FIVE ZERO NINE Practice Exam 1 Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which of the following is the customer responsible for securing in an AWS cloud environment?

Operating system in a PaaS environment

Hypervisor in an IaaS environment

Tables in a managed database

Security of shared storage space

Answer explanation

For infrastructure services, AWS still secure the hypervisor, but not what a customer chooses to run on it. For platform services, AWS still secure the operating system, but not the code a customer chooses to run. For database, AWS still secure the underlying database and operating system, but not the data a customer stores within it and who they provide access to. For services like shared storage spaces (S3), AWS provides the underlying security by making sure no one can access everyone's stored data, but the customer sets the policies of who can access the data.

2.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which AWS EC2 type is shown in the image?

General purpose

Memory optimized

Compute optimized

Accelerated computing

Answer explanation

EC2 instances prefixed with "R" (rS.2xlarge) means they have much more RAM than CPUs which is referred to as memory optimized.

3.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which part of the Azure URI below defines the resources that are manged through Azure Resources Manager?

/subscriptions/0b1f647101-1bgf0-4dda-aec3-11111111111111/resourceGroups/Network-VNET/providers/Microsoft.Network/virtualNetworks/VNET

VirtualNetworks

Subscriptions

Providers

ResourceGroups

Answer explanation

Resources in Azure are made available by a resource provider, registered to a subscription. The provider is the name of a service that supplies the resources that can be deployed and managed through Resource Manager.

4.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

What provided evidence of the email accessed by the attackers in the SolarWinds breach?

Execution evidence of the "Sparrow" tool

Azure Web Console Logs

Installation logs of the "Hawk" tool

Graph API logs

CloudTrail logs

Answer explanation

Microsoft's Graph API was used to access email leveraging either Mail.Read or Mail.ReadWrite. Graph API provides equivalent functionality to PowerShell, web console or CLI in a programmatically accessible fashion.

Some of the calls available in Graph API will be logged, in this case email monitoring was captured in the logs providing evidence of this technique.

Hawk and Sparrow are tools that allow collecting logs and auditing compromised accounts respectively.

5.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

What information is provided with the successful execution of the following command?

Get-Mailbox -Identity <MailboxIdentity> | Select-Object -ExpandPropert AuditOwner

Mailboxes restored for the account owner

Actions being logged for a mailbox

Current number of logged messages

Accounts with 'SendOnBehalf' permissions for a mailbox

Answer explanation

To see the mailbox actions that are currently being logged on user mailboxes or shared mailboxes, replace <MailboxIdentity> with the name, alias, email address, or user principal name (username) of the mailbox. The output will look like the following:

Update

MoveToDeleteItems

SoftDelete

HardDelete

UpdateFolderPermissions

UpdateInboxRules

UpdateCalendarDelegation

MailItemsAccessed

6.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which component in the Azure structure is defined as an organization's directory of users and their access?

Management group

Subscription

Tenant

Resource group

Answer explanation

Azure tenant is associated with a dedicated Azure Active Directory (AAD) instance which provides identity and access management. Users and subscription permissions are defined in AAD. Subscriptions organize resources, management groups organize subscriptions and resource groups organize related resources.

7.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which Azure binary large object type is usually used to log data from applications running on virtual machines?

Append

Page

Block

Answer explanation

Append blobs are ideal for logging data.

Page blocks are usually used to store virtual hard drives (VHD) and serve as disks for Azure Virtual Machines while Block blobs store text and binary data.

8.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

During an investigation the incident response team discovers that the AWS Cloud Trail have been configured to record the default information. Which of the following API events should they expect to find in the data set?

Service termination

Database requests

Data retrieval from S3 buckets

Lambda function calls

Answer explanation

Cloud trail logging records what AWS defines as Management events which include creation, deletion, start or stopping of services or making a call into an existing service that is running. Data events, Lambda functions and retrieval of data from S3 buckets are not recorded.

9.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Which Azure product provides real-time data ingestion services?

Sentinel

Log Analytics

Functions

Event Hubs

Answer explanation

The following are descriptions of the Azure products listed:

Event Hub: Real-time data ingestion service

Log Analytics: Collect, search, and visualize logs

Azure Functions: Severless solution to implement compute-on-demand

Azure Sentiniel: Cloud-native SIEM and intelligent security analytics

10.

MULTIPLE CHOICE QUESTION

3 mins • 1 pt

Microsoft Azure Virtual Machines falls under which column of the Shared Responsibility Model in the Image?

D

A

B

C

Answer explanation

Microsoft Azure is a cloud-computing IaaS (Infrastructure as a Service) product that allows for building, testing, and managing applications through a network of Microsoft data centers. Column C represents the IaaS cloud service model. Column A represents SaaS, Column B represents PaaS, and Column D represents On-premise.

Create a free account and access millions of resources

Popular Resources on Wayground