Module quiz: Storage security Quiz Answers
In this article i am gone to share Coursera Course: Secure Your Data at Rest by Microsoft | Week 1 Quiz | Module quiz: Storage security Quiz Answers with you..
Enrol Link: Secure Your Data at Rest
Module quiz: Storage security Quiz Answers
Select the scenario that best depicts the need for Storage service encryption in Azure.
- A software development company requires a secure method to share software packages and files with external entities without compromising their Azure Storage account credentials. They seek a solution that allows them to grant temporary access with customizable permissions and policies, ensuring data security and control.
- A technology company has identified the need to secure access to sensitive customer data in Azure Blob Storage. They want only specific IP addresses or network ranges associated with their trusted partners or internal systems to have access to the data.
- A financial services company stores sensitive information in Azure Blob Storage. They require a solution to safeguard this information even if the storage medium is compromised. They seek a mechanism to automatically encrypt the data at rest, ensuring its security and confidentiality.
- A multinational corporation requires a robust access control mechanism to safeguard its sensitive corporate data. They seek a solution that enables them to grant specific permissions to users or groups, ensuring that only authorized individuals can access and manipulate the data.
Your organization operates globally and stores customer data from different countries in Azure. You need to ensure compliance with data sovereignty regulations. Which benefit of Azure provides automatic data synchronization to a paired region for protection against regional outages?
- Physical isolation
- Region recovery order
- Platform-provided replication
- Sequential updates
Your organization wants to provide identity-based authorization for Blob and Queue services. Which among the following does Microsoft recommend?
- Azure AD Domain Services
- Public access
- Shared keys
- Azure Active Directory
You are building a secure file-sharing platform that allows users to upload and share files with specific access permissions. The files are stored in Azure Blob Storage, and you want to implement Microsoft-recommended best practices to reduce potential risks when using shared access signatures (SAS). Which one of the following represents a Microsoft-recommended best practice for securely using SAS in the file-sharing platform?
- Store the Storage account key in the application code for quicker access.
- Implement user delegation for SAS tokens wherever possible.
- Set a long expiration time for SAS tokens to reduce the need for frequent token generation.
- Use HTTP to distribute SAS tokens to users to ensure faster file access.
In which scenario is a service-level SAS most applicable? Provide only the minimum privileges.
- Granting access to an external reporting tool to generate monthly analytics reports based on data stored in the storage account
- Granting access to a mobile application to retrieve user-uploaded images from a specific container in the storage account using a stored access policy
- Granting access to a web application that allows users to upload files directly to Azure Blob Storage using their Azure Active Directory credentials
- Securing access to a backup and restoring service that requires downloading files from multiple containers in the storage account
Your team at TechMed Health Solutions has developed a mobile application that stores patients’ health data in Azure Blob Storage. For data security, you want the application only to be able to upload data to a specific container without any other permissions.
What SAS token permissions should you assign?
- Read, Write.
- Read, Write, List.
- Write, Delete.
Identify the scenarios most suited for utilizing shared keys.
- An administrator needs access to an Azure Storage account to perform account-level operations.
- An application requires read-only access to a specific container within an Azure Storage account.
- A developer wants to enable secure access to Azure Storage resources using Azure Active Directory authentication.
- A user needs temporary access to upload files to an Azure Blob Storage container.
How can you ensure that the storage account access keys for your Azure Storage accounts are rotated regularly?
- Manually regenerate the access keys every month
- Enable automatic key rotation in the Azure portal
- Use Azure AD to manage access keys and enforce rotation
- Create a key expiration policy and set reminders for key rotation
You suspected a security breach and hence updated the access keys for an Azure Storage account using the Rotate key option in the Azure portal. How will you test the key rollover using Azure Storage Explorer? Select all that apply.
- Generating a new container within the Azure Storage account and checking if the new access keys are automatically applied.
- Attempting to access the Storage account using the old access keys.
- Generating a new Storage account in Azure Storage Explorer and attempting to access it using the new access keys.
- Verifying the connection to the Azure Storage account in Azure Storage Explorer using the new access keys.
You have designed a Blob container that uses a shared access signature (SAS) associated with a stored access policy. A request against this SAS failed with error code 403. What can be a probable reason for this?
- The permissions parameter contains the complete permission string, acdlrw.
- The request was raised after the expiry time of the policy.
- You have created more than five stored access policies for the Blob container.
- The start time of the stored access policy is mentioned as null.