MCQs on Blob Storage Security and Access Control | Azure Storage

Understanding Blob Storage Security and Access Control in Azure is essential for managing and protecting data. This section covers configuring shared access signatures (SAS), Azure Active Directory (AAD) authentication, and role-based access control (RBAC) for optimal blob storage security.


MCQs on Configuring Shared Access Signatures (SAS) (1-10)

  1. What is a primary purpose of using a Shared Access Signature (SAS) in Azure Blob Storage?
    • A) To provide limited access to blob storage resources
    • B) To backup data to another location
    • C) To encrypt blob data
    • D) To delete data permanently
  2. Which of the following permissions is NOT available with a SAS token?
    • A) Read
    • B) Write
    • C) Share
    • D) Delete
  3. A user wants to create a SAS token with read-only permissions. Which permissions should be set in the SAS configuration?
    • A) Read only
    • B) Write only
    • C) Read and write
    • D) Delete only
  4. For which of the following can a SAS token provide access?
    • A) Only blob storage
    • B) Only Azure virtual machines
    • C) Blob, queue, and table storage
    • D) Only Azure SQL Database
  5. When creating a SAS token, what does the expiry time specify?
    • A) The time the token was generated
    • B) The period after which the token will expire
    • C) The creation time of the blob
    • D) The server time zone
  6. What does a SAS token enable users to avoid?
    • A) Sharing their storage account keys
    • B) Creating a new storage account
    • C) Configuring RBAC for every user
    • D) Using HTTPS for secure access
  7. What parameter is used in a SAS token to specify which resource types are accessible?
    • A) Permissions
    • B) Start time
    • C) Resource type
    • D) Signature
  8. What does the “signed IP” parameter in a SAS token do?
    • A) Limits access to specific IP addresses
    • B) Increases the validity period of the token
    • C) Encrypts the token for added security
    • D) Binds the token to a specific user
  9. Which type of SAS is recommended for accessing Azure resources from a public application?
    • A) Service SAS
    • B) Account SAS
    • C) User delegation SAS
    • D) Managed SAS
  10. What is required to generate a User Delegation SAS?
    • A) Storage account key
    • B) Azure AD credentials
    • C) SAS token permissions
    • D) IP restrictions

MCQs on Using Azure Active Directory (AAD) for Authentication (11-20)

  1. Which advantage does Azure Active Directory (AAD) provide when used for blob storage authentication?
    • A) Enables IP-based restrictions
    • B) Uses temporary storage keys
    • C) Uses role-based permissions without requiring storage account keys
    • D) Provides free storage capacity
  2. In which situation would you use Azure AD authentication for blob storage?
    • A) When requiring anonymous access
    • B) For applications requiring specific user permissions
    • C) To reduce storage costs
    • D) When using only virtual machines
  3. Which tool is commonly used to assign user permissions in Azure AD for blob storage?
    • A) Azure Monitor
    • B) Azure Portal
    • C) Visual Studio
    • D) PowerShell only
  4. What is the primary identifier for a user within Azure AD?
    • A) Storage account name
    • B) User principal name (UPN)
    • C) SAS token ID
    • D) Blob access key
  5. Which of the following is required for an application to use Azure AD authentication with blob storage?
    • A) Storage account key
    • B) Service principal or managed identity
    • C) SAS token with read permissions
    • D) IP-based restrictions
  6. How does Azure AD ensure secure authentication to blob storage?
    • A) By creating a unique blob key
    • B) By assigning permissions through RBAC
    • C) By using a storage account access key
    • D) By enabling public access
  7. When an Azure AD token is used for authentication, how is it renewed?
    • A) It automatically renews after one day
    • B) It renews manually using a SAS token
    • C) It expires based on the session duration or refresh token settings
    • D) It is configured by the user
  8. Which type of identity is commonly used for an application to authenticate with Azure AD to access blob storage?
    • A) IP-based identity
    • B) Service principal or managed identity
    • C) SAS token identity
    • D) User identity only
  9. What role must be assigned to a user in Azure AD to allow read-only access to blob storage?
    • A) Blob Data Contributor
    • B) Blob Data Reader
    • C) Storage Account Owner
    • D) Storage Administrator
  10. Which factor improves security when using Azure AD over storage account keys?
    • A) Tokens are automatically generated with high security
    • B) Role-based access and no need to share account keys
    • C) It provides storage account encryption
    • D) AAD only supports read-only access

MCQs on Role-Based Access Control (RBAC) for Blob Storage (21-30)

  1. What is the purpose of Role-Based Access Control (RBAC) in Azure blob storage?
    • A) To monitor usage of blob storage
    • B) To assign permissions based on specific roles
    • C) To create storage accounts automatically
    • D) To provide free access to users
  2. Which role in RBAC allows full access to manage blob storage contents?
    • A) Blob Data Contributor
    • B) Blob Data Reader
    • C) Blob Owner
    • D) Storage Account Reader
  3. What does the Blob Data Contributor role allow a user to do?
    • A) View storage account settings
    • B) Delete storage accounts
    • C) Read, write, and delete blob data
    • D) Only read data from blob storage
  4. Which RBAC role is ideal for users who only need read access to blob storage?
    • A) Blob Data Contributor
    • B) Blob Data Reader
    • C) Storage Account Contributor
    • D) Storage Admin
  5. How is RBAC different from SAS in blob storage?
    • A) RBAC uses access keys, while SAS uses passwords
    • B) RBAC is account-wide, while SAS can be scoped to specific resources
    • C) SAS requires Azure AD, RBAC does not
    • D) RBAC is temporary, SAS is permanent
  6. Which tool in Azure allows you to configure RBAC for blob storage?
    • A) Azure Storage Explorer
    • B) Azure Portal
    • C) Visual Studio
    • D) PowerShell only
  7. What is the advantage of assigning roles using RBAC rather than sharing storage account keys?
    • A) RBAC automatically encrypts data
    • B) RBAC roles provide more control and less risk of key exposure
    • C) Storage account keys are easier to manage
    • D) It allows full access without restrictions
  8. In RBAC, which of the following permissions does the Blob Data Owner role grant?
    • A) Read-only access to blob data
    • B) Access to manage blob data and assign roles
    • C) Access to only monitor blob data
    • D) Access to view billing information
  9. When assigning RBAC roles, what scope levels can you specify?
    • A) Management group, subscription, resource group, and individual resource
    • B) Only at the resource level
    • C) Only for the storage account level
    • D) Subscription level only
  10. How is access granted to users in RBAC compared to using SAS tokens?
    • A) RBAC grants temporary access, SAS grants permanent access
    • B) RBAC is linked to Azure AD roles, SAS is independent
    • C) SAS requires IP restrictions, RBAC does not
    • D) RBAC grants access by sharing account keys directly

Answers Table

QNoAnswer (Option with the text)
1A) To provide limited access to blob storage resources
2C) Share
3A) Read only
4C) Blob, queue, and table storage
5B) The period after which the token will expire
6A) Sharing their storage account keys
7C) Resource type
8A) Limits access to specific IP addresses
9C) User delegation SAS
10B) Azure AD credentials
11C) Uses role-based permissions without requiring storage account keys
12B) For applications requiring specific user permissions
13B) Azure Portal
14B) User principal name (UPN)
15B) Service principal or managed identity
16B) By assigning permissions through RBAC
17C) It expires based on the session duration or refresh token settings
18B) Service principal or managed identity
19B) Blob Data Reader
20B) Role-based access and no need to share account keys
21B) To assign permissions based on specific roles
22A) Blob Data Contributor
23C) Read, write, and delete blob data
24B) Blob Data Reader
25B) RBAC is account-wide, while SAS can be scoped to specific resources
26B) Azure Portal
27B) RBAC roles provide more control and less risk of key exposure
28B) Access to manage blob data and assign roles
29A) Management group, subscription, resource group, and individual resource
30B) RBAC is linked to Azure AD roles, SAS is independent

Use a Blank Sheet, Note your Answers and Finally tally with our answer at last. Give Yourself Score.

X
error: Content is protected !!
Scroll to Top