish.
- Jane will hear the standard English message.
- Jane will hear the custom Spanish message.
Question 5)
Suppose Kevin wants to choose the verification methods available for him in the service settings tab. When Kevin enrolls for Azure AD multifactor authentication, he can choose the preferred verification method from the options he has enabled. Which among the following verification method holds true for Kevin? Select all that apply.
- Notification through mobile app
- Text message to phone
- Call to phone
- A software verification method
Knowledge check: Hybrid identity: Connect on-premises Active Directory with Azure Active Directory
Question 1)
Suppose you work as a Security Engineer Associate for a government agency for which privacy is of utmost importance. The agency has a hybrid environment. It wants all the user authentication to occur on-premises. Which authentication method would you recommend to the government agency?
- Pass-through authentication (PTA) only
- Federation and PTA
- Password hash synchronization (PHS)
- Federation only
Question 2)
A Japanese bank has about 800 employees. The employees must be able to access internal and external applications. The bank has an Active Directory environment on-premises. Now, it is moving to Microsoft 365 and Azure. Which of the following tools can it deploy to achieve hybrid identity?
- Federation
- Azure AD Connect
- Azure Active Directory Federation Services (Azure AD FS)
- Azure Active Directory Domain Services (Azure AD DS)
Question 3)
A retail chain works in a hybrid environment. It wants to use some premium Azure Active Directory (Azure AD) features, like Identity Protection and Azure AD Domain Services (Azure AD DS). Which of the following will be required, regardless of the authentication method the company chooses?
- PTA and PHS
- Password hash synchronization (PHS)
- Pass-through authentication (PTA)
- Federation
Question 4)
Suppose a company selects pass-through authentication (PTA) as the sign in method. The feature is enabled on the tenant. Which users will be affected by PTA?
- All users across some domains in the tenant
- Users with administrative roles in the tenant
- All users with administrative roles across all the managed domains in the tenant
- All users across all the managed domains in the tenant
Question 5)
Suppose a company is adopting Azure Active Directory (Azure AD) but does not want Azure AD to handle sign in entirely in the cloud. Instead, it wants to integrate with an existing federation provider. The company also wants sign in disaster recovery or leaked credential reports. Which of the following options should it select?
- Federation with PHS
- PHS
- Federation
- Pass-through authentication (PTA) and password hash synchronization (PHS)
Visit this link: Module quiz: Managing authentication in Azure Active Directory Quiz Answers
WEEK 3 QUIZ ANSWERS
Visit this link: Graded assessment: Secure Access with Azure Active Directory Quiz Answers