MCQs on Data Security and Access Control | Azure Data Lake Storage
Explore essential concepts of Azure Data Lake Storage (ADLS) security with these MCQs, focusing on authentication methods, role-based access control (RBAC), encryption, and network security configurations for optimal protection.
Chapter 3: Data Security and Access Control
Authentication Methods for Azure Data Lake Storage (Azure AD, Shared Access Signatures)
- Which authentication method is commonly used to secure access to Azure Data Lake Storage?
- A) Shared Access Signatures
- B) OAuth
- C) Azure AD
- D) Access Keys
- What is the main advantage of using Azure AD for authentication in Azure Data Lake Storage?
- A) Simplicity in management
- B) Integration with other Microsoft services
- C) Granular access control
- D) Reduced cost
- Shared Access Signatures (SAS) provide what type of access to Azure Data Lake Storage?
- A) Temporary, limited access to resources
- B) Full access to all resources
- C) No access to data
- D) Only read-only access
- How long can a Shared Access Signature (SAS) be valid for?
- A) A fixed period set by the administrator
- B) One month
- C) A maximum of 7 days
- D) Unlimited
- Which component does Azure AD authentication rely on for verifying user identities?
- A) Token-based authentication
- B) Symmetric encryption
- C) Key vault
- D) Shared keys
- What is a key benefit of using Shared Access Signatures for ADLS?
- A) Continuous monitoring
- B) Fine-grained control over access permissions
- C) Direct integration with Azure AD
- D) Low implementation cost
- Which permission is needed for Azure AD-based authentication to access Azure Data Lake Storage?
- A) Contributor
- B) Reader
- C) Owner
- D) Custom permissions
- When using SAS tokens, what must be provided to grant access to a resource?
- A) IP address restrictions
- B) Start and expiry time
- C) Virtual network settings
- D) User identity
- What can be restricted when using SAS for data access?
- A) Only write permissions
- B) Time-based and IP-based access
- C) Read and delete operations only
- D) Full administrative access
- How are permissions granted with Azure AD authentication in ADLS?
- A) By assigning a SAS token
- B) Through role assignments in Azure AD
- C) Using file-level ACLs
- D) By linking a user account directly to the storage account
Role-Based Access Control (RBAC) for ADLS
- What does Role-Based Access Control (RBAC) in Azure Data Lake Storage primarily manage?
- A) File system structure
- B) User authentication
- C) Access control to resources based on roles
- D) Network traffic
- Which of the following is NOT an Azure AD role for managing ADLS access?
- A) Storage Blob Data Contributor
- B) Storage File Data Owner
- C) Azure Data Scientist
- D) Storage Account Contributor
- In RBAC, which of these actions can be performed by a “Storage Blob Data Contributor” role?
- A) Grant read access to storage accounts
- B) Write and modify blob data
- C) Manage Azure AD users
- D) Create and delete storage accounts
- What is the default level of access granted by the Azure AD “Storage Blob Data Reader” role?
- A) Read-only access to blob data
- B) Full access to storage account settings
- C) Write access to blob data
- D) Read/write access to data and metadata
- How can RBAC be applied to Azure Data Lake Storage?
- A) Through Azure portal role assignments
- B) By editing ACLs manually
- C) Using storage access keys
- D) By granting administrative rights
- Which type of role in Azure AD can allow users to modify permissions and manage access?
- A) Contributor
- B) Reader
- C) Owner
- D) Data Reader
- In Azure AD RBAC, which of the following permissions is typically granted to the “Owner” role?
- A) Only read permissions
- B) Full management and access to resources
- C) Only data modification access
- D) Network-level control
- Which role is suitable for a user who needs to access, but not modify, data in Azure Data Lake Storage?
- A) Contributor
- B) Reader
- C) Data Engineer
- D) Owner
- Which Azure role should be assigned to enable a user to read and write data in both Azure Data Lake Storage Gen1 and Gen2?
- A) Storage Blob Data Contributor
- B) Storage File Data SMB Share Contributor
- C) Storage Data Owner
- D) Storage Account Contributor
- How does Azure RBAC provide security for Azure Data Lake Storage?
- A) By encrypting the data in transit
- B) By limiting user actions based on role definitions
- C) By creating private endpoints
- D) By managing file and directory permissions
Configuring Access Control Lists (ACLs) for Data Access
- What is the purpose of Access Control Lists (ACLs) in Azure Data Lake Storage?
- A) Encrypt data at rest
- B) Control permissions at the file and directory level
- C) Enable data replication
- D) Configure data redundancy
- What can be controlled using ACLs in Azure Data Lake Storage?
- A) Network traffic between storage accounts
- B) Data read/write permissions on individual files or directories
- C) Access from external services
- D) Total storage usage
- What permission types are specified in an ACL for Azure Data Lake Storage?
- A) Read, Write, Execute
- B) Grant, Revoke, Modify
- C) Allow, Deny
- D) Access, Control, Modify
- Which method can be used to apply ACLs on an Azure Data Lake directory?
- A) PowerShell
- B) Azure CLI
- C) Azure portal
- D) All of the above
- What is the maximum number of ACLs that can be set on a single directory or file in ADLS?
- A) 50
- B) 100
- C) 200
- D) No limit
- Which permission would you assign to a user in an ACL who should only view data without modifying it?
- A) Execute
- B) Write
- C) Read
- D) Modify
- How can ACLs be inherited in Azure Data Lake Storage?
- A) Manually set for each file
- B) Automatically from parent directories
- C) Via storage access keys
- D) Only on read-only files
- What type of access control does ACLs provide for Azure Data Lake?
- A) Hierarchical, at the file and folder level
- B) Only at the container level
- C) Only at the storage account level
- D) No control; it is managed by Azure AD
- Which tool can be used to view and manage ACLs in Azure Data Lake Storage?
- A) Azure Storage Explorer
- B) Azure CLI
- C) PowerShell
- D) All of the above
- Which permissions are required for a user to modify ACLs in Azure Data Lake Storage?
- A) Full Control permissions
- B) Write permissions on the directory or file
- C) Administrative permissions on the storage account
- D) Contributor role permissions
Answer Key
| Qno | Answer |
|---|---|
| 1 | C) Azure AD |
| 2 | B) Integration with other Microsoft services |
| 3 | A) Temporary, limited access to resources |
| 4 | A) A fixed period set by the administrator |
| 5 | A) Token-based authentication |
| 6 | B) Fine-grained control over access permissions |
| 7 | D) Custom permissions |
| 8 | B) Start and expiry time |
| 9 | B) Time-based and IP-based access |
| 10 | B) Through role assignments in Azure AD |
| 11 | C) Access control to resources based on roles |
| 12 | C) Azure Data Scientist |
| 13 | B) Write and modify blob data |
| 14 | A) Read-only access to blob data |
| 15 | A) Through Azure portal role assignments |
| 16 | C) Owner |
| 17 | B) Full management and access to resources |
| 18 | B) Reader |
| 19 | A) Storage Blob Data Contributor |
| 20 | B) By limiting user actions based on role definitions |
| 21 | B) Control permissions at the file and directory level |
| 22 | B) Data read/write permissions on individual files or directories |
| 23 | A) Read, Write, Execute |
| 24 | D) All of the above |
| 25 | D) No limit |
| 26 | C) Read |
| 27 | B) Automatically from parent directories |
| 28 | A) Hierarchical, at the file and folder level |
| 29 | D) All of the above |
| 30 | B) Write permissions on the directory or file |