Module quiz: Azure basic security capabilities :Cybersecurity Solutions and Microsoft Defender (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Traffic pattern analysis used by Azure DDoS Protection
❌ Static rules
❌ Manual monitoring
❌ Single threshold
✅ Adaptive traffic profiling based on application behavior over time
Explanation:
Azure DDoS Protection learns normal traffic patterns and detects anomalies.
2. Best Azure Firewall SKU for high transactions + automated threat intelligence
❌ Premium
❌ Essential
✅ Standard
❌ Basic
Explanation:
Azure Firewall Standard includes threat intelligence filtering + scalability suited for busy environments.
(Premium adds TLS inspection, not required for just high-volume + filtering.)
3. Additional benefit of JIT access
❌ High availability
❌ Full traffic encryption
✅ Reduces attack surface by keeping ports closed
❌ Increase storage capacity
Explanation:
JIT keeps management ports closed until needed, minimizing exposure.
4. Rule type to allow access to a specific FQDN
❌ Network rule
❌ Threat intelligence
❌ NAT rule
✅ Application rule
Explanation:
Application rules allow traffic using FQDNs in Azure Firewall.
5. When is DDoS IP Protection more suitable?
❌ Protecting private IPs
❌ Protecting multiple subscriptions
✅ Protecting individual public IP resources
❌ Preventing unauthorized subnet access
Explanation:
DDoS IP Protection is ideal for single public IPs at a lower cost.
6. Support during a documented DDoS attack
❌ Upgrade to Premium
❌ Auto firewall rule changes
✅ Credits for data transfer & scale-out costs
❌ Refunds for all services
Explanation:
Azure offers financial credits for extra costs incurred due to an attack.
7. Recommended method to secure data in transit between Azure datacenters
❌ Symmetric encryption
✅ TLS protocols
❌ Disk encryption
❌ RBAC
Explanation:
Azure uses TLS encryption for secure data transit.
8. How NSGs improve VNet security
✅ Filter traffic based on source/destination IPs, ports, protocols
❌ Secure outbound only
❌ Provide encryption
❌ Allow unrestricted access
Explanation:
NSGs act like firewalls controlling inbound and outbound traffic.
9. Benefit of Azure Key Vault
✅ Centralized control over access to encryption keys
❌ Real-time monitoring of encrypted data
❌ Auto backup
❌ Auto-encrypt all apps
Explanation:
Key Vault provides secure storage and access control for keys and secrets.
10. How JIT improves VM security
❌ Create backups
✅ Temporarily grants access only when requested/approved
❌ Log firewall activity
❌ Constant port monitoring
Explanation:
JIT ensures privileged ports open only when needed.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Adaptive traffic profiling | DDoS detection |
| 2 | Standard | Firewall SKU |
| 3 | Reduces attack surface | JIT |
| 4 | Application rule | FQDN filtering |
| 5 | Individual public IP | DDoS IP Protection |
| 6 | Credits for scale-out costs | DDoS support |
| 7 | TLS | Encryption in transit |
| 8 | Traffic filtering | NSGs |
| 9 | Centralized key control | Key Vault |
| 10 | Temporary approved access | JIT security |