MCQs on Access and Security | Azure Files
Azure Storage Access and Security focuses on file access methods like SMB and REST APIs, Identity-Based Access with RBAC, and advanced encryption techniques to ensure secure network communication.
Access and Security
Topic: File Access Methods (SMB, REST APIs)
- Which file access protocol is commonly used to mount Azure File shares on Windows machines?
- A) FTP
- B) SMB
- C) REST API
- D) SFTP
- What is the primary purpose of REST APIs in Azure Storage?
- A) To transfer files between on-premises and Azure
- B) To provide programmatic access to storage services
- C) To enforce access policies
- D) To manage encryption keys
- Which Azure storage service uses the SMB protocol for accessing files?
- A) Blob Storage
- B) File Storage
- C) Queue Storage
- D) Table Storage
- What tool can be used to test REST API calls for Azure Storage?
- A) Azure Portal
- B) Postman
- C) Microsoft Edge
- D) SMB Explorer
- What is a key difference between SMB and REST APIs for file access?
- A) REST APIs require encryption; SMB does not
- B) SMB is for programmatic access; REST APIs are not
- C) SMB uses direct file access; REST APIs use HTTP protocols
- D) REST APIs are used only for backups
- How does SMB handle file locking in Azure File Storage?
- A) By encrypting the file during access
- B) By ensuring that multiple users can access without conflicts
- C) By enabling exclusive access during write operations
- D) By blocking all read access during updates
- What is the purpose of Shared Access Signatures (SAS) in REST APIs?
- A) To encrypt data at rest
- B) To define time-limited access to storage resources
- C) To mount Azure File shares
- D) To enhance network security
- Which protocol is recommended for cross-platform file sharing in Azure File Storage?
- A) SMB
- B) NFS
- C) REST APIs
- D) HTTP
- Which method allows browser-based applications to interact with Azure Blob Storage?
- A) SMB protocol
- B) REST APIs
- C) SFTP
- D) Azure CLI
- What does an Azure Storage REST API operation always require for execution?
- A) Network encryption
- B) An HTTP request
- C) SMB share permissions
- D) Multi-factor authentication
Topic: Identity-Based Access and RBAC
- What is the role of RBAC in Azure?
- A) Encrypting sensitive data
- B) Assigning access permissions based on user roles
- C) Monitoring network traffic
- D) Creating storage accounts
- Which Azure tool can you use to assign RBAC roles?
- A) PowerShell
- B) Microsoft Edge
- C) SQL Server Management Studio
- D) Blob Explorer
- How does Azure AD provide identity-based access to Azure Storage?
- A) By encrypting stored data
- B) By authenticating users and granting permissions
- C) By enforcing network security rules
- D) By managing access tiers
- Which built-in RBAC role is required for managing Azure Storage accounts?
- A) Storage Contributor
- B) Storage Reader
- C) Storage Admin
- D) Storage Owner
- What is a key benefit of RBAC in Azure Storage?
- A) Ensures encrypted data access
- B) Limits permissions to only what is necessary
- C) Enables automated scaling
- D) Provides real-time data insights
- Which authentication method supports RBAC in Azure Storage?
- A) Account keys
- B) Shared Access Signatures
- C) Azure AD-based access
- D) NFS protocols
- What happens when a user is removed from an Azure AD group assigned to an RBAC role?
- A) They retain permissions indefinitely
- B) Their permissions are revoked immediately
- C) They retain permissions for 24 hours
- D) Their permissions are downgraded
- What is the least privilege principle in RBAC?
- A) Assigning all permissions to all users
- B) Granting only permissions necessary for tasks
- C) Using only Azure AD for authentication
- D) Encrypting network traffic
- What is the maximum number of roles a single user can be assigned in RBAC?
- A) 10
- B) 50
- C) Unlimited
- D) 100
- How are RBAC roles applied in Azure Storage?
- A) Directly on individual files
- B) At the storage account or container level
- C) Using access tiers
- D) With REST API headers
Topic: Encryption and Network Security
- What encryption method does Azure Storage use by default?
- A) Client-side encryption
- B) Server-side encryption (SSE)
- C) Network-layer encryption
- D) Block-based encryption
- What is the purpose of Azure Storage Service Encryption (SSE)?
- A) To protect data in transit
- B) To secure data at rest
- C) To prevent unauthorized network access
- D) To enable compression
- Which key management method is NOT supported in Azure Storage encryption?
- A) Microsoft-managed keys
- B) Customer-managed keys
- C) Third-party keys
- D) Service-managed keys
- How can data in transit be secured in Azure Storage?
- A) Using SMB encryption
- B) Enabling HTTPS for all requests
- C) Compressing data before transit
- D) Using multi-factor authentication
- What is the purpose of a Virtual Network (VNet) in Azure Storage security?
- A) To encrypt stored data
- B) To isolate storage traffic from public networks
- C) To assign RBAC roles
- D) To configure file access methods
- Which network security feature restricts Azure Storage access to specific IP addresses?
- A) VNet Service Endpoints
- B) Azure Firewall
- C) Shared Access Signatures
- D) Network ACLs
- How does Azure ensure encryption for data at rest?
- A) By compressing the data before storage
- B) By using 256-bit AES encryption
- C) By requiring a password for access
- D) By enabling role-based access
- What happens when HTTPS is not enforced for Azure Storage accounts?
- A) Data is automatically encrypted in transit
- B) Data can be intercepted in transit
- C) Storage account access is blocked
- D) Only encrypted blobs are accessible
- How can you enhance the security of an Azure Storage account?
- A) Use SMB for file sharing
- B) Enable private endpoints and restrict public access
- C) Disable encryption
- D) Assign all users admin permissions
- What is the role of a Shared Key in Azure Storage access?
- A) Encrypting data at rest
- B) Providing direct access to storage resources
- C) Managing access tiers
- D) Isolating traffic within VNets
Answers Table
| Qno | Answer |
|---|---|
| 1 | B) SMB |
| 2 | B) To provide programmatic access to storage services |
| 3 | B) File Storage |
| 4 | B) Postman |
| 5 | C) SMB uses direct file access; REST APIs use HTTP protocols |
| 6 | C) By enabling exclusive access during write operations |
| 7 | B) To define time-limited access to storage resources |
| 8 | A) SMB |
| 9 | B) REST APIs |
| 10 | B) An HTTP request |
| 11 | B) Assigning access permissions based on user roles |
| 12 | A) PowerShell |
| 13 | B) By authenticating users and granting permissions |
| 14 | A) Storage Contributor |
| 15 | B) Limits permissions to only what is necessary |
| 16 | C) Azure AD-based access |
| 17 | B) Their permissions are revoked immediately |
| 18 | B) Granting only permissions necessary for tasks |
| 19 | C) Unlimited |
| 20 | B) At the storage account or container level |
| 21 | B) Server-side encryption (SSE) |
| 22 | B) To secure data at rest |
| 23 | C) Third-party keys |
| 24 | B) Enabling HTTPS for all requests |
| 25 | B) To isolate storage traffic from public networks |