clean up formatting, add questions to manage

Author: jmart1428

learn-pr/azure/cloud-adoption-framework-security/2-methodology.yml

@@ -23,9 +23,9 @@ quiz:
    - content: To provide a structured approach that you can use to enhance workload security and compliance
      isCorrect: true
      explanation: Correct. The primary goal of the Secure methodology is to ensure that workloads are highly secure and compliant.
-   - content: To search a unified audit log and view user and administrator activity in your organization
+   - content: To provide a cloud-based environment that enables you to build, deploy, and manage applications
      isCorrect: false
-     explanation: Incorrect. Searching audit logs and viewing activity aren't the primary goals of the Secure methodology.
-   - content: To standardizes the process for requesting, deploying, and governing subscriptions so that application teams can deploy their workloads faster
+     explanation: Incorrect. Providing a cloud-based environment isn't the primary goal of the Secure methodology. 
+   - content: To standardize the process for requesting, deploying, and governing subscriptions so that you can deploy your workloads faster
      isCorrect: false
      explanation: Incorrect. Standardizing processes for subscriptions isn't the focus of the Secure methodology.

learn-pr/azure/cloud-adoption-framework-security/5-plan.yml

@@ -22,10 +22,10 @@ quiz:
      explanation: Incorrect. While important, building an incident response plan isn't the primary purpose of landing zones. 
    - content: To incorporate templates for infrastructure as code (IaC) deployments
      isCorrect: false
-     explanation: Incorrect. Although landing zones may use infrastructure as code (IaC) templates, their main purpose is not to incorporate these templates but to provide a secure and scalable foundation.
+     explanation: Incorrect. Although landing zones may use infrastructure as code (IaC) templates, their main purpose isn't to incorporate these templates but to provide a secure and scalable foundation.
    - content: To enhance data analytics capabilities
      isCorrect: false
-     explanation: Incorrect. Enhancing data analytics capabilities is not the primary goal of landing zones. 
+     explanation: Incorrect. Enhancing data analytics capabilities isn't the primary goal of landing zones. 
    - content: To provide a highly secure and scalable foundation for cloud environments
      isCorrect: true
      explanation: Correct. The primary purpose of landing zones is to provide a highly secure and scalable foundation for cloud environments, which helps ensure consistency and compliance with security policies.

learn-pr/azure/cloud-adoption-framework-security/6-ready.yml

@@ -15,12 +15,12 @@ content: |
 quiz:
  title: Check your knowledge
  questions:
- - content: Which principle should be followed to grant users minimal access needed for their tasks?
+ - content: Which principle grants users minimal access needed for their tasks?
    choices:
-   - content: Role-based access control (RBAC)
+   - content: RBAC
      isCorrect: false
      explanation: Incorrect. RBAC manages access to resources based on user roles. 
-   - content: Multifactor authentication (MFA)
+   - content: MFA
      isCorrect: false
      explanation: Incorrect. MFA adds an extra layer of security by requiring multiple forms of verification.
    - content: The principle of least privilege

learn-pr/azure/cloud-adoption-framework-security/8-govern.yml

@@ -22,10 +22,10 @@ quiz:
      explanation: Correct. The primary goal of security governance is to align business priorities with technical implementations like architecture, standards, and policies.
    - content: Streamlining project management
      isCorrect: false
-     explanation: Incorrect. Streamlining project management is not the primary goal of security governance.
+     explanation: Incorrect. Streamlining project management isn't the primary goal of security governance.
    - content: Improving data backup processes
      isCorrect: false
-     explanation: Incorrect. Improving data backup processes is not the primary goal of security governance. 
+     explanation: Incorrect. Improving data backup processes isn't the primary goal of security governance. 
    - content: Optimizing resource allocation
      isCorrect: false
-     explanation: Incorrect. Optimizing resource allocation is not the main focus of security governance.
+     explanation: Incorrect. Optimizing resource allocation isn't the main focus of security governance.

learn-pr/azure/cloud-adoption-framework-security/9-manage.yml

@@ -11,4 +11,21 @@ metadata:
   ms.topic: unit
 durationInMinutes: 20
 content: |
-  [!include[](includes/9-manage.md)]
+  [!include[](includes/9-manage.md)]
+quiz:
+ title: Check your knowledge
+ questions:
+ - content: Which principle should you adopt to help modernize your observability platform?
+   choices:
+   - content: Trust by default
+     isCorrect: false
+     explanation: Incorrect. Trust by default assumes that all activities are trusted unless proven otherwise, which isn't suitable for modern security practices.
+   - content: Trust by exception
+     isCorrect: true
+     explanation: Correct. Trust by exception implies that you use identity and access monitoring to detect anomalous behavior in real-time, which is essential for modern observability.
+   - content: Trust by design
+     isCorrect: false
+     explanation: Incorrect. While designing systems with security in mind is important, this principle doesn't specifically address the need to validate only when necessary, which is essential for modern observability.
+   - content: Trust by verification
+     isCorrect: false
+     explanation: Incorrect. Although verification is a key component of security, this principle doesn't fully capture the proactive and continuous nature of monitoring and validating activities required to modernize an observability platform.

learn-pr/azure/cloud-adoption-framework-security/includes/6-ready.md

@@ -14,17 +14,18 @@ To [modernize your security posture](/azure/cloud-adoption-framework/secure/read
 
 ### Azure facilitation
 
-- **Azure landing zone accelerators** are prepackaged deployments for various workloads, such as [Azure Integration Services](/azure/cloud-adoption-framework/scenarios/app-platform/integration-services/landing-zone-accelerator), [Azure Kubernetes Service (AKS)](/azure/cloud-adoption-framework/scenarios/app-platform/aks/landing-zone-accelerator), and [Azure API Management](/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator). These accelerators help you quickly set up landing zones. For a full list, see [Modern application platform scenario](/azure/cloud-adoption-framework/scenarios/app-platform/).
+- Azure landing zone accelerators are prepackaged deployments for various workloads, such as [Azure Integration Services](/azure/cloud-adoption-framework/scenarios/app-platform/integration-services/landing-zone-accelerator), [Azure Kubernetes Service (AKS)](/azure/cloud-adoption-framework/scenarios/app-platform/aks/landing-zone-accelerator), and [Azure API Management](/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator). These accelerators help you quickly set up landing zones. For a full list, see [Modern application platform scenario](/azure/cloud-adoption-framework/scenarios/app-platform/).
 
-- **The Azure landing zones Terraform module** [automates your landing zone deployments](https://registry.terraform.io/modules/Azure/caf-enterprise-scale/azurerm/latest). To help ensure consistent and secure landing zones, deploy landing zones through your continuous integration and continuous deployment (CI/CD) pipeline.
+- [The Azure landing zones Terraform module](https://registry.terraform.io/modules/Azure/caf-enterprise-scale/azurerm/latest) automates your landing zone deployments. To help ensure consistent and secure landing zones, deploy landing zones through your continuous integration and continuous deployment (CI/CD) pipeline.
 
-- **Microsoft Entra** verifies identities, validates access conditions, checks permissions, encrypts connections, and monitors for compromise. [Microsoft Entra](/entra/fundamentals/what-is-entra) includes identity and network access products that help you incorporate a Zero Trust security strategy.
+- [Microsoft Entra](/entra/fundamentals/what-is-entra) verifies identities, validates access conditions, checks permissions, encrypts connections, and monitors for compromise. Microsoft Entra includes identity and network access products that help you incorporate a Zero Trust security strategy.
 
 ## Prepare for incidents and response
 
 After you define your strategy and plan for incident preparedness and response, you can [begin implementation](/azure/cloud-adoption-framework/secure/ready#prepare-for-incident-preparedness-and-response). Network segregation is crucial for security, whether you use a full enterprise landing zone or a simpler design.
 
 - **Design your network with segmentation and isolation** to reduce attack surfaces and contain breaches.
+
 - **Use virtual private clouds (VPCs), subnets, and security groups** to control traffic.
 
 ### Azure facilitation
@@ -47,7 +48,7 @@ Microsoft Entra Conditional Access is the Microsoft Zero Trust policy engine. It
 
 Ensure that you have [well-governed policies and standards](/azure/cloud-adoption-framework/secure/ready#prepare-for-integrity) for your data and system integrity. Define standards for the following areas.
 
-- **Data management**
+- **Data management:**
   - *Create a framework and sensitivity-label taxonomy* to define data security risk categories. Use this taxonomy to simplify data inventory, policy management, and investigation prioritization.
 
   - *Automate data verification and validation processes* to reduce the burden on data engineers and minimize human error.
@@ -56,7 +57,7 @@ Ensure that you have [well-governed policies and standards](/azure/cloud-adoptio
 
   - *Ensure that your cloud provider encrypts data at rest and data in transit by default.* Verify that services in your workloads support and are configured for strong encryption.
 
-- **System integrity design patterns**
+- **System integrity design patterns:**
   - *Design a robust security monitoring platform* to detect unauthorized changes.
 
   - *Use security information and event management (SIEM), security orchestration, automation, and response (SOAR), and threat detection tools* to identify suspicious activities and potential threats.