Module quiz: Penetration testing :Cybersecurity Tools and Technologies (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Activities that are part of ethical hacking (Select all that apply)
✅ Red versus blue exercises
✅ Network penetration testing
✅ Social engineering testing
❌ Web application development
Explanation:
Ethical hacking involves simulating attacks to find security weaknesses—not developing apps.
2. Responsibilities of the blue team (Select all that apply)
✅ Intrusion detection
✅ Collaborating with other teams
❌ Conducting ethical hacking exercises (red team does this)
✅ Network monitoring
✅ Vulnerability scanning
Explanation:
Blue teams focus on defense, detection, monitoring, and reducing vulnerabilities.
3. The red team’s objective is to defend digital assets.
❌ True
✅ False
Explanation:
The red team’s objective is to attack, not defend—that’s the blue team’s job.
4. Reconnaissance is where testers gain unauthorized access.
❌ True
✅ False
Explanation:
Reconnaissance gathers information; exploitation is where access is attempted.
5. Final stage of penetration testing
❌ Enumeration
❌ Exploitation
❌ Reconnaissance
✅ Reporting and remediation
Explanation:
The final step is documenting findings and providing recommendations.
6. The MITRE ATT&CK framework is maintained by MITRE, a non-profit.
✅ True
❌ False
Explanation:
MITRE maintains ATT&CK as a public knowledge base of adversary tactics.
7. Black box testing involves designing test cases for scenarios.
❌ True
✅ False
Explanation:
Black box testing involves testing without internal knowledge, not scenario-based design.
8. White box testing is based solely on inputs/outputs without internal knowledge.
❌ True
✅ False
Explanation:
White box testing does use internal system knowledge; black box does not.
9. Approaches used in grey box testing (Select all that apply)
❌ Data flow analysis
❌ Black box testing
✅ Architecture analysis
❌ Code review
Explanation:
Grey box testing uses partial internal knowledge, such as architecture docs—not full code access.
10. Azure Compliance Manager helps organizations evaluate their __________.
❌ Access controls
❌ Data encryption
✅ Compliance posture
❌ Risks
Explanation:
Compliance Manager provides a unified assessment of overall compliance posture.
🧾 Summary Table
| Q | Correct Answer(s) |
|---|---|
| 1 | Red vs blue, Pen testing, Social engineering |
| 2 | Intrusion detection, Collaboration, Network monitoring, Vulnerability scanning |
| 3 | False |
| 4 | False |
| 5 | Reporting & remediation |
| 6 | True |
| 7 | False |
| 8 | False |
| 9 | Architecture analysis |
| 10 | Compliance posture |