Chapter 3: Security, Privacy, Compliance, and Trust | MCQs for Azure Fundamentals (AZ-900)

3.1 Securing Azure Resources

• Azure Active Directory (Azure AD)
  Azure Active Directory (Azure AD) is a cloud-based identity and access management service that enables secure access to resources. It provides features such as single sign-on, multi-factor authentication, and identity protection to manage users and devices securely.
• Multi-Factor Authentication (MFA)
  Multi-Factor Authentication adds an additional layer of security by requiring users to provide two or more verification methods to access resources. These methods can include something you know (password), something you have (a phone or hardware token), or something you are (biometric verification).
• Role-Based Access Control (RBAC)
  Role-Based Access Control (RBAC) enables users to manage access to Azure resources based on roles. It allows administrators to assign permissions to users or groups, ensuring that individuals only have access to resources necessary for their job.

3.2 Network Security

• Azure Firewall
  Azure Firewall is a fully managed, stateful network security service that protects Azure Virtual Networks from unauthorized access. It offers features such as filtering traffic, logging, and monitoring to help detect and block malicious activity.
• Azure DDoS Protection
  Azure DDoS Protection helps safeguard Azure applications from Distributed Denial of Service (DDoS) attacks. It provides automatic traffic monitoring and mitigation to protect against large-scale attacks, ensuring the availability of your resources.
• Network Security Groups (NSGs)
  Network Security Groups are used to control network traffic to and from Azure resources. NSGs contain a set of rules that allow or deny traffic based on IP address, port, and protocol, ensuring secure network communication within Azure environments.

3.3 Compliance and Governance

• Azure Policy
  Azure Policy helps organizations enforce specific rules and guidelines for resource deployment and management across Azure. It ensures that resources comply with internal standards and industry regulations, helping maintain governance and security.
• Azure Blueprints
  Azure Blueprints is a service that enables the definition, deployment, and management of Azure environments. It helps organizations ensure that their environments adhere to regulatory standards by automating the process of deploying and configuring resources in a compliant manner.
• Trust Center and Service Trust Portal
  The Azure Trust Center provides detailed information on Azure’s security, privacy, and compliance practices. The Service Trust Portal offers access to resources and tools, such as audit reports and certifications, to help customers evaluate Azure’s compliance with industry regulations.

Multiple-Choice Questions (Single Answer)

1. Which of the following services provides identity and access management for Azure resources?
   • A) Azure Active Directory
   • B) Azure RBAC
   • C) Azure DDoS Protection
   • D) Azure Firewall
2. What is the primary purpose of Multi-Factor Authentication (MFA) in Azure?
   • A) To prevent data loss
   • B) To ensure secure access to Azure resources
   • C) To manage user roles
   • D) To monitor network traffic
3. What does Role-Based Access Control (RBAC) allow you to manage in Azure?
   • A) Network traffic
   • B) Access to Azure resources based on user roles
   • C) Virtual machine scaling
   • D) Firewall rules
4. Which of the following is a key feature of Azure Active Directory (Azure AD)?
   • A) Securing virtual machines
   • B) Managing user identities and access
   • C) Defending against DDoS attacks
   • D) Managing data encryption
5. Which of the following provides protection against Distributed Denial of Service (DDoS) attacks in Azure?
   • A) Azure Firewall
   • B) Azure DDoS Protection
   • C) Azure Policy
   • D) Network Security Groups
6. What type of resource does a Network Security Group (NSG) control?
   • A) Virtual machines
   • B) Network traffic and communication to/from resources
   • C) User identities
   • D) Data encryption
7. Which of the following tools helps you implement security policies across Azure resources?
   • A) Azure Blueprints
   • B) Azure AD
   • C) Azure DDoS Protection
   • D) Azure Policy
8. Which Azure service helps in designing and implementing a governance model for Azure resources?
   • A) Azure Policy
   • B) Azure AD
   • C) Azure Blueprints
   • D) Azure Firewall
9. What does the Azure Trust Center provide information about?
   • A) Compliance with regulatory standards
   • B) Resource management and pricing
   • C) Disaster recovery procedures
   • D) The latest cloud innovations
10. Which service helps you define and enforce specific policies across Azure resources?
    • A) Azure Policy
    • B) Azure Blueprints
    • C) Azure RBAC
    • D) Azure Firewall
11. Which of the following features does Azure Multi-Factor Authentication (MFA) provide?
    • A) One-time passcodes
    • B) SMS-based authentication
    • C) Biometric authentication
    • D) All of the above
12. Which service allows you to limit access to Azure resources based on specific roles assigned to users?
    • A) Azure Active Directory
    • B) Azure DDoS Protection
    • C) Role-Based Access Control (RBAC)
    • D) Azure Firewall
13. Which of the following services provides advanced threat protection and security monitoring for Azure workloads?
    • A) Azure DDoS Protection
    • B) Azure Security Center
    • C) Network Security Groups
    • D) Azure AD
14. Which Azure service helps to secure the network traffic flow to/from a resource by controlling inbound and outbound traffic?
    • A) Network Security Groups
    • B) Azure Firewall
    • C) Azure Application Gateway
    • D) Azure Traffic Manager
15. Which service in Azure can automatically block malicious traffic attempting to overwhelm your resources with excessive requests?
    • A) Azure Firewall
    • B) Azure DDoS Protection
    • C) Network Security Groups
    • D) Azure AD
16. What is the role of Azure Blueprints in governance?
    • A) It helps in building a custom firewall
    • B) It helps implement a governance model and assign policies
    • C) It manages identities and access
    • D) It protects against DDoS attacks
17. Which Azure service allows you to audit and monitor compliance with security policies?
    • A) Azure Policy
    • B) Azure Blueprints
    • C) Azure AD
    • D) Azure Firewall
18. Which of the following is a key benefit of using Role-Based Access Control (RBAC) in Azure?
    • A) Enforcing a compliance policy
    • B) Ensuring secure, least-privilege access to resources
    • C) Enabling automatic scaling of resources
    • D) Securing network traffic
19. What does Azure Active Directory (Azure AD) help organizations manage?
    • A) Firewall rules
    • B) User identities and access control
    • C) Data backups
    • D) Virtual machines
20. Which Azure service provides automatic scaling and protection against traffic floods from DDoS attacks?
    • A) Azure DDoS Protection
    • B) Azure Firewall
    • C) Azure Active Directory
    • D) Azure Traffic Manager

Multiple-Choice Questions (Multiple Answer)

1. Which of the following are features of Azure Active Directory (Azure AD)? (Select all that apply)
   • A) Identity management
   • B) Role-based access control
   • C) Firewall protection
   • D) Secure sign-in
2. Which of the following services can be used for network security in Azure? (Select all that apply)
   • A) Azure Firewall
   • B) Network Security Groups (NSGs)
   • C) Azure Active Directory
   • D) Azure DDoS Protection
3. Which of the following are part of Azure’s compliance and governance services? (Select all that apply)
   • A) Azure Policy
   • B) Azure Blueprints
   • C) Azure AD
   • D) Trust Center
4. Which services can be used to protect Azure resources from DDoS attacks? (Select all that apply)
   • A) Azure DDoS Protection
   • B) Azure Firewall
   • C) Network Security Groups
   • D) Azure Active Directory
5. Which of the following features does Multi-Factor Authentication (MFA) support in Azure? (Select all that apply)
   • A) Push notifications
   • B) Biometric authentication
   • C) Phone call verification
   • D) Password-based authentication
6. Which of the following are true about Azure Role-Based Access Control (RBAC)? (Select all that apply)
   • A) RBAC is used to manage network traffic
   • B) RBAC can be used to assign specific access rights to users
   • C) RBAC helps protect resources from unauthorized access
   • D) RBAC allows only root users to access all resources
7. Which services in Azure help you manage security policies across resources? (Select all that apply)
   • A) Azure Blueprints
   • B) Azure DDoS Protection
   • C) Azure Policy
   • D) Azure Active Directory
8. Which of the following are valid roles in Azure’s Role-Based Access Control (RBAC)? (Select all that apply)
   • A) Owner
   • B) Contributor
   • C) Reader
   • D) Auditor
9. Which services in Azure provide network security for your infrastructure? (Select all that apply)
   • A) Azure Firewall
   • B) Network Security Groups
   • C) Azure Application Gateway
   • D) Azure Virtual Machines
10. Which of the following are part of Azure’s compliance offerings? (Select all that apply)
    • A) Azure Blueprints
    • B) Trust Center
    • C) Azure RBAC
    • D) Azure Active Directory

True/False Questions

1. Multi-Factor Authentication (MFA) in Azure requires users to provide at least two forms of authentication.
   • True / False
2. Azure DDoS Protection automatically blocks all malicious traffic.
   • True / False
3. Role-Based Access Control (RBAC) in Azure allows users to access all resources by default.
   • True / False
4. Azure Active Directory (Azure AD) helps manage both internal and external user identities.
   • True / False
5. Azure Policy allows you to set and enforce governance controls across resources.
   • True / False
6. Azure Firewall can monitor and block DDoS attacks.
   • True / False
7. Network Security Groups (NSGs) help secure network traffic to/from Azure resources.
   • True / False
8. Azure Blueprints help with managing resource compliance and security across environments.
   • True / False
9. The Trust Center in Azure provides information on the security and privacy of Azure services.
   • True / False
10. Azure Role-Based Access Control (RBAC) only works with Azure virtual machines.
    • True / False

Scenario-Based Questions

1. Scenario 1: A company wants to enforce strict security policies for their virtual network traffic. Which Azure service should they use?
   • A) Network Security Groups
   • B) Azure Active Directory
   • C) Azure Firewall
   • D) Azure Policy
2. Scenario 2: A company wants to protect their Azure environment from DDoS attacks. Which service should they enable?
   • A) Azure DDoS Protection
   • B) Azure Firewall
   • C) Azure Active Directory
   • D) Azure Security Center
3. Scenario 3: An organization wants to ensure their resources are managed according to a set of predefined rules. Which Azure service should they use?
   • A) Azure Policy
   • B) Azure Active Directory
   • C) Azure Blueprints
   • D) Azure Firewall
4. Scenario 4: A user needs to access Azure resources securely and must authenticate using a second method in addition to their password. What should they use?
   • A) Azure Multi-Factor Authentication
   • B) Azure RBAC
   • C) Azure Firewall
   • D) Network Security Groups
5. Scenario 5: A company needs to ensure that only specific employees can access sensitive resources. Which Azure service can help them achieve this?
   • A) Azure RBAC
   • B) Azure Active Directory
   • C) Azure Policy
   • D) Azure Blueprints
6. Scenario 6: A company wants to monitor traffic for malicious attempts to overload their resources. Which service would be most effective?
   • A) Azure DDoS Protection
   • B) Azure Firewall
   • C) Network Security Groups
   • D) Azure Traffic Manager
7. Scenario 7: A company needs to apply security controls and policies across multiple Azure resources in a consistent manner. Which service should they use?
   • A) Azure Blueprints
   • B) Azure RBAC
   • C) Azure AD
   • D) Azure DDoS Protection
8. Scenario 8: An organization wants to monitor and respond to potential security threats across their Azure environment. Which service should they implement?
   • A) Azure Security Center
   • B) Azure DDoS Protection
   • C) Azure Firewall
   • D) Azure AD
9. Scenario 9: A company is deploying applications that require strict compliance with industry regulations. Which service can help them maintain this compliance?
   • A) Azure Policy
   • B) Azure AD
   • C) Azure Blueprints
   • D) Azure Firewall
10. Scenario 10: A company needs to ensure only specific users can modify certain resources. Which service should they use to enforce this?
    • A) Azure RBAC
    • B) Azure AD
    • C) Azure Policy
    • D) Azure Blueprints

Case Study with Three Follow-Up Questions

1. Case Study 1: A company needs to secure their Azure infrastructure against external threats, control network traffic, and manage user access based on roles.
   • Question 1: Which services should the company use for network security?
   • Question 2: How can the company manage user access based on roles?
   • Question 3: Which service can help ensure the company is compliant with security policies?
2. Case Study 2: An organization wants to protect its applications from DDoS attacks while managing access to its Azure resources and enforcing security policies.
   • Question 1: Which service should the company use for DDoS protection?
   • Question 2: How should the company manage access to resources?
   • Question 3: What tool can the company use to ensure compliance with security standards?

---

Answers

Multiple-Choice Questions (Single Answer)

1. A) Azure Active Directory
2. B) To ensure secure access to Azure resources
3. B) Access to Azure resources based on user roles
4. B) Managing user identities and access
5. B) Azure DDoS Protection
6. B) Network traffic and communication to/from resources
7. A) Azure Blueprints
8. C) Azure Blueprints
9. A) Compliance with regulatory standards
10. A) Azure Policy
11. D) All of the above
12. C) Role-Based Access Control (RBAC)
13. B) Azure Security Center
14. A) Network Security Groups
15. B) Azure DDoS Protection
16. B) It helps implement a governance model and assign policies
17. A) Azure Policy
18. B) Ensuring secure, least-privilege access to resources
19. B) User identities and access control
20. A) Azure DDoS Protection

Multiple-Choice Questions (Multiple Answer)

1. A) Identity management, B) Role-based access control, D) Secure sign-in
2. A) Azure Firewall, B) Network Security Groups (NSGs), D) Azure DDoS Protection
3. A) Azure Policy, B) Azure Blueprints, D) Trust Center
4. A) Azure DDoS Protection, B) Azure Firewall
5. A) Push notifications, B) Biometric authentication, C) Phone call verification
6. B) RBAC can be used to assign specific access rights to users, C) RBAC helps protect resources from unauthorized access
7. A) Azure Blueprints, C) Azure Policy
8. A) Owner, B) Contributor, C) Reader
9. A) Azure Firewall, B) Network Security Groups
10. A) Azure Blueprints, B) Trust Center

True/False Questions

1. True
2. False
3. False
4. True
5. True
6. False
7. True
8. True
9. True
10. False

Scenario-Based Questions

1. A) Network Security Groups
2. B) Azure DDoS Protection
3. A) Azure Policy
4. A) Azure Multi-Factor Authentication
5. A) Azure RBAC
6. A) Azure DDoS Protection
7. A) Azure Blueprints
8. A) Azure Security Center
9. A) Azure Policy
10. A) Azure RBAC

Case Study Questions

1. Case Study 1
   1. Azure Firewall, Network Security Groups
   2. Azure RBAC
   3. Azure Blueprints
2. Case Study 2
   1. Azure DDoS Protection
   2. Azure RBAC
   3. Azure Policy