Practice Test
True or False: Azure Active Directory (Azure AD) provides identity-based authentication and authorization to Azure Storage.
- True
- False
Answer: True
Explanation: Azure Active Directory indeed provides identity-based access control to Azure storage.
Which of the following can be authenticated using Azure AD?
- A. Blob storage
- B. Queue storage
- C. Table storage
- D. All of the above
Answer: D. All of the above
Explanation: Azure AD authentication supports blob storage, queue storage, and table storage.
True or False: Users authenticated via Azure AD can perform all operations on a storage account.
- True
- False
Answer: False
Explanation: The operations a user can perform depend on the role assigned to them.
Which of the following tools can support Azure AD authentication for Azure Storage operations?
- A. Azure PowerShell
- B. Azure CLI
- C. Azure Storage SDKs for .NET
- D. All of the above
Answer: D. All of the above
Explanation: All the tools listed above can support Azure AD authentication for Azure Storage operations.
True or False: It is possible to authenticate and authorize with Azure Active Directory for Azure File Sync.
- True
- False
Answer: False
Explanation: Azure File Sync does not support Azure AD authentication and authorization.
Which is needed to configure Azure AD authentication for a storage account?
- A. Set managed identities
- B. Set storage account firewalls
- C. Set Azure role-based access control (Azure RBAC)
- D. All of the above
Answer: D. All of the above
Explanation: Both managed identities, storage account firewalls and Azure RBAC are prerequisites for Azure AD authenticated access to a storage account.
Azure AD authentication is only available for a general-purpose v2 storage account. Is this statement true or false?
- True
- False
Answer: True
Explanation: Support for Azure AD authentication is indeed only available for general-purpose v2 storage accounts.
True or False: Configuring Azure AD for Azure blob storage doesn’t provide access to data via a User Delegation SAS token.
- True
- False
Answer: False
Explanation: Configuring Azure AD for Azure blob storage indeed provides access to data via a User Delegation SAS token.
True or False: Azure Blob Storage does not support Azure AD authentication.
- True
- False
Answer: False
Explanation: Azure Blob Storage does indeed support Azure AD authentication.
Which of the following roles is NOT a built-in role in Azure RBAC for authorizing access to Azure Storage data with Azure AD?
- A. Storage Blob Data Reader
- B. Storage Blob Data Contributor
- C. Storage Blob Data Operator
- D. Storage Blob Data Owner
Answer: C. Storage Blob Data Operator
Explanation: Storage Blob Data Operator is not a built-in role in Azure RBAC for authorizing access to Azure Storage data with Azure AD.
True or False: You can use Azure AD authentication and authorization to manage and access data in your Azure Data Lake Store account.
- True
- False
Answer: True
Explanation: Azure Data Lake Store supports Azure AD for authentication and authorization.
True or False: It is possible to use a shared access signature (SAS) token without Azure AD to authenticate requests to Azure Storage.
- True
- False
Answer: True
Explanation: SAS tokens provide a way to grant limited access to objects in your storage account to other clients, without sharing your account key.
Which of the following is NOT a step in enabling and configuring Azure AD authentication with Azure Storage?
- A. Assign Azure RBAC roles
- B. Create an Azure Service Principal
- C. Set up Azure Storage firewalls and virtual networks
- D. Migrate data to a General Purpose V1 storage account
Answer: D. Migrate data to a General Purpose V1 storage account
Explanation: Azure AD authentication is not supported for a General Purpose V1 storage account, hence no migration to such an account is necessary.
True or False: Azure AD authentication can only be used with storage accounts that are created in the same Azure subscription as Azure AD.
- True
- False
Answer: False
Explanation: Authentication can be used across multiple subscriptions as long as consistency is maintained in the configuration.
True or False: After enabling Azure AD authentication for a storage account, you cannot disable it.
- True
- False
Answer: False
Explanation: You can disable Azure AD authentication for a storage account anytime, but it’s not recommended due to security reasons.
Interview Questions
What is Azure AD authentication for a storage account?
Azure Active Directory (Azure AD) integration for Azure Storage allows you to use Azure AD to manage identities and access for Azure Blob data. Azure AD authentication offers superior security and ease of use.
What types of identities are supported in Azure AD authentication for Azure Blob data?
Azure AD supports two types of identities. User identities represent individuals. These can be members of your organization in Azure AD or guests in Azure AD. Service principals represent applications or services, and can authenticate either with a client secret or a certificate.
How can you enable Azure AD authentication for blob storage?
You can enable Azure AD authentication by using Azure Portal, PowerShell, Azure CLI, or an ARM template to enable Azure AD for your storage account.
Can you use Azure AD authentication to authorize data plane operations with the Storage Services REST APIs?
Yes, Azure AD authentication can be used to authorize both management and data plane operations with the Azure Storage Services REST APIs.
How does Azure RBAC roles relate in context with Azure AD Authentication for storage accounts?
Azure Role-Based Access Control (RBAC) roles can be assigned to identities for granting permissions. These roles define the actions the client can perform on the storage account data.
What permission does the Storage Blob Data Contributor role provide?
The Storage Blob Data Contributor role provides read, write, and delete access to Azure Blob Storage data, but not to the surrounding containers or to the storage account itself.
What are the necessary steps to set up Azure AD with Azure storage?
Firstly, Azure AD needs to be enabled for the storage account. After that, an Azure AD identity needs to be assigned. Then, a role specifying what access the identity has needs to be added.
Can you use Azure AD with Azure File shares?
No, currently, Azure AD authentication for Azure Files is in preview and not recommended for production workloads.
Is it compulsory to enable Azure AD for each storage account?
Yes, Azure AD must be explicitly enabled for each storage account before it can be used to authorize requests to Blob storage.
How can you use Azure AD to authorize access to blob data?
Azure AD provides integrated security for authorizing access to blob data. You can assign RBAC roles to an Azure AD identity, and then use that identity to make authorized requests to Blob storage.
Can you use Azure AD Shared Access Signature (SAS) tokens for Azure Storage?
No, Azure AD does not interact with Shared Access Signature (SAS) tokens for Azure storage. Azure AD uses a different authorization mechanism.
What is the main difference between Azure AD Authentication and Azure Storage account key for access management?
Unlike a storage account key, Azure AD provides an identity-based security solution, and can be used to authorize requests on a per-call basis.
What is the required minimum version of Azure PowerShell to enable Azure AD authentication for a storage account?
To enable Azure AD authentication for a storage account, you require a minimum version of Azure PowerShell 1.4.0.
What is the function of the Storage Blob Data Reader role in Azure AD authentication?
The Storage Blob Data Reader role offers read permissions for an Azure AD user.
In Azure AD authentication, what role does Managed identities play?
Managed identities for Azure resources are a feature of Azure AD. They provide Azure services with an automatically managed identity in Azure AD. This can be used to authenticate to any service that supports Azure AD authentication.
extutorials.com