Course Quiz: Cybersecurity solutions and Microsoft Defender :Cybersecurity Solutions and Microsoft Defender (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Primary purpose of Azure DDoS Protection
✅ Detect and block malicious traffic
❌ Manage encryption keys
❌ Encrypt data at rest
❌ Provide secure VM access
Explanation:
Azure DDoS Protection identifies and mitigates large-scale attacks.
2. Goal of Just-in-Time VM Access
❌ Block DDoS
❌ Secure data transmission
✅ Minimize attack surfaces by limiting open ports
❌ Manage keys
Explanation:
JIT keeps RDP/SSH ports closed unless requested.
3. NAT type Azure Firewall uses for outbound traffic
✅ Source NAT (SNAT)
❌ TLS NAT
❌ MACsec NAT
❌ DNAT
Explanation:
SNAT rewrites outbound traffic source IPs to the firewall’s public IP.
4. Key characteristic of client-side encryption
✅ Data is encrypted before upload to Azure
❌ TLS encryption
❌ Azure manages the keys
❌ Encrypts transit only
Explanation:
Clients encrypt content locally before sending to cloud.
5. Benefit of VNets over on-prem networks
❌ Always-on DDoS
❌ Automatic encryption
✅ Scalability and isolation
❌ Dedicated firewall
Explanation:
VNets offer flexible, isolated, cloud-native networking.
6. Unique feature of DDoS Network Protection
❌ Encrypts data
❌ DNS proxy
❌ Firewall for public resources
✅ Supports multiple subscriptions with a single plan
Explanation:
Network Protection covers entire VNets under one plan.
7. Advantage of hub-and-spoke topology
✅ Simplified security management for multiple VNets
❌ Performance boost
❌ DDoS auto-protection
❌ Lower storage cost
Explanation:
Centralized security services (firewall, logging, routing) operate from hub.
8. Resource type typically using NSG
❌ Key Vault
❌ VM disk
❌ Public IP
✅ Subnets
Explanation:
NSGs secure subnets and NICs using allow/deny rules.
9. How ExpressRoute enhances data transit security
❌ Manage TLS
✅ Provides private connection to Azure (not public internet)
❌ Anomaly detection
❌ Encrypt stored data
Explanation:
ExpressRoute bypasses public internet routes entirely.
10. Role of Entra ID in Key Vault
❌ Encrypt data
❌ Rotate keys
❌ Monitor traffic
✅ Authenticate access to keys and secrets
Explanation:
Access to Key Vault is controlled by Entra ID authentication.
11. Defender for Cloud’s assistance with compliance
❌ Store data
❌ Enforce VM defaults
❌ Classify sensitive data
✅ Provides compliance benchmarks & recommendations
Explanation:
It checks resources against frameworks like CIS, PCI, ISO.
12. Sentinel analytics feature for threat detection
❌ Conditional access
❌ Tagging policies
❌ Key deployment
✅ Machine learning-based detection
Explanation:
Sentinel uses ML for anomaly and threat detection.
13. Azure Policy dealing with noncompliant resources
❌ Blocking new resources
❌ Assigning compliance scores
❌ Monitoring workloads
✅ Creating remediation tasks
Explanation:
Policies can trigger remediation actions for existing resources.
14. Advantage of SOAR automation rules
❌ Enforce encryption
❌ Generate compliance reports
✅ Centralize handling & automation of security incidents
❌ Restrict data access
Explanation:
Automation rules simplify incident management workflows.
15. How Blueprints help with regulatory compliance
❌ RBAC only
❌ Restrict VM SKUs
🥇 Apply pre-built templates aligned with regulations
❌ Generate noncompliance alerts
Explanation:
Blueprints deploy policy, RBAC, templates in compliance-ready bundles.
16. How Sentinel enhances threat detection
❌ Store keys
❌ Automated remediation
🥇 Uses advanced analytics + machine learning
❌ Enforce policies
Explanation:
Sentinel identifies sophisticated patterns across data sources.
17. Function of Azure Policy in remediation
❌ Encrypt data
❌ Security alerts
🥇 Create tasks to remediate non-compliant resources
❌ Block deployments
Explanation:
Remediation tasks deploy fixes via managed identities.
18. Function of playbooks in SOAR
❌ Monitor traffic
❌ Auto-fix compliance
🥇 Run automated sequences of actions triggered by alerts
❌ Produce threat intel
Explanation:
Playbooks automate responses with Logic Apps.
19. How Azure Key Vault enhances app security
🥇 Securely manages and deploys certificates
❌ Automate threat response
❌ Analyze posture
❌ Compliance enforcement
Explanation:
Apps retrieve certificates via Key Vault securely.
20. How Sentinel integrates with third-party tools
❌ Enforce policies
❌ Manage encryption
🥇 Using vendor-built connectors
❌ Central compliance
Explanation:
Sentinel provides connectors for Cisco, AWS, AWS GuardDuty, etc.
21. Sign-in risk policy addresses
❌ Manage admin privileges
🥇 Track & mitigate anomalies during sign-ins
❌ Flag compromised accounts
❌ AD anomaly behavior
Explanation:
Sign-in risk indicates suspicious authentication attempts.
22. Microsoft Defender for Office 365 Plan 1 focuses on
❌ Global permissions
🥇 Configuration, detection, and protection
❌ Automated remediation (P2)
❌ Phishing simulations (P2)
Explanation:
Plan 1 provides baseline email and collaboration protection.
23. Primary function of PIM
❌ Monitor suspicious behavior
🥇 Temporary elevation of administrative privileges
❌ Review sign-ins
❌ Ensure least privilege (PIM also helps, but main function is elevation)
Explanation:
PIM reduces attack surfaces by offering just-in-time admin access.
24. Safe Attachments protects users by
❌ Blocking known signatures
🥇 Opening attachments in a virtual sandbox to detect malicious behavior
❌ Analyzing links
❌ Notifying login issues
Explanation:
This isolates attachments for detonation-based analysis.
25. Purpose of Entitlement Management
❌ Restrict access by risk
❌ Detect unusual behavior
❌ Centralize admin assignment
🥇 Automates access request workflows to reduce admin burden
Explanation:
EM manages resource access packages + workflows.
26. Main purpose of Defender for Endpoint
❌ Encrypt endpoint data
❌ Block phishing
❌ Protect cloud apps
🥇 Detect and respond to advanced device threats
Explanation:
Defender for Endpoint is an EDR solution.
27. How sensitivity labels protect data
🥇 Apply encryption + access controls based on sensitivity
❌ Prevent all downloads
❌ Classify data only
❌ Generate reports
Explanation:
Labels enforce rights management, encryption, and usage restrictions.
28. Key benefit of integrating Defender services
❌ Security updates
❌ Endpoint data storage
🥇 Cross-domain threat detection & coordinated response
❌ Auto encryption
Explanation:
Integration enables unified XDR across identity, email, endpoint, cloud apps.
29. Purpose of Windows Autopilot
❌ Track suspicious logins
🥇 Simplify device setup and deployment
❌ Encrypt devices
❌ Auto-remediate threats
Explanation:
Autopilot automates provisioning of Windows devices.
30. Key feature of automated investigation in Defender
❌ Encrypt devices
❌ Monitor user compliance
🥇 Isolate affected devices & remove malware automatically
❌ Monitor data usage
Explanation:
Automated investigation reduces analyst workload by performing auto-remediation.
🧾 Summary Table
| Q | Correct Answer |
|---|---|
| 1 | Detect and block malicious traffic |
| 2 | Minimize attack surface (limit open ports) |
| 3 | SNAT |
| 4 | Encrypt before upload |
| 5 | Scalability & isolation |
| 6 | Multi-subscription protection |
| 7 | Central security management |
| 8 | Subnets |
| 9 | Private Azure connection |
| 10 | Authentication to Key Vault |
| 11 | Compliance benchmarks |
| 12 | ML-based detection |
| 13 | Remediation tasks |
| 14 | Centralized incident automation |
| 15 | Pre-built compliance templates |
| 16 | Analytics + ML |
| 17 | Create remediation tasks |
| 18 | Automated response playbooks |
| 19 | Secure certificate management |
| 20 | Vendor-built connectors |
| 21 | Sign-in anomalies |
| 22 | Config, detect, protect |
| 23 | Temporary privilege elevation |
| 24 | Sandbox analysis |
| 25 | Automated access workflows |
| 26 | Endpoint threat protection |
| 27 | Encryption + access controls |
| 28 | Cross-domain detection |
| 29 | Sim |