MCQs on Security and Access Control | Azure Key Vault MCQs Questions
Azure Key Vault is a cloud service for securely storing and managing secrets, encryption keys, and certificates. Chapter 3 focuses on security aspects like Azure Active Directory integration, Role-Based Access Control (RBAC), managed identities, and network security. These Azure Key Vault questions and answers will enhance your understanding of access control, secure network configurations, and monitoring practices for ensuring robust security. Perfect for professionals aiming to master Key Vault operations.
Multiple-Choice Questions (MCQs)
Azure Active Directory Integration
- What is the purpose of integrating Azure Key Vault with Azure Active Directory (AAD)?
a) To enable firewall rules
b) To manage user authentication and authorization
c) To store logs and metrics
d) To deploy applications automatically - Which Azure AD role allows a user to manage keys in a Key Vault?
a) Owner
b) Contributor
c) Key Vault Crypto Officer
d) Key Vault Reader - How does Azure AD facilitate secure access to Key Vault?
a) By encrypting secrets automatically
b) By using tokens for authentication
c) By creating managed certificates
d) By providing automatic backups - Which type of Azure Active Directory object can access Azure Key Vault?
a) Users
b) Applications
c) Service principals
d) All of the above - What is required to authenticate an application with Azure AD for accessing Key Vault?
a) An API token
b) A service principal and its credentials
c) A network security group
d) An SSH key
Role-Based Access Control (RBAC) for Key Vault
- Which RBAC role is required to create and manage Key Vaults?
a) Key Vault Administrator
b) Owner
c) Security Manager
d) Network Contributor - What permission is required to retrieve a secret from Azure Key Vault?
a) Get permission
b) List permission
c) Read permission
d) Access permission - How does RBAC enhance security in Azure Key Vault?
a) By encrypting data
b) By allowing role-based access to specific actions
c) By creating private endpoints
d) By integrating with third-party tools - Which role is designed specifically for managing secret permissions?
a) Key Vault Secrets Officer
b) Key Vault Contributor
c) Secrets Reader
d) Secrets Manager - What is the advantage of using RBAC over access policies for Key Vault?
a) Easier integration with AAD roles
b) Granular control over permissions
c) Centralized management of permissions
d) All of the above
Managed Identities for Applications
- What is the benefit of using managed identities with Azure Key Vault?
a) Simplified authentication without credentials
b) Faster key rotation
c) Enhanced logging capabilities
d) Increased network security - How is a managed identity assigned to an application?
a) Through Azure AD configuration
b) By enabling it in the application’s Azure resource
c) By creating a service principal manually
d) By integrating with API Management - Which type of managed identity is tied to a specific Azure resource?
a) User-assigned identity
b) System-assigned identity
c) Application-assigned identity
d) Service-assigned identity - Can multiple resources share a single user-assigned managed identity?
a) Yes
b) No
c) Only in specific regions
d) Only with premium Azure AD subscriptions - What is required to grant a managed identity access to a Key Vault?
a) Assigning an RBAC role or access policy
b) Configuring a network security group
c) Adding the managed identity to a private endpoint
d) Creating a service endpoint
Network Security with Firewalls and Private Endpoints
- What is the purpose of firewalls in Azure Key Vault?
a) To encrypt secrets
b) To restrict access based on IP ranges
c) To integrate with Azure AD
d) To monitor performance - What is a private endpoint in Azure Key Vault?
a) A secure connection for accessing Key Vault over the internet
b) A virtual network interface for private connectivity
c) A managed service for secret storage
d) An Azure AD authentication mechanism - How does enabling a firewall improve Key Vault security?
a) By encrypting secrets automatically
b) By allowing access only from approved networks
c) By disabling public endpoint access
d) Both b and c - Which feature ensures that Key Vault traffic does not leave the Azure network?
a) Network security groups
b) Private endpoints
c) Role-based access control
d) API Management - Can public access to Azure Key Vault be disabled?
a) Yes, by enabling a private endpoint
b) No, it is mandatory for all Key Vaults
c) Yes, by configuring a service principal
d) No, but traffic can be encrypted
Key Vault Logging and Monitoring
- What tool is used to monitor Key Vault activity?
a) Azure Monitor
b) Azure Security Center
c) Azure Log Analytics
d) All of the above - Which log type records access to secrets in Key Vault?
a) Audit log
b) Access log
c) Diagnostic log
d) Secret usage log - How can diagnostic logs for Key Vault be enabled?
a) Through the Azure CLI
b) From the Key Vault’s monitoring blade
c) Using PowerShell commands
d) Any of the above - What information does the Key Vault audit log contain?
a) Key creation and deletion events
b) Access attempts and permission changes
c) IP addresses of accessing clients
d) All of the above - How can you visualize Key Vault logs for easier analysis?
a) By exporting to Azure Storage
b) By integrating with Azure Monitor Workbooks
c) By using Azure Stream Analytics
d) By configuring API Management
Additional Questions
- Which command-line tool can be used to manage Key Vault secrets?
a) Azure CLI
b) PowerShell
c) Both a and b
d) Azure DevOps - What is a secret in the context of Azure Key Vault?
a) A private encryption key
b) Any sensitive information stored securely
c) A certificate chain
d) A monitoring policy - What happens when a Key Vault secret expires?
a) It is automatically deleted
b) It becomes inaccessible until renewed
c) An alert is triggered if configured
d) Both b and c - How can you ensure high availability for Azure Key Vault?
a) By enabling geo-redundancy
b) By configuring a backup and restore policy
c) By using managed identities
d) By integrating with Azure Traffic Manager - What is the recommended way to rotate keys in Azure Key Vault?
a) Manual rotation through the portal
b) Using an automation script
c) Setting up a Key Vault rotation policy
d) Both b and c
Answers
| QNo | Answer (Option with text) |
|---|---|
| 1 | b) To manage user authentication and authorization |
| 2 | c) Key Vault Crypto Officer |
| 3 | b) By using tokens for authentication |
| 4 | d) All of the above |
| 5 | b) A service principal and its credentials |
| 6 | a) Key Vault Administrator |
| 7 | a) Get permission |
| 8 | b) By allowing role-based access to specific actions |
| 9 | a) Key Vault Secrets Officer |
| 10 | d) All of the above |
| 11 | a) Simplified authentication without credentials |
| 12 | b) By enabling it in the application’s Azure resource |
| 13 | b) System-assigned identity |
| 14 | a) Yes |
| 15 | a) Assigning an RBAC role or access policy |
| 16 | b) To restrict access based on IP ranges |
| 17 | b) A virtual network interface for private connectivity |
| 18 | d) Both b and c |
| 19 | b) Private endpoints |
| 20 | a) Yes, by enabling a private endpoint |
| 21 | d) All of the above |
| 22 | c) Diagnostic log |
| 23 | d) Any of the above |
| 24 | d) All of the above |
| 25 | b) By integrating with Azure Monitor Workbooks |
| 26 | c) Both a and b |
| 27 | b) Any sensitive information stored securely |
| 28 | d) Both b and c |
| 29 | a) By enabling geo-redundancy |
| 30 | d) Both b and c |