Coursera Answers

Secure Your Data at Rest Coursera Quiz Answers

In this article i am gone to share Coursera Course: Secure Your Data at Rest All Weeks Quiz Answers with you..

Enrol Link: Secure Your Data at Rest

Secure Your Data at Rest Coursera Quiz Answers


 

WEEK 1 QUIZ ANSWERS

Knowledge check: Shared access signature tokens

Question 1)
A legal firm needs to collaborate with external parties on confidential legal documents stored in Azure Blob Storage. They require a secure and controlled method to share specific containers of these documents. They seek a solution that can help them grant external parties limited-time access to these containers. They want to allow these external parties to download the legal documents without modifying or deleting any other files within the container.
Identify the Azure feature most applicable in solving the need of the legal firm.

  • Virtual network
  • Role-based access control (RBAC)
  • Shared access signature (SAS)
  • Storage service encryption

Question 2)
Your organization operates in a region where natural disasters are common, and you want to ensure data availability during such events. Which benefit of Azure paired regions helps reduce the likelihood of both regions being affected simultaneously?

  • Region recovery order
  • Sequential updates
  • Physical isolation
  • Data residency

Question 3)
You want to grant write access to specific files stored in Azure Blob Storage for a limited period of time. Which authorization option should you use?

  • Azure Active Directory
  • Public access
  • Shared keys
  • Shared access signatures

Question 4)
You want to generate a SAS token for an Azure Storage account that allows read and write access to all blobs in a specific container. However, you want to limit the validity of the SAS token to 7 days. Which query parameter should you choose to generate the SAS token to limit the validity?

  • Include the se query parameter with the desired expiry time.
  • Include the sv query parameter with the desired expiry time.
  • Include the sp query parameter with the desired permissions.
  • Include the sr query parameter with the desired permissions.

Question 5)
You work for a software company, and your team is responsible for managing an application that stores data in Azure Blob Storage. For a new feature, you need to grant a client application temporary access to a specific blob.
Which Azure feature should you use?

  • Azure storage account keys
  • Azure Role-Based Access Control (RBAC)
  • Azure Shared Access Signature (SAS) tokens
  • Azure AD tokens

 

Knowledge check: Shared keys

Question 1)
What are the ways to secure and protect shared keys? Select all that apply.

  • Hard code shared keys
  • Use Azure Key Vault
  • Disable shared key access when not required
  • Rotate the keys

Question 2)
Consider you are a cloud security specialist working for an e-commerce company that uses Azure to store its data. The company’s data includes sensitive information such as customer names, addresses, and payment details, making data security a top priority. To maintain the highest level of security for the company’s Azure storage accounts, you have been tasked with implementing Azure Key Vault to manage the storage account access keys effectively.
Why is it recommended to use Azure Key Vault to help in managing access keys?

  • It allows access keys to be used for authentication purposes.
  • It simplifies the process of rotating and regenerating keys.
  • It grants full access to the configuration of the storage account.
  • It provides unlimited storage for access keys.

Question 3)
How many storage account access keys does Azure generate when you create a storage account?

  • Four 2048-bit access keys
  • Two 512-bit access keys
  • Three 512-bit access keys
  • One 256-bit access key

Question 4)
What is a key rollover?

  • Generating additional keys without replacing existing ones
  • Using an old key to access a Storage account after rotating the keys in the Azure portal
  • Replacing existing cryptographic keys with new keys in a secure manner
  • Synchronizing keys across multiple systems or devices

Question 5)
You suspect a compromise of a Storage account key. You decide to perform a key rollover.
Which option allows you to perform a key rollover without interrupting the availability of the stored data?

  • Generate a new Storage account and migrate the data to the new account.
  • Update the encryption keys in the Storage account configuration and restart the Storage account.
  • Create a new key using the Rotate key option in the Azure portal and update the Storage account to use the new key.
  • Disable encryption for the Storage account, update the encryption keys in Azure Key Vault, and enable encryption again.

 

Knowledge check: Storage access policies

Question 1)
You are designing an application that will store user-generated content in Azure Blob Storage. You want to ensure proper access control for each container. How many stored access policies can you create for a single Blob container?

  • One
  • Unlimited
  • Five
  • Three

Question 2)
State whether True or False.
You can specify table entity range restrictions, such as the start partition key, also called startPk, in a stored access policy.

  • True
  • False

Question 3)
You want to revoke a stored access policy for a specific customer due to a security incident. The customer’s account has been compromised, and there is a potential risk of unauthorized access to their data. Which actions can effectively revoke the stored access policy? Select all that apply.

  • Make the Start time parameter null.
  • Rename the stored access policy by changing the signed identifier.
  • Delete the stored access policy.
  • Extend the expiry time of the stored access policy to a future date.

Question 4)
As a cloud administrator working for a multinational company, you decide to implement stored access policies to provide an extra level of control over service-level Shared Access Signatures (SAS) on the server side.
How does the stored access policy provide control over service-level SAS?

  • It limits the number of clients that can access the SAS.
  • It allows multiple SAS to be combined into a single policy.
  • It groups SAS and imposes additional restrictions on signatures.
  • It prevents SAS from expiring after their validity.

Question 5)
What is the purpose of the “Identifier” when creating a stored access policy?

  • It defines the storage account name.
  • It provides a name to reference the stored access policy.
  • It is used as a username for the SAS.
  • It specifies the type of encryption used for the blob.

 

Visit this link:   Module quiz: Storage security Quiz Answers

 


 

WEEK 2 QUIZ ANSWERS

Knowledge check: Azure AD Authentication for storage

Question 1)
TechSoft Inc., a multinational software development company, has implemented Azure AD storage authentication to enhance security and streamline its development processes. They plan to assign access permissions to their development teams based on their roles and responsibilities.
Which Azure feature can TechSoft Inc. utilize to assign fine-grained access control for their development teams?

  • Azure Virtual Machines
  • Azure AD Privileged Identity Management (PIM)
  • Azure Monitor
  • Azure Role-Based Access Control (RBAC)

Question 2)
You are designing a system where applications running within Azure entities need to access a queue resource. The company insists on a secure two-step process to authenticate and authorize access to these resources.
What process would meet this requirement?

  • Authenticating the user or application identity to generate an OAuth 2.0 token and then including the token in the request to authorize access.
  • Authorizing user or application access without any authentication.
  • Utilizing managed identities for accessing queues without any authentication process.
  • Generating an OAuth 2.0 token without verifying it.

Question 3)
A storage account administrator, who has just created an Azure Storage account, is trying to access data in Blob Storage via Azure Active Directory (Azure AD). However, the access attempt is not successful.
Which of the following could be a possible reason for the unsuccessful access attempt?

  • The administrator did not correctly configure the OAuth 2.0 token.
  • The administrator did not enable fine-grained access to blob resources.
  • The storage account is not located in a public region.
  • The administrator did not assign himself an Azure role to access Blob Storage.

Question 4)
The IT team of a large company wants to authorize access to blobs in an Azure storage account for various team members, but they want to ensure that these permissions are granted at the appropriate scope.
Where can the team scope access to Azure blob resources, beginning with the narrowest scope?

  • An individual container, the storage account, the resource group, the subscription, a management group
  • The resource group
  • The subscription
  • An individual container

Question 5)
A developer is assigned the Azure built-in role of “Storage Account Contributor.” However, he cannot access blob data within the storage account via Azure AD.
What is the reason behind this?

  • The “Storage Account Contributor” role does not provide access to blob data within the account via Azure AD.
  • The developer’s account has not been authenticated by Azure AD.
  • The Storage Account Contributor role is not a built-in Azure role.
  • Azure AD authorization has been turned off for the storage account.

 

Knowledge check: Azure Storage and Azure Files security

Question 1)
You’re a cybersecurity consultant for a major hospital network looking to migrate its patient records to Azure. They’re concerned about ensuring all data is encrypted at rest for security and regulatory compliance.
Which Azure feature automatically provides this functionality?

  • Azure Storage Service Encryption
  • Azure Disk Encryption
  • Azure Active Directory
  • Client-Side Encryption

Question 2)
You are migrating a legacy application to the Azure cloud. This application traditionally relies on a network file share, and you need to preserve this functionality.
Which Azure storage service would be the most appropriate for this task?

  • Azure Queue Storage
  • Azure Blob Storage
  • Azure Files
  • Azure Data Lake Storage Gen2

Question 3)
You are a system administrator responsible for migrating on-premises file servers to Azure Files. You want to maintain granular control over access permissions.
Which type of authentication should you choose for Azure Files?

  • SMB 3.0
  • Azure AD
  • Storage Account Key
  • Azure File Sync

Question 4)
You are a cloud architect working on Azure Storage Services. Your company transmits sensitive data.
Which property would you enable in Azure to ensure data transferred to and retrieved from the storage account is made over a secure connection?

  • Secure network property
  • Secure data traffic property
  • Secure transfer required property
  • Data encryption property

Question 5)
As an IT administrator, you are configuring Azure Storage for a globally expanding media streaming company. You focus on handling and distributing large volumes of unstructured data with minimal latency and are considering using Azure Blob Storage.
What key benefits does Azure Blob Storage offer for your company?

  • Azure Blob Storage only supports structured data.
  • Azure Blob Storage does not support encryption.
  • Azure Blob Storage provides scalability, cost efficiency, global reach, robust security, and data redundancy.
  • Azure Blob Storage cannot replicate data across regions.

 

Visit this link:   Module quiz: Azure Storage and Azure Files Quiz Answers

 


 

WEEK 3 QUIZ ANSWERS

Knowledge check: Authentication and firewalls

Question 1)
To secure your Azure SQL Database, you want to ensure that only specific users have access based on their roles within the organization.
What feature should you use to manage this access?

  • Virtual Network (VNet) Service Endpoints
  • Firewalls
  • Role-Based Access Control (RBAC)
  • Always Encrypted feature

Question 2)
You are a Database Administrator at Tech Corp. The company is concerned about data breaches and is looking into strategies for strengthening the security of its Azure SQL Database.
What is the best practice approach to defining permissions for database users?

  • Grant permissions based on seniority within the organization, with senior staff given the most permissions.
  • Give each user full permissions, then remove unnecessary permissions as you observe their behavior.
  • Adopt a “least privilege” approach where users are given only the permissions necessary to perform their roles.
  • Give all users the same permissions to ensure fairness.

Question 3)
A company has just migrated its user database to Azure SQL. The database administrator (DBA) wants to set up authentication and is considering SQL Authentication.
Which of the following correctly describes SQL Authentication?

  • SQL Authentication is a method to connect to Azure SQL Database using identities in Azure AD.
  • SQL Authentication verifies user credentials from the Azure Active Directory.
  • SQL Authentication requires users to provide their Windows login credentials.
  • SQL Authentication involves users entering their account name and password, which is kept safe in the master database.

Question 4)
You are setting up an Azure SQL Managed Instance and need to assign an Azure AD admin role.
Which role in Azure AD is required to set up an Azure AD admin for an Azure SQL Managed Instance?

  • Directory Readers
  • Global Administrator
  • Privileged Role Administrator
  • Security Administrator

Question 5)
EasyShop is a growing online business that uses Azure SQL Database. They want to improve their data security and protect their sensitive information.
Which firewall rules should EasyShop implement to grant specific access to a certain Azure SQL Database?

  • Set up virtual network rules.
  • Create a database-level rule for the specific database.
  • Set up server-level IP firewall rules.
  • Enable Azure connections for all databases.

 

Knowledge check: Auditing and monitoring

Question 1)
Suppose you are a database administrator at a retail organization, and your responsibility is to ensure the Azure SQL Database remains protected from all kinds of threats and malicious activities. As a part of your service, you decide to configure server-level auditing in your system.
Which among the following steps should be the primary step that should be followed to set up auditing?

  • Generate audit records
  • Generate audit records in the database
  • Create a new storage account
  • Enable Azure SQL auditing on the server

Question 2)
As a database administrator for a large online retailer, you notice a sudden decline in Azure SQL Database performance, leading to slow page load times on your website. You suspect malicious activity and want to track and analyze database events.
What is the first step you should take to track and analyze database events for potential malicious activity in the Azure SQL Database?

  • Enable Azure SQL Analytics for performance monitoring.
  • Enable Advanced Threat Protection (ATP) for the Azure SQL Database.
  • Review the data discovery and classification in the Azure SQL Database.
  • Configure vulnerability assessment in the Azure SQL Database.

Question 3)
Suppose you are a database administrator at a retail organization. One day, you receive an email notification stating that vulnerabilities have been detected in the database.
How will you address security vulnerabilities detected by vulnerability assessment?

  • Ignore the vulnerabilities and continue with regular operations
  • Disable vulnerability assessment to avoid further notifications
  • Follow the recommended remediation steps to resolve the issues
  • Rewrite the entire database code

Question 4)
You work as a Cloud Security Consultant for a healthcare company. The company plans to implement Azure Data Discovery and Classification to identify and protect sensitive patient data within its Azure SQL databases.
What features can Azure Data Discovery and Classification provide to enhance the company’s data management and security practices?

  • It only provides compliance reporting capabilities.
  • It automatically detects and classifies sensitive data for compliance reporting and security measure implementation.
  • It provides data encryption services.
  • It offers Virtual Private Network (VPN) services for securing data in transit.

Question 5)
Imagine you are a cybersecurity engineer at a financial institution that uses the Azure SQL Database to store and manage customer information. The data includes personal and financial information; therefore, protecting the data from security threats is paramount to your organization. To ensure protection, you enable Azure SQL Database auditing.
What does Azure SQL Database auditing allow you to do?

  • Capture and analyze database operations for inspection
  • Enable advanced SQL security capabilities
  • Provide actionable steps to resolve security issues and enhance your database fortifications
  • Store and process critical data

 

Visit this link:   Module quiz: Database security and monitoring Quiz Answers

 


 

WEEK 4 QUIZ ANSWERS

Knowledge check: Defender for Cloud

Question 1)
Suppose you are a security engineer working in a retail organization that has information stored in Microsoft Azure. Your responsibility is to secure the customer’s details from threats. To protect their database from potential vulnerabilities, your team decides to implement a Microsoft Defender plan.
Which plan should they choose?

  • Defender for Containers
  • Defender for App Service
  • Defender for Resource Manager
  • Defender for SQL

Question 2)
Imagine you are a security engineer in a software development organization. The development team frequently uses various code management environments and pipelines to streamline their development process.
Which service in Microsoft Defender for Cloud will protect your code management environments and your code pipelines and get insights into your development environment security posture from a single location?

  • Defender for DevOps
  • Secure score
  • Cloud security posture management
  • Defender for Servers

Question 3)
Imagine you are a security engineer at a rapidly growing technology startup. To enhance the security posture of its hybrid cloud environment, the organization has employed Microsoft Defender for Cloud due to its foundational cloud security posture management (CSPM) capabilities and advanced CSPM capabilities.
Which capability of Defender CSPM will help your organization to provide control over permissions for any identity or resource in Azure, Amazon Web Services (AWS), or Google Cloud Platform (GCP)?

  • Data-aware security posture
  • Advanced cloud security posture management
  • Microsoft Entra Permissions Management
  • Centralized policy management

Question 4)
You are a cybersecurity analyst for a healthcare organization that has recently experienced cyberattacks. Your organization is concerned about security and wants to implement some measures to protect your databases and servers and improve your secure score. You visit the “Security posture” page in Microsoft Defender for Cloud as part of your analysis. What does that represent?

  • Overview of all your environments
  • Recommendations and security misconfigurations associated with your databases
  • Solutions for fixing hardware issues in your servers
  • Best practices for cloud application development

Question 5)
Imagine you are a database administrator in a financial institution. Your organization must protect the organization’s and customer’s data and use Microsoft Azure SQL Database to store the data. Therefore, you plan to enable Microsoft Defender for SQL.
Where can you enable Microsoft Defender for SQL at the subscription level?

  • Azure portal > Defender for Cloud > Environment settings
  • Azure portal > Subscriptions > Manage Defender plans
  • Azure portal > Security center > SQL Database Defender
  • Azure portal > SQL Database > Manage Defender settings

 

Knowledge check: Data masking and encryption

Question 1)
Suppose you are a database administrator who works for an e-commerce organization that handles sensitive customer information, including payment details, and the organization uses Azure SQL Database to store customer data.
Which Azure SQL Database feature will help you secure your data in transit?

  • Microsoft Defender for Cloud
  • Transparent data encryption
  • Transport Layer Security network encryption
  • Dynamic data masking

Question 2)
Consider that you are a multinational organization’s database administrator, and you have enabled Transparent data encryption (TDE) to secure your data from unauthorized access. TDE is a critical component of the company’s data protection strategy as it encrypts the storage of the entire database, safeguarding sensitive information from potential threats.
What symmetric key encrypts an entire database’s storage in transparent data encryption (TDE)?

  • Database encryption key (DEK)
  • TDE protector
  • T-SQL
  • Advanced encryption standard (AES)

Question 3)
Your company runs an on-site application that works with sensitive data stored in a database hosted in Azure SQL Database. The company wants to ensure that Microsoft cloud administrators can’t access sensitive data.
How would you use Always Encrypted to accomplish this?

  • Store the encryption keys in the database
  • Keep the encryption keys in a trustworthy on-site key store
  • Store the encryption keys in Azure Key Vault
  • Use deterministic encryption

Question 4)
As a database administrator for a financial company, you are required to protect sensitive data such as credit card numbers. The decision has been made to use Azure SQL Database and Always Encrypted.
Which of the following statements best describes the Always Encrypted feature in Azure SQL Database?

  • It enables clients to encrypt sensitive data within their applications, prevents the exposure of encryption keys to the database engine, and separates those who manage the data from those who own it.
  • It encrypts the entire database, including system files and log files.
  • It enables automatic encryption of all data within the database, regardless of sensitivity.
  • It allows for the encryption of data-in-transit only.

Question 5)
You are tasked with deploying Always Encrypted in Azure SQL Database for a health insurance provider. A requirement is to have certain data fields produce the same encrypted value each time they are encrypted.
What type of encryption should you use for these fields?

  • Static
  • Dynamic
  • Randomized
  • Deterministic

 

Visit this link:   Module quiz: Defender for Cloud and data masking and encryption Quiz Answers

 


 

WEEK 5 QUIZ ANSWERS

 

Visit this link:   Graded assessment: Secure Your Data at Rest Quiz Answers