Module quiz: Security, compliance and identity :Cybersecurity Threat Vectors and Mitigation (Microsoft Cybersecurity Analyst Professional Certificate) Answers 2025
1. Security compliance is only important for international businesses.
❌ True
✅ False
Explanation:
Compliance applies to all organizations, even local ones, depending on laws and industry standards.
2. Primary difference between risk management & compliance
✅ Risk management = identifying & mitigating risks; compliance = adherence to laws, regulations, and standards
❌ Risk management vs rules
❌ Risk optional, compliance mandatory
3. XYZ Corp serves EU customers; must they comply with GDPR?
❌ Does not need to comply
✅ Must comply with GDPR
❌ Only follow US laws
Explanation:
GDPR applies to any company processing data of EU residents, regardless of company location.
4. GDPR considers cookies personal data only if name/contact info is given
❌ True
✅ False
Cookies that can identify a user, even indirectly, count as personal data.
5. Standard from ISO focusing on ISMS & risk-based approach
❌ SOC 2
❌ PCI-DSS
✅ ISO 27001
6. Concept allowing one digital identity across domains
❌ Active Directory
❌ Access Control
✅ Identity Federation
7. Role of Active Directory
✅ AD is used for managing individual identifiers (users, groups, permissions)
❌ Website development
❌ Data storage
8. Mitigation for SSO being a single point of failure
❌ SSO is inherently secure
❌ Share SSO credentials (very insecure!)
✅ Implement MFA and update security protocols
9. Defense in depth relies on one strong layer
❌ True
✅ False
Defense in depth = multiple layers of security, not one.
10. Zero Trust assumes trust once inside the network
❌ True
✅ False
Zero Trust = “never trust, always verify”, even inside the network.
🧾 SUMMARY TABLE
| Q# | Correct Answer |
|---|---|
| 1 | False |
| 2 | Risk mgmt vs compliance |
| 3 | Must comply with GDPR |
| 4 | False |
| 5 | ISO 27001 |
| 6 | Identity Federation |
| 7 | Manages identifiers (AD) |
| 8 | MFA + updated protocols |
| 9 | False |
| 10 | False |