Azure Key Vault

Question 1

What is Azure Key Vault?

Answer 1

A cloud service for securely storing and accessing secrets such as API keys, passwords, and certificates.

Question 2

What are the key features of Azure Key Vault?

Answer 2

Secret management, key management, certificate management, and hardware security modules (HSM).

Question 3

What types of secrets can Azure Key Vault store?

Answer 3

API keys, passwords, connection strings, and other secrets.

Question 4

What are the pricing tiers for Azure Key Vault?

Answer 4

Standard and Premium.

Question 5

What is the difference between Standard and Premium tiers?

Answer 5

Premium supports HSM-backed keys, while Standard does not.

Question 6

What is a secret in Azure Key Vault?

Answer 6

A value such as a password, API key, or connection string.

Question 7

What is a key in Azure Key Vault?

Answer 7

A cryptographic key used for encryption, decryption, and signing.

Question 8

How does Azure Key Vault integrate with Azure Active Directory (Azure AD)?

Answer 8

It uses Azure AD for authentication and access control.

Question 9

What is the maximum size of a secret in Azure Key Vault?

Answer 9

25KB.

Question 10

How are secrets versioned in Azure Key Vault?

Answer 10

Secrets are versioned automatically when updated.

Question 11

What is soft delete in Azure Key Vault?

Answer 11

A feature that allows deleted keys and secrets to be recovered within a retention period.

Question 12

What is the default retention period for soft deleted items in Key Vault?

Answer 12

90 days.

Question 13

How can you access Azure Key Vault programmatically?

Answer 13

Using REST API, SDKs, or Azure CLI.

Question 14

What is a vault access policy?

Answer 14

A set of permissions that determine what operations a user or service can perform in a vault.

Question 15

How can you monitor activities in Azure Key Vault?

Answer 15

Using Azure Monitor, Log Analytics, and diagnostic logs.

Question 16

What is the purpose of Azure Key Vault Managed HSM?

Answer 16

To provide dedicated HSMs for high-security key management.

Question 17

What is a key rotation policy in Azure Key Vault?

Answer 17

A policy that defines how often a key should be automatically rotated.

Question 18

What is the maximum number of keys you can store in a Key Vault?

Answer 18

Depends on the vault’s pricing tier and resource limits.

Question 19

Can Azure Key Vault be used for encryption at rest?

Answer 19

Yes, it integrates with services like Azure Storage for encryption at rest.

Question 20

How does Azure Key Vault handle encryption keys?

Answer 20

It supports both software- and hardware-based key management.

Question 21

What is Key Vault’s role in TLS/SSL certificate management?

Answer 21

It helps create, manage, and renew certificates securely.

Question 22

What are access control methods for Azure Key Vault?

Answer 22

Role-based access control (RBAC) and access policies.

Question 23

What is BYOK in Azure Key Vault?

Answer 23

Bring Your Own Key, allowing customers to import and manage their own keys.

Question 24

How do you recover a deleted vault?

Answer 24

Using the Azure portal, PowerShell, or CLI if soft delete is enabled.

Question 25

What is RBAC in Azure Key Vault?

Answer 25

Role-Based Access Control to manage access to Key Vault resources.

Question 26

How does Azure Key Vault secure access to secrets?

Answer 26

Using encryption both in transit and at rest, and authentication via Azure AD.

Question 27

What is the purpose of key wrapping in Azure Key Vault?

Answer 27

To encrypt or decrypt keys using a Key Vault managed key.

Question 28

What are managed identities in Azure Key Vault?

Answer 28

Identity services to securely access Key Vault without hardcoding credentials.

Question 29

How can you audit Key Vault access?

Answer 29

By enabling diagnostic logging and sending logs to Azure Monitor or Log Analytics.

Question 30

What is secret purging in Azure Key Vault?

Answer 30

Permanently deleting soft deleted secrets after the retention period.

Question 31

What is a Key Vault certificate?

Answer 31

A certificate that Key Vault can store and manage, including its private key.

Question 32

What is a Key Vault administrator?

Answer 32

A role with full access to all Key Vault operations.

Question 33

How are certificates renewed in Azure Key Vault?

Answer 33

Manually or automatically using auto-renewal features.

Question 34

Can Key Vault secrets be used in DevOps pipelines?

Answer 34

Yes, through integration with Azure DevOps and GitHub Actions.

Question 35

What is Managed Identity for Azure resources?

Answer 35

A feature that allows Azure services to authenticate to Key Vault without credentials.

Question 36

What is Azure Disk Encryption and how does it relate to Key Vault?

Answer 36

It uses Key Vault to manage the encryption keys for virtual machine disks.

Question 37

What are secret attributes in Azure Key Vault?

Answer 37

Metadata such as expiration date, enabled status, and tags.

Question 38

What are tags in Azure Key Vault?

Answer 38

Custom key-value pairs that help organize resources.

Question 39

What is certificate auto-rotation?

Answer 39

Automatic renewal of certificates before they expire.

Question 40

How can Key Vault be integrated with AKS (Azure Kubernetes Service)?

Answer 40

By using Key Vault secrets with Kubernetes-managed identities.

Question 41

What are the available key types in Azure Key Vault?

Answer 41

RSA and EC (Elliptic Curve) keys.

Question 42

What is key backup in Azure Key Vault?

Answer 42

The ability to export a key and restore it later.

Question 43

What is a key operation in Azure Key Vault?

Answer 43

Operations such as sign, verify, wrap, and unwrap keys.

Question 44

What are the limits of Azure Key Vault?

Answer 44

Limits on keys, secrets, and certificates per vault, depending on the pricing tier.

Question 45

Can Azure Key Vault store certificates issued by third parties?

Answer 45

Yes, it supports the import of certificates from external sources.

Question 46

What is Key Vault’s redundancy model?

Answer 46

Key Vault uses geo-redundant storage for high availability.

Question 47

What is an application secret?

Answer 47

A secret used by applications to access resources securely.

Question 48

How does Azure Key Vault ensure compliance?

Answer 48

It is compliant with industry standards such as FIPS 140-2 and GDPR.

Question 49

What is the recommended way to manage access to Key Vault?

Answer 49

Using RBAC with least-privilege access policies.

Question 50

What is the purpose of the filtering feature in Azure Key Vault?

Answer 50

To restrict access to specific secrets, keys, and certificates in the Key Vault.

Question 51

How can the filtering feature help in managing Azure Key Vault access?

Answer 51

It allows administrators to apply policies that filter which secrets, keys, or certificates can be accessed.

Question 52

Can filtering be applied to all types of Key Vault objects?

Answer 52

Yes, filtering can be applied to secrets, keys, and certificates.

Question 53

How is filtering in Azure Key Vault controlled?

Answer 53

It is controlled through role-based access control (RBAC) and access policies.

Question 54

Does Azure Key Vault filtering improve security?

Answer 54

Yes, it limits access to sensitive data by allowing only authorized users to access specific objects.

Question 55

What role does RBAC play in Azure Key Vault filtering?

Answer 55

RBAC defines the access permissions for filtering, ensuring specific roles can access only certain vault contents.

Question 56

How do access policies contribute to Azure Key Vault filtering?

Answer 56

Access policies specify which users or applications can access specific secrets, keys, or certificates.

Question 57

Can Azure Key Vault filtering be used with managed identities?

Answer 57

Yes, managed identities can be used to filter access to specific Key Vault objects.

Question 58

What is the benefit of combining filtering with audit logs in Azure Key Vault?

Answer 58

It provides a detailed record of access and actions taken on filtered objects for enhanced security.

Question 59

How does filtering in Azure Key Vault enhance governance?

Answer 59

It enables fine-grained control over who can access specific Key Vault objects, supporting better governance and compliance.

Question 60

What is the purpose of the Azure Key Vault Network Filtering feature?

Answer 60

To restrict access to the Azure Key Vault based on specific network rules or virtual networks.

Question 61

What types of network restrictions can be applied using Azure Key Vault Network Filtering?

Answer 61

You can restrict access using virtual network rules and IP address ranges.

Question 62

How does Azure Key Vault handle requests from outside allowed network rules?

Answer 62

Requests are denied if they come from an IP address or network not on the allowed list.

Question 63

What service must be configured to enforce network rules on Azure Key Vault?

Answer 63

Network rules are enforced using Azure Virtual Networks or specific IP ranges.

Question 64

Can public internet access be blocked using Azure Key Vault Network Filtering?

Answer 64

Yes, you can block access from the public internet entirely.

Question 65

What happens to existing Key Vault connections when network filtering is enabled?

Answer 65

Existing connections will be allowed if they are from an allowed IP or virtual network.

Question 66

How does Azure Key Vault Network Filtering enhance security?

Answer 66

It limits access to specific trusted networks, reducing exposure to threats.

Question 67

Can Azure services bypass Azure Key Vault Network Filtering restrictions?

Answer 67

Yes, Azure services can be allowed to bypass network restrictions.

Question 68

What feature allows for granular control over which IP addresses can access Azure Key Vault?

Answer 68

IP address range rules allow specific IP addresses or ranges to access the vault.

Question 69

Is Azure Key Vault Network Filtering available for both public and private endpoints?

Answer 69

Yes, it supports both public and private endpoints for network filtering.

Question 70

When using Software-Backed keys stored in a multi-tenant or isolated single-tenant environment?

Answer 70

Multi-tenant environment.

Question 71

Is Azure KeyVault Software-Backed key store FIPS 140-2 Level 3 compliant?

Answer 71

Yes, Azure KeyVault Software-Backed key store is FIPS 140-2 Level 3 compliant.

Question 72

Is Azure KeyVault HSM Backed key store FIPS 140-2 Level 3 compliant?

Answer 72

Yes, Azure KeyVault HSM key store is FIPS 140-2 Level 3 compliant.

Question 73

Can you back up Azure Key Vault certs, keys, and secrets?

Answer 73

Yes, you can backup in the portal, but it’s not recommended as it’s a point in time, and keys and certs may change or be rotated later.

Question 74

Having backed up Azure Key Vault and downloaded the backup, can you inspect it outside Azure?

Answer 74

No, it’s encrypted.

Question 75

After backing up Azure Key Vault and downloading the backup, can you restore it to a key value in another geographical region?

Answer 75

No, it must be restored to an Azure Key Vault in the same geographical region.