Advanced Cybersecurity Final (senior year)

Which of the following statements accurately depicts a difference between Windows Hello and Windows Hello for Business?

Windows Hello is for personal devices, while Windows Hello for Business is for managed devices. Windows Hello for Business can use a key-based or certificate-based authentication factor, where Windows Hello uses a pin or biometric authentication.

Which of the following Azure services is used to monitor Azure resources to ensure new and existing deployments are in compliance with the organization's standards and regulatory requirements?

Azure Policy

Which of the following Entra ID features protects users from password spray attacks, and bans them from using weak passwords in a global list of banned passwords when setting or resetting their password?

Password Protection

The VMs and other services in different virtual networks within the same subscription can communicate by default.

False

_________________ enables continuous asset discovery and monitoring using built-in and agentless scanners to continuously monitor and detect risk from devices, even when not connected to the corporate network. Risks are then prioritized based on threat intelligence and breach likelihood predictions.

Microsoft Defender Vulnerability Management

Microsoft's six core privacy principles are:

Control, Transparency, Security, Strong legal protections, No content-based targeting, Benefits to you

Which of the following services helps to implement identity as the primary security perimeter? (choose the best answer)

Entra ID Conditional Access policies

Which of the following is a feature of advanced auditing in Microsoft 365?

Both of these

Which of the following cloud solutions provides capabilities such as multifactor authentication (MFA), identity protection, and role-based access control?

Entra ID (Azure AD)

Which of the following features available in the Microsoft Purview compliance portal provides automation of data subject requests (DSR)?

Microsoft Priva

You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirement? (choose the best answer)

Resource locks

Which of the following is NOT a feature of Entra ID Self-Service Password Reset (SSPR)?

Password set (when account is disabled)

_____ are a collection of correlated _____ created when a suspicious _____ is found.

Incidents, alerts, event

Which of the following contains a snapshot of items (emails, files) that have a sensitivity or retention label applied or have been classified as a sensitive information type?

Content Explorer

To enable users to securely access company resources from anywhere, the security team wants to support OATH tokens (one-time password) as a second authentication factor for Entra ID. What Microsoft solution enables use of OATH tokens for Entra ID and other identity providers?

Microsoft Authenticator

Which of the following services can identify over-privileged workload and user identities, actions, and resources across multi-cloud infrastructures and assess permissions risk based on permissions assigned vs permissions used?

Entra Permissions Management

The process of proving you are who you say you are is:

Authentication

Which of the following Azure services monitors users, entity behavior, and activities with learning-based analytics to help protect user identities and credentials stored in on-premises Active Directory?

Microsoft Defender for Identity

Defender for Servers, Defender for Key Vault, and Defender for Storage are part of the foundational cloud security posture management (CSPM).

No

_______ use machine learning to intelligently classify your data.

Trainable classifiers

Access reviews in Entra ID can be configured to be self-completed by the eligible members of the privileged roles.

True

Which secure score focuses on security across identities, apps, and data?

Microsoft Secure Score

The core audit capabilities of Microsoft Purview enable search across Microsoft 365 services through:

a unified audit log

Which of the following services ingests network traffic logs to dynamically discover and analyze the cloud apps in use within your organization?

Microsoft Defender for Cloud Apps

__________ is/are used to implement encryption in transit, such as with HTTPS protocol for secure browsing, or certificate-based authentication on secure wi-fi networks.

Both symmetric or asymmetric

A network security group (NSG) is comprised of inbound and outbound security rules. Rules are processed in priority order, with lower numbered rules processed __________ higher numbers.

before

Contoso IT recently implemented Microsoft Defender for Endpoint to better protect its Windows 10 endpoints. Which of the following is a feature of Endpoint behavioral sensors technology?

It monitors for and detects advanced threats on your Windows 10 and other endpoints and automates investigation and threat response.

Which of the following is an advantage of single sign-on?

The user signs in once and can then access many applications or resources.

Which of the following tools helps to deliver intelligent, automated, and integrated security across an organization's domains, such as identities, endpoints, applications, and email?

XDR

Which of the following is not an Entra ID identity type?

Member

Microsoft _____ is a cloud-based service that helps streamline security analyst triage, incident response, threat hunting, and vulnerability management workflows.

Defender Threat Intelligence

Which of the following is not a service provided by on-premises Active Directory Domain Services (AD DS)?

Native support for mobile devices, SaaS, and line of business (LOB) apps that require modern authentication methods.

Retention labels are used to assign retention settings at an item level, such as folder, document, or email.

True

The two types of external identities are:

Entra ID B2B and B2C

Which of the following is not a benefit of Entra ID Conditional Access policies?

Manages device state by implementing device compliance policies to measure device compliance.

What is the core function of the eDiscovery feature in Microsoft Purview?

To enable identifying and delivering electronic information that can be used as evidence in legal cases.

What is the core value proposition of Azure Bastion?

RDP/SSH connectivity provided in a web browser, with no RDP/SSH client needed, and no public IP address required for the Azure VM.

A security __________ is the implementation of a security benchmark for the specific Azure service.

baseline

Which of the following identity attacks attempts to match a username against a list of weak passwords?

Password spray attack

Resources on the Service Trust Portal do not include which of the following?

Licensing guidance for Microsoft security solutions

Which of the following is not an advantage of Azure Sentinel in providing integrated threat protection to your environment?

Discovers apps in use on your endpoints to stop shadow IT

You can configure access to the secrets in Azure Key Vault using Azure RBAC (role based access control).

Yes

Which of the following statements describes the difference between Compliance Manager and compliance score?

Compliance Manager is an end-to-end solution in Microsoft Purview compliance portal to enable admins to manage and track compliance activities. Compliance score is a calculation of the overall compliance posture across the organization.

Azure Firewall is a fully stateful firewall that offers high availability. High availability must be enabled, and the number of scale instances selected at deployment time.

False

Which of the following is not a feature available only in advanced eDiscovery (Premium) workflow?

Creating a legal hold

Which secure score provides visualization of the current security posture of your cloud infrastructure, such as VMs, web app instances, and Azure SQL databases?

Azure Secure Score

Which of these Azure services enables you to run realistic simulated phishing and password attack campaigns in your organization, and train users to raise their awareness of these attacks?

Microsoft Defender for Office 365

Which of the following is not a benefit of Entra ID roles?

Protects users from sign-in risk

Which of the following cyber-attacks aims to exhaust an application's resources, making the application unavailable to legitimate users?

Distributed Denial of Service (DDoS)

Entra Connect and Entra Cloud Sync are used to configure which of the following identity models?

All the above

According to the shared responsibility model, which of the following computing models places the most responsibility on the cloud service provider (CSP)?

saas

Retention policies are used to assign the same retention settings to content at a __________ level or __________ level.

site, mailbox

What is the name of the unified data governance service that enables end-to-end data lineage?

Microsoft Purview

Data loss prevention is a way to ensure sensitive information:

is not inappropriately shared.

____________ measures the progress in completing recommended improvement actions within Compliance Manager.

Compliance Score

_______ is a collection of documentation, implementation guidance, best practices, and tools that are proven guidance from Microsoft designed to accelerate your cloud adoption journey.

Microsoft Cloud Adoption Framework

Which of the following encryption types uses a public and private key pair for encrypting and decrypting data?

Asymmetric encryption

Which of the following is NOT a function of Microsoft Defender for Cloud?

Stores and tracks diagnostic data, including firewall and audit log alerts

Which of the following enables inclusion of risk as a signal in Conditional Access policy decisions in Microsoft Entra?

Idenity Protection

Which principle of Zero Trust is demonstrated by these services or features: Just-In-Time and Just-Enough Access (JIT/JEA); RBAC and conditional access; Sensitivity labels and policies?

Least privilege access

The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates, role-based access, and policies. Which Azure service enables delivery of templates for repeatable deployment and configuration of new subscriptions and environments? (choose the best answer)

Azure Blueprints

Which of the following types of attack uses a formal email to convince users to sign in and change their password?

Phishing attack

With Privileged Identity Management, users can not only activate their own eligible roles, but if desired, can also self-review their eligible roles during scheduled access reviews.

True

To implement a defense in-depth security methodology, which of the given measures will an organization implement?

Multi-factor authentication for all users.

The act of granting an authenticated party permission to do something is:

Authorization

What is the relationship type that allows federated services to access resources?

Trust relationship

Adherence to mandatory regulations, whether multi-national, national, state or federal laws or industry standards that an organization must follow is known as:

Compliance

Which of the following tools is used to collect and analyze large amounts of data from across your entire estate, including identity, endpoints, infrastructure, apps, and data to identify and alert on potential security threats?

SIEM

Which of the following services performs the following functions leveraging event data from your on-premises Active Directory: monitors and analyzes user activities and information across your network; creates a behavioral baseline for each user; identifies anomalous behavior, suspicious activities, and events?

Microsoft Defender for Identity

What is the name of the unified portal that provides easy access to the data and tools you need to manage your organization's compliance needs and track progress?

Microsoft Purview compliance portal

Your security admin needs to protect Azure resources from DDoS attacks. Which of the given Azure DDoS Protection tiers will help your admin to enhance protection from attacks targeting Azure virtual network resources?

Standard

You need to provide the following functionality for infrastructure across your on-premises and Azure infrastructure: Monitor the security posture of compute resources in Azure and on-premises; Scan images within Azure Container Registry to identify vulnerabilities; Monitor and detect unusual access attempts to Azure Storage accounts. Which solution should you recommend?

Microsoft Defender for Cloud

Which of the following is discouraged as a secondary authentication factor due to known vulnerabilities?

SMS (text) message

What are the categories shown on the secure score in Microsoft Defender portal? (repeat question)

Identities, data, devices, and apps

Which portal brings Defender for Endpoint, Defender for Office 365, and Microsoft Defender for Cloud Apps data together in a consolidated unified view and user experience?

Microsoft Defender portal

Entra ID can be configured to allow users to authenticate with their social identities, such as Facebook or Google. In this scenario, Facebook and Google are serving as: (choose the best answer)

Identity providers

The content search tool enables in-place content search across all of the following EXCEPT:

User activities in Entra ID audit logs

You need to implement multi-factor authentication for your Entra ID users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)

Entra ID Conditional Access

Which of the following Microsoft Purview compliance solutions is focused on detecting and acting on unethical, illegal, and malicious behaviors?

Insider risk management

Which of the following is not a question answered by Entra ID Identity Governance?

Can users self-report these controls are appropriately limiting their access?

Which of the following Azure services offers protection from common attacks cataloged by OWASP including SQL-injection attacks, Cross-site scripting attacks, Cross-origin resource sharing (CORS) attacks, and Man-in-the-middle (MITM) attacks?

Azure Web Application Firewall (WAF)

The Basic tier of Azure DDoS is free but must be enabled on each subscription.

False

Which Microsoft Purview feature enables administrators to define policies to explicitly prevent communication between groups or users within the organization to avoid regulatory breaches and conflict of interest issues?

Information barriers

The probability that a given authentication request is not a request by the identity owner is referred to as 'user risk'.

False

Which of the following is an end-to-end solution in Microsoft Purview compliance portal that enables admins to manage and track compliance activities?

Compliance Manager

The cloud security posture management (CSPM) functionality in Microsoft Defender for Cloud includes:

Free tier functionality such as secure score, detection of misconfigurations, and asset inventory.