Secure Your Applications Coursera Quiz Answers
In this article i am gone to share Coursera Course: Secure Your Applications by Microsoft All Week 4 Quiz Answers with you..
Enrol Link: Secure Your Applications
Secure Your Applications Coursera Quiz Answers
WEEK 1 QUIZ ANSWERS
Knowledge check: Configure Key Vault access and certificates
Question 1)
Which among the following hold true for Azure Key Vault? Select all that apply.
- Azure Key Vault access policies to provide data plane access permissions.
- Azure Key Vault cannot retrieve the deleted data.
- Azure Key Vault helps to streamline the key management process.
- Azure Key Vault helps to safeguard cryptographic keys.
Question 2)
A financial institution leverages Azure Key Vault for secure storage and management of cryptographic assets. They have generated asymmetric keys for their SQL Server databases’ transparent data encryption (TDE). The institution has a database that stores customer information and market data, including exchange rates. The institution also generates an API key for secure authentication and access to a third-party financial data provider’s API. The API key lets the institution’s applications retrieve market data and exchange rates from the third-party service.
Which of the following items represents a key or a secret in this scenario?
- Key—SQL connection string; Secret—Exchange rates
- Key—API key; Secret—Customer account number
- Key—Asymmetric key for SQL Server TDE; Secret—API key
- Key—Asymmetric key for SQL Server TDE; Secret—Customer email address
Question 3)
Imagine you are a software developer in a large enterprise. As a part of your job responsibilities, you asked to deploy a server application that will run on a Server Core installation of Windows Server 2019. With the help of this application, you create an Azure Key Vault and a secret.
Which actions will you perform to use the key vault to secure API secrets for third-party integrations? Select all that apply.
- Deploy a virtual machine that uses a system-assigned managed identity
- Modify the application to access the Key Vault
- Configure a Key Vault access policy
- Create Azure group for Key Vault
Question 4)
A healthcare organization is developing a web application that requires Secure Sockets Layer (SSL) encryption for secure communication. The application handles sensitive patient data and leverages Azure Storage to store encrypted data. To ensure data integrity and confidentiality, the application utilizes a 2048-bit RSA key stored in Azure Key Vault for cryptographic signing and encryption operations. The application is deployed on Azure virtual machines.
Here are the roles performed by three employees in the organization.
Amy: Application developer responsible for developing and deploying the application in Azure
Ben: Security team member responsible for the proper safekeeping of secrets
Sam: Auditor responsible for reviewing the use and maintenance of certificates, keys, and secrets to ensure compliance with security standards.
Which statement is true in this scenario?
- The application needs permission for the Management Plane.
- Amy needs permission to directly access data such as SSL certificates and RSA keys.
- Ben needs permission to add keys and secrets and create backups of keys.
- Sam needs permission for the Management Plane.
Question 5)
You are a certificate owner managing certificates in Azure Key Vault. You must ensure that the private key is kept safe and the certificate is renewed periodically.
Which of the following methods can be used to add certificates to a Key Vault? Select all that apply.
- Connect Key Vault with a trusted certificate issuer and create the certificate directly in Azure Key Vault
- Create self-signed certificates directly in the Azure portal
- Request a certificate from a third-party provider and manually upload it to Azure Key Vault
- Generate a certificate using OpenSSL or a similar tool and import it into Azure Key Vault
Knowledge check: Manage Key Vault keys and secrets
Question 1)
Ryan is a security engineer working for a company that uses Azure Key Vault to manage cryptographic keys. He is responsible for creating and managing keys in Key Vault. While reviewing the documentation, he comes across information about creating keys. Help Ryan select a statement accurately describing creating keys in Azure Key Vault.
- Soft keys can be imported or generated by Key Vault, while hard keys can be imported in soft form or exported from a compatible HSM device.
- Soft keys can only be imported from a compatible hardware security module, which is frequently known as an HSM device, while Key Vault can generate hard keys.
- Soft keys are encrypted at rest using a system key in an HSM, while hard keys are processed in software by Key Vault.
- Soft keys can be imported or generated by Key Vault, while hard keys can only be imported using a JSON Web Key, which is frequently known as a JWK construct.
Question 2)
Imagine you are a software developer. Which of the following hold true for creating a Key Vault? Select all that apply.
- Azure Key Vault can store blob data.
- Azure Key Vault eliminates the need of storing secrets in code by the developers.
- Azure Key Vault provides other access and usage attempts for secrets.
- Azure Key Vault allows storing secrets and keys securely.
Question 3)
Jacob is a cloud architect working with Azure services. He is currently configuring the storage account for a new project. He wants to ensure that the data stored in the account is encrypted and secure using Azure Key Vault and Storage Service Encryption. He recalls some information about these services and wants to validate his understanding. Which statement about Azure Key Vault and Storage Service Encryption is true?
- Revoking access to the Azure Key Vault key does not affect the accessibility of the Account Encryption Key.
- Enabling Storage Service Encryption involves an additional cost.
- When performing a key rotation in Azure Key Vault, all data stored in the storage account is re-encrypted.
- Customer can manage Azure Key Vault with multiple methods
Question 4)
How do Key Vaults manage Azure storage account keys? Select all that apply.
- They store and manage secrets as triplet sequences, which are 16-bit bytes.
- They regenerate or rotate keys periodically to ensure security.
- They allow direct access to the actual key values for easy retrieval.
- They provide semantics for secrets.
- They list or synchronize keys with an Azure storage account.
Question 5)
Your organization has implemented Azure Key Vault to store and manage cryptographic keys, secrets, and certificates, enabling the soft-delete feature. A new employee accidentally deletes a secret from the Key Vault. What happens?
- The secret is automatically backed up for recovery.
- The secret is permanently and irrecoverably deleted.
- The secret generates the new version for easy recovery.
- The secret is moved to a soft-deleted state and can be recovered within a configurable retention period.
Visit this link: Module quiz: Azure Key Vault Quiz Answers
WEEK 2 QUIZ ANSWERS
Knowledge check: Overview of Microsoft Identity Platform
Question 1)
Developers should use cloud services from the cloud provider for identity, data protection, key management, and application configurations. Which service will help to establish encryption capabilities from cloud providers?
- Identity
- Data protection
- Application configuration
- Application Gateway with Web Application Firewall
Question 2)
Sarah is an IT manager in an organization. She needs to review a secure and reliable identity management solution to streamline user authentication and access to various company resources. To do so, she implemented the Microsoft identity platform. On research, she found that it has two endpoints, namely versions 1.0 and 2.0. Recommend Sarah find a suitable version.
- Version 1.1
- Version 2.0
- Version 1.0
- Version 1.2
Question 3)
You are developing a mobile application that requires user authentication using the Microsoft identity platform. As part of the development process, your mobile app allows users to securely access their personal documents in a cloud server securely. Users should be able to sign into the app using their Microsoft accounts. Which option should you choose to authenticate and authorize users for your mobile app?
- Use a Microsoft account for authentication and authorization
- Use Azure Active Directory (Azure AD) B2C for authentication and authorization.
- Use Azure Active Directory (Azure AD) B2B for authentication and authorization.
- Use Azure Active Directory (Azure AD) for authentication and authorization
Question 4)
Suppose you’re a Security Engineer at BuyForSure Inc. You’re considering building a single-page application (SPA) in Azure AD for efficient task management and team collaboration. What are the factors you should consider when making this decision? Select all that apply.
- The app needs to support multipage navigation and frequent page reloads.
- The app primarily targets older web browsers without modern JavaScript support.
- The app is expected to possess a rich user interface with interactive features.
- The app must expose an API for other internal or public clients.
- The team is familiar with JavaScript or TypeScript development.
Question 5)
Sean, an employee working in a modern web app development team, is discussing the authentication flows used in client-side single-page applications (SPAs). He is curious about the security risks associated with the OAuth 2.0 implicit flow and whether modern browsers still use this flow. Do modern web browsers use the OAuth 2.0 implicit flow for authentication in client-side SPAs?
- No
- Yes
Knowledge check: Web apps that sign in users and call APIs
Question 1)
Why is it important to ensure that the redirect URI of an app in Azure AD matches the callback URL of the web app?
- It prevents unauthorized access to the app’s resources by verifying the app’s identity.
- It allows the app to access users’ personal information and use it for targeted advertising.
- It ensures the app securely retrieves the authorization code for further authentication.
- It allows the app to automatically sign out users and delete cached tokens or data.
Question 2)
John, a Developer, is working on a web app that requires authentication using Azure AD. He needs to configure the authentication settings for the web app based on its runtime. What information is required to configure authentication for the web app? Select all that apply.
- User’s email address
- Application (client) ID
- Access token expiration duration
- Secret value
- Directory (tenant) ID
Knowledge check: Daemon and noninteractive apps
Question 1)
Your organization wants to automate a daily file cleanup process on its server to navigate through directories and delete expired files. You need an application that can perform this task without user input. Which of the following applications would you choose?
- Web apps that require user authentication.
- Desktop apps that interact with specific users.
- Mobile apps that utilize OAuth 2.0 for user sign-in.
- Daemon apps that perform batch jobs and manipulate directories.
Question 2)
Choose whether the following statement is True or False.
Apps that use the OAuth 2.0 client credentials grant flow, such as daemon apps, require a tenant admin consent to the application calling the web API.
- True
- False
Visit this link: Module quiz: Application security with the Microsoft identity platform Quiz Answers
WEEK 3 QUIZ ANSWERS
Knowledge check: App registration
Question 1)
Which of the following statements accurately describes OpenID Connect?
- OpenID Connect is an authorization standard.
- OpenID Connect is the best alternative for connecting to a database.
- OpenID Connect is an identity provider.
- OpenID Connect is an authentication standard.
Question 2)
You are developing a new mobile app that requires access to user data and the ability to perform actions on behalf of the user. You need to determine in which of the following scenarios you would use delegated permissions. Select all that apply.
- Scenario 3: Your app needs to access a user’s location data and track their movements while they are using the app and signed in.
- Scenario 1: Your app needs to read a user’s emails and send emails on their behalf while they are actively using the app and signed in.
- Scenario 2: Your app needs to read a user’s emails and send emails on their behalf without the user actively using the app or being signed in.
- Scenario 4: Your app needs to access a user’s location data and track their movements without the user actively using the app or being signed in.
Question 3)
Suppose you are working with Azure Active Directory (Azure AD) for managing applications. You come across two representations of applications: application objects and service principles. Based on this scenario, which of the following statements about the representations of applications in Azure AD is correct?
- Service principals can reference multiple application objects.
- Service principles define the applications in Azure AD.
- Application objects and service principles are identical in Azure AD.
- Application objects are instances of an application.
Question 4)
You are developing a web application that needs to integrate with the Microsoft identity platform for secure authentication and authorization. Which of the following actions is necessary to ensure the most secure operation? Select all that apply.
- Store the application secret in plaintext within the application code.
- Implement custom authentication protocols for token retrieval.
- Use open-source client libraries provided by Microsoft.
- Register the application in the Azure portal.
Question 5)
State whether the following statement is True or False.
To make it easier for developers to use OpenID Connect in their applications, Microsoft provides middleware, which is a set of APIs, methods, and properties that facilitate the communication between the application and the identity provider.
- True
- False
Knowledge check: Microsoft Graph
Question 1)
Which of the following statements best describes the accessibility of data to users across Microsoft cloud services?
- Microsoft Graph primarily focuses on security and does not provide access to data across Microsoft 365 services.
- Data accessibility within Microsoft cloud services is limited and requires complex integration efforts.
- Users need to learn multiple APIs, such as the Outlook mail API, OneDrive and SharePoint APIs, and Active Directory queries, to access different types of data.
- Users can easily access files, previous meetings, notes, emails, chats, and contact information within the organization using Microsoft Graph.
Question 2)
Imagine a productivity app that helps salespeople manage their customer interactions and schedule appointments. The app allows them to view their emails, organize tasks, and access files stored in their cloud storage. Which of the following Microsoft Graph services can this app utilize to provide the functionalities?
- Mail, Tasks, Files
- Tasks, Conversations, Events
- Events, Security, Devices
- Conversations, Groups, Devices
Question 3)
Which of the following statements are true regarding Microsoft Graph Explorer? Select all that apply.
- It is a free, open-source tool.
- You can access Microsoft Graph Explorer using any modern browser.
- It provides an interface to search for files in Microsoft SharePoint.
- You can make Microsoft Graph REST API requests without installation or setup.
Question 4)
Suppose, as a software developer, you have used Microsoft Graph to develop a custom application that allows employees to access and manage their work-related data. But you need permission to request Microsoft Graph. Which among the following permissions will be helpful for a software developer? Select all that apply.
- Hardware permissions
- Delegate permissions
- Application permissions
- Effective permissions
Question 5)
Imagine that a major global corporation employs you with thousands of people dispersed across numerous locations and departments. Creating a computerized Employee Onboarding System is part of the HR department’s effort to streamline the onboarding procedure. They use Microsoft Graph permissions to interact with their current systems and improve the onboarding process. How will you find the most suitable permissions for the web applications?
Solution: You will use an Application.ReadWrite.All. permission to configure Microsoft Graph permissions for an application.
- No
- Yes
Knowledge check: Managed identities
Question 1)
Jack is a software engineer, who faces challenges securing confidential data, credentials, certificates, and communication between services with technology enhancements. He also knows he can secure all the confidential data with managed identities, both system-assigned and user-assigned. Help Jack find the identity’s characteristics so he can share the user-assigned managed identity with multiple Azure resources.
- Sharing across Azure resource
- Lifecycle
- Creation
- Principle ID
Question 2)
State whether True or False:
System-assigned managed identities are automatically generated and assigned by the cloud provider.
- True
- False
Question 3)
You are developing an Azure Web App and want to authenticate it to access the Azure Key Vault without managing credentials. Which type of managed identity should you use?
- Azure AD-managed identity
- App Service-managed identity
- User-assigned identity
- System-assigned identity
Question 4)
You are deploying multiple virtual machines in a short period, each requiring its own managed identity. Which type of managed identity is recommended to avoid rate limit issues?
- App Service-managed identity
- Azure AD-managed identity
- User-assigned identity
- System-assigned identity
Question 5)
You need to grant access to certain Azure resources while deploying a resource. Which type of managed identity should you use if a system-assigned identity may not be created in time?
- Azure AD-managed identity
- System-assigned identity
- App Service-managed identity
- User-assigned identity
Knowledge check: Web app certificates
Question 1)
Sana is planning to attend a training on Web App Services. While going through the training agenda, she came across an agenda discussing different web app certificates. After going through the various certificate details, she was puzzled about the type of certificate she should procure to secure a custom domain. Help Sana find the correct web app certificate.
- Create a free App Service certificate.
- Purchase an App Service certificate.
- Upload a private certificate.
- Import a certificate from the Azure Key Vault.
Question 2)
John is developing a web app and needs a certificate to ensure secure communication between the app and users. He has decided to use the Transport Layer Security (TLS) protocol. Which of the following statements is true regarding web app certificates?
- Web app certificates provide authentication and verify the identity of the server.
- Web app certificates are not necessary for secure communication.
- Web app certificates are used for encrypting and decrypting user data.
- Web app certificates are used to store sensitive user information.
Question 3)
John is a security specialist. He wants to issue a certificate for his new application. Which of the following basic criteria should he keep in mind? Select all that apply.
- The web app certificate should support the pricing tier.
- The App Service plan must be in the basic, standard, premium, or isolated tier.
- It is mandatory to scale up your App Service plan.
- Each PKCS12 certificate in the vault is listed in the App Service thumbprints.
Question 4)
Sana purchased a web app certificate for her new web application. Now she wants to configure it with the web app. Which step is mandatory for her while configuring and deploying the web app certificate?
- Installing a trusted certificate authority
- Renewing the SSL certificate
- Generating a private key
- Adding the certificate to the web server configuration
Question 5)
State True or False.
In order to configure and deploy web app certificates, secure communication and mutual trust must be established between the web server and its users.
- False
- True
Visit this link: Module quiz: Application security with Azure AD and other Microsoft tools Quiz Answers
WEEK 4 QUIZ ANSWERS
Visit this link: Graded assessment: Secure Your Applications Quiz Answers