Module quiz: Advanced threats and mitigation :Advanced Cybersecurity Concepts and Capstone Project (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
Fill in the blank: Susceptible infrastructure threat that allows attackers to make internal requests.
✅ Server-side request forgery (SSRF)
❌ Cross-site scripting (XSS)
❌ Denial-of-service (DoS)
Explanation:
SSRF allows attackers to force the server to make unauthorized internal network requests.
2. Question 2
Component focused on preparatory reconnaissance techniques:
❌ Enterprise Matrix
✅ PRE-ATT&CK Matrix
❌ Mobile Matrices
Explanation:
PRE-ATT&CK covers adversary behavior before initial access—recon, research, planning.
3. Question 3
Tactic involving keyloggers, credential dumping, brute force:
❌ Exfiltration
❌ Defense evasion
✅ Credential access
Explanation:
Credential Access includes techniques attackers use to steal or capture credentials.
4. Question 4
Malware that disguises itself as legitimate software:
✅ Trojan horses
❌ Rootkits
❌ Worms
Explanation:
A Trojan appears legitimate but secretly provides unauthorized access.
5. Question 5
Combating phishing requires using _________ + user training:
✅ Email filters
❌ Firewalls
❌ Ad blockers
Explanation:
Email filters block malicious messages before reaching users.
6. Question 6
MCUs are inexpensive IoT hardware running an RTOS.
✅ True
❌ False
Explanation:
Microcontrollers are low-cost, limited-resource devices using simple RTOS environments.
7. Question 7
Hacked thermostat due to unsecured communication protocol:
❌ Device impersonation
❌ Botnets
✅ Unsafe communication attack
Explanation:
Unsecured protocols expose devices to man-in-the-middle and control attacks.
8. Question 8
What is “convergence” in IoT risks?
❌ Connecting devices to insecure networks
❌ Legacy/unsupported devices
✅ Combination of multiple systems into one
Explanation:
Convergence increases risk by merging multiple systems, expanding attack surfaces.
9. Question 9
Hardware root of trust provides:
✅ Safe credential storage in tamper-resistant hardware
❌ Software-based storage
❌ Flexible, easily altered identity
Explanation:
Root of trust anchors device identity and protects secrets via secure hardware.
10. Question 10
Defender for IoT feature giving detailed device information:
❌ Automatic asset discovery
❌ Agentless monitoring
✅ Device inventory
Explanation:
Device Inventory lists devices with metadata (IP, firmware, vendor, alerts, protocols).
🧾 Summary Table
| Q# | Correct Answer |
|---|---|
| 1 | SSRF |
| 2 | PRE-ATT&CK Matrix |
| 3 | Credential Access |
| 4 | Trojan horses |
| 5 | Email filters |
| 6 | True |
| 7 | Unsafe communication attack |
| 8 | Combination of multiple systems |
| 9 | Tamper-resistant credential storage |
| 10 | Device inventory |