MCQs on Managing Secrets, Keys, and Certificates | Azure Key Vault MCQs Questions
This comprehensive set of Azure Key Vault questions and answers covers topics such as managing secrets, cryptographic keys, and certificates, along with their storage, retrieval, and integration. With a focus on generating, importing, exporting, and versioning keys and secrets, these MCQs are designed to help you understand Azure Key Vault for exam preparation and practical applications.
Chapter 2: Managing Secrets, Keys, and Certificates – MCQs
Topic 1: Storing and Retrieving Secrets
- What is a primary use case for Azure Key Vault?
a) Encrypting virtual machine disks
b) Storing and accessing sensitive information like secrets
c) Monitoring network traffic
d) Creating virtual machines - How can applications retrieve secrets from Azure Key Vault?
a) By using SQL queries
b) By calling REST APIs or SDKs
c) By accessing Azure Monitor logs
d) By querying Azure Storage - What is required to access a secret stored in Azure Key Vault?
a) An SSL certificate
b) Proper role-based access control (RBAC) permissions
c) A public IP address
d) An Azure subscription ID - Which type of data can Azure Key Vault securely store?
a) Application logs
b) Connection strings and passwords
c) Resource deployment templates
d) Container images - What is the default encryption algorithm for secrets in Azure Key Vault?
a) RSA
b) AES-256
c) SHA-256
d) MD5 - How can you securely rotate secrets in Azure Key Vault?
a) Manually update the secret
b) Use Azure Automation to update secrets periodically
c) Delete the secret and create a new one
d) Enable auto-delete for old secrets
Topic 2: Generating and Managing Cryptographic Keys
- What is the purpose of a cryptographic key in Azure Key Vault?
a) To encrypt and decrypt sensitive data
b) To monitor resource health
c) To store application configurations
d) To track API usage - Which key management operation is NOT supported by Azure Key Vault?
a) Key creation
b) Key rotation
c) Key decryption
d) Key logging - How can you generate a key in Azure Key Vault?
a) By using Azure CLI, REST API, or the Azure portal
b) By uploading a script file
c) By creating a virtual machine
d) By accessing Azure Monitor - What is the default key type used in Azure Key Vault for encryption?
a) Symmetric keys
b) Asymmetric keys
c) Public keys
d) Session keys - How can applications securely access cryptographic keys in Azure Key Vault?
a) By using hard-coded secrets
b) Through managed identity or service principal authentication
c) By enabling guest access
d) By using IP filtering - Which feature allows periodic automatic renewal of cryptographic keys in Azure Key Vault?
a) Key Expiry Alert
b) Key Rotation Policy
c) Managed Key Renewal
d) Secure Access Configuration
Topic 3: Importing and Exporting Keys
- How can you import a cryptographic key into Azure Key Vault?
a) By uploading it through the Azure portal or CLI
b) By creating a resource group
c) By running a PowerShell script
d) By enabling guest access - Which key format is supported for importing keys into Azure Key Vault?
a) PEM and PFX
b) CSV and JSON
c) XML and YAML
d) TXT and MD5 - What is required to export keys from Azure Key Vault?
a) Export permissions in the access policy
b) A service principal with admin rights
c) A public key certificate
d) An active Azure subscription - What is a key limitation when exporting keys from Azure Key Vault?
a) Exported keys can only be symmetric keys
b) Only hardware-protected keys can be exported
c) Exporting keys is not allowed for keys marked as non-exportable
d) Exported keys require re-encryption - How can you securely back up keys in Azure Key Vault?
a) By exporting them as plain text
b) By using the backup operation in the Azure portal
c) By saving them to Azure Storage directly
d) By enabling monitoring - When importing keys, what option ensures compatibility across applications?
a) Using standardized key formats like PEM or PFX
b) Storing keys in unencrypted format
c) Using custom encoding methods
d) Disabling access policies
Topic 4: Certificate Management and Integration
- What is a common use case for managing certificates in Azure Key Vault?
a) Encrypting resource groups
b) Securing web application traffic with SSL/TLS certificates
c) Tracking resource utilization
d) Monitoring database queries - How can Azure Key Vault automatically renew certificates?
a) By integrating with certificate authorities (CAs)
b) By running Azure Automation scripts
c) By enabling manual renewal notifications
d) By using third-party tools - What is the role of a certificate authority in Azure Key Vault?
a) To manage access control policies
b) To validate and issue certificates
c) To monitor virtual machines
d) To encrypt database data - Which integration enables Azure App Service to use certificates from Azure Key Vault?
a) Direct certificate binding
b) Certificate references in application settings
c) Importing certificates into Azure Storage
d) Using network security groups - What is a certificate policy in Azure Key Vault?
a) A set of rules defining how certificates are issued and managed
b) A method for encrypting secret data
c) A policy for monitoring certificates
d) A backup strategy for SSL certificates - Which protocol is commonly used to secure certificates in transit?
a) HTTP
b) TLS/SSL
c) FTP
d) SCP
Topic 5: Versioning of Keys, Secrets, and Certificates
- How does Azure Key Vault handle versioning of keys?
a) By overwriting older keys with new ones
b) By assigning unique identifiers to each version
c) By storing only the latest key version
d) By creating snapshots - What happens when you delete a version of a key in Azure Key Vault?
a) The key becomes inactive
b) The key version is permanently removed
c) The latest key version is also deleted
d) Older versions remain unaffected - How can you access a specific version of a secret in Azure Key Vault?
a) By specifying the version identifier in the API call
b) By navigating to the Azure Resource Manager
c) By using Azure Service Health
d) By enabling diagnostic settings - Which benefit does versioning of certificates provide in Azure Key Vault?
a) Ability to track updates and maintain history
b) Automatic scaling of certificates
c) Simplified user authentication
d) Increased application performance - How can you restore a previous version of a key or secret in Azure Key Vault?
a) By creating a new version from the backup
b) By deleting all subsequent versions
c) By selecting the previous version in the Azure portal
d) By exporting it from diagnostic logs - Why is versioning important for secrets in Azure Key Vault?
a) To maintain a secure audit trail of changes
b) To increase access permissions
c) To allow manual updates only
d) To encrypt additional resources
Answer Key
| Qno | Answer |
|---|---|
| 1 | b) Storing and accessing sensitive information like secrets |
| 2 | b) By calling REST APIs or SDKs |
| 3 | b) Proper role-based access control (RBAC) permissions |
| 4 | b) Connection strings and passwords |
| 5 | b) AES-256 |
| 6 | b) Use Azure Automation to update secrets periodically |
| 7 | a) To encrypt and decrypt sensitive data |
| 8 | d) Key logging |
| 9 | a) By using Azure CLI, REST API, or the Azure portal |
| 10 | b) Asymmetric keys |
| 11 | b) Through managed identity or service principal authentication |
| 12 | b) Key Rotation Policy |
| 13 | a) By uploading it through the Azure portal or CLI |
| 14 | a) PEM and PFX |
| 15 | a) Export permissions in the access policy |
| 16 | c) Exporting keys is not allowed for keys marked as non-exportable |
| 17 | b) By using the backup operation in the Azure portal |
| 18 | a) Using standardized key formats like PEM or PFX |
| 19 | b) Securing web application traffic with SSL/TLS certificates |
| 20 | a) By integrating with certificate authorities (CAs) |
| 21 | b) To validate and issue certificates |
| 22 | b) Certificate references in application settings |
| 23 | a) A set of rules defining how certificates are issued and managed |
| 24 | b) TLS/SSL |
| 25 | b) By assigning unique identifiers to each version |
| 26 | b) The key version is permanently removed |
| 27 | a) By specifying the version identifier in the API call |
| 28 | a) Ability to track updates and maintain history |
| 29 | c) By selecting the previous version in the Azure portal |
| 30 | a) To maintain a secure audit trail of changes |