Azure Key Vault Flashcards

1
Q

What is Azure Key Vault?

A

A cloud service for securely storing and accessing secrets such as API keys, passwords, and certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the key features of Azure Key Vault?

A

Secret management, key management, certificate management, and hardware security modules (HSM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What types of secrets can Azure Key Vault store?

A

API keys, passwords, connection strings, and other secrets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the pricing tiers for Azure Key Vault?

A

Standard and Premium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between Standard and Premium tiers?

A

Premium supports HSM-backed keys, while Standard does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a secret in Azure Key Vault?

A

A value such as a password, API key, or connection string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a key in Azure Key Vault?

A

A cryptographic key used for encryption, decryption, and signing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does Azure Key Vault integrate with Azure Active Directory (Azure AD)?

A

It uses Azure AD for authentication and access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the maximum size of a secret in Azure Key Vault?

A

25KB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are secrets versioned in Azure Key Vault?

A

Secrets are versioned automatically when updated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is soft delete in Azure Key Vault?

A

A feature that allows deleted keys and secrets to be recovered within a retention period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the default retention period for soft deleted items in Key Vault?

A

90 days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can you access Azure Key Vault programmatically?

A

Using REST API, SDKs, or Azure CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a vault access policy?

A

A set of permissions that determine what operations a user or service can perform in a vault.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you monitor activities in Azure Key Vault?

A

Using Azure Monitor, Log Analytics, and diagnostic logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the purpose of Azure Key Vault Managed HSM?

A

To provide dedicated HSMs for high-security key management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a key rotation policy in Azure Key Vault?

A

A policy that defines how often a key should be automatically rotated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the maximum number of keys you can store in a Key Vault?

A

Depends on the vault’s pricing tier and resource limits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Can Azure Key Vault be used for encryption at rest?

A

Yes, it integrates with services like Azure Storage for encryption at rest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How does Azure Key Vault handle encryption keys?

A

It supports both software- and hardware-based key management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Key Vault’s role in TLS/SSL certificate management?

A

It helps create, manage, and renew certificates securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are access control methods for Azure Key Vault?

A

Role-based access control (RBAC) and access policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is BYOK in Azure Key Vault?

A

Bring Your Own Key, allowing customers to import and manage their own keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do you recover a deleted vault?

A

Using the Azure portal, PowerShell, or CLI if soft delete is enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is RBAC in Azure Key Vault?

A

Role-Based Access Control to manage access to Key Vault resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How does Azure Key Vault secure access to secrets?

A

Using encryption both in transit and at rest, and authentication via Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the purpose of key wrapping in Azure Key Vault?

A

To encrypt or decrypt keys using a Key Vault managed key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are managed identities in Azure Key Vault?

A

Identity services to securely access Key Vault without hardcoding credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

How can you audit Key Vault access?

A

By enabling diagnostic logging and sending logs to Azure Monitor or Log Analytics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is secret purging in Azure Key Vault?

A

Permanently deleting soft deleted secrets after the retention period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a Key Vault certificate?

A

A certificate that Key Vault can store and manage, including its private key.

32
Q

What is a Key Vault administrator?

A

A role with full access to all Key Vault operations.

33
Q

How are certificates renewed in Azure Key Vault?

A

Manually or automatically using auto-renewal features.

34
Q

Can Key Vault secrets be used in DevOps pipelines?

A

Yes, through integration with Azure DevOps and GitHub Actions.

35
Q

What is Managed Identity for Azure resources?

A

A feature that allows Azure services to authenticate to Key Vault without credentials.

36
Q

What is Azure Disk Encryption and how does it relate to Key Vault?

A

It uses Key Vault to manage the encryption keys for virtual machine disks.

37
Q

What are secret attributes in Azure Key Vault?

A

Metadata such as expiration date, enabled status, and tags.

38
Q

What are tags in Azure Key Vault?

A

Custom key-value pairs that help organize resources.

39
Q

What is certificate auto-rotation?

A

Automatic renewal of certificates before they expire.

40
Q

How can Key Vault be integrated with AKS (Azure Kubernetes Service)?

A

By using Key Vault secrets with Kubernetes-managed identities.

41
Q

What are the available key types in Azure Key Vault?

A

RSA and EC (Elliptic Curve) keys.

42
Q

What is key backup in Azure Key Vault?

A

The ability to export a key and restore it later.

43
Q

What is a key operation in Azure Key Vault?

A

Operations such as sign, verify, wrap, and unwrap keys.

44
Q

What are the limits of Azure Key Vault?

A

Limits on keys, secrets, and certificates per vault, depending on the pricing tier.

45
Q

Can Azure Key Vault store certificates issued by third parties?

A

Yes, it supports the import of certificates from external sources.

46
Q

What is Key Vault’s redundancy model?

A

Key Vault uses geo-redundant storage for high availability.

47
Q

What is an application secret?

A

A secret used by applications to access resources securely.

48
Q

How does Azure Key Vault ensure compliance?

A

It is compliant with industry standards such as FIPS 140-2 and GDPR.

49
Q

What is the recommended way to manage access to Key Vault?

A

Using RBAC with least-privilege access policies.

50
Q

What is the purpose of the filtering feature in Azure Key Vault?

A

To restrict access to specific secrets, keys, and certificates in the Key Vault.

51
Q

How can the filtering feature help in managing Azure Key Vault access?

A

It allows administrators to apply policies that filter which secrets, keys, or certificates can be accessed.

52
Q

Can filtering be applied to all types of Key Vault objects?

A

Yes, filtering can be applied to secrets, keys, and certificates.

53
Q

How is filtering in Azure Key Vault controlled?

A

It is controlled through role-based access control (RBAC) and access policies.

54
Q

Does Azure Key Vault filtering improve security?

A

Yes, it limits access to sensitive data by allowing only authorized users to access specific objects.

55
Q

What role does RBAC play in Azure Key Vault filtering?

A

RBAC defines the access permissions for filtering, ensuring specific roles can access only certain vault contents.

56
Q

How do access policies contribute to Azure Key Vault filtering?

A

Access policies specify which users or applications can access specific secrets, keys, or certificates.

57
Q

Can Azure Key Vault filtering be used with managed identities?

A

Yes, managed identities can be used to filter access to specific Key Vault objects.

58
Q

What is the benefit of combining filtering with audit logs in Azure Key Vault?

A

It provides a detailed record of access and actions taken on filtered objects for enhanced security.

59
Q

How does filtering in Azure Key Vault enhance governance?

A

It enables fine-grained control over who can access specific Key Vault objects, supporting better governance and compliance.

60
Q

What is the purpose of the Azure Key Vault Network Filtering feature?

A

To restrict access to the Azure Key Vault based on specific network rules or virtual networks.

61
Q

What types of network restrictions can be applied using Azure Key Vault Network Filtering?

A

You can restrict access using virtual network rules and IP address ranges.

62
Q

How does Azure Key Vault handle requests from outside allowed network rules?

A

Requests are denied if they come from an IP address or network not on the allowed list.

63
Q

What service must be configured to enforce network rules on Azure Key Vault?

A

Network rules are enforced using Azure Virtual Networks or specific IP ranges.

64
Q

Can public internet access be blocked using Azure Key Vault Network Filtering?

A

Yes, you can block access from the public internet entirely.

65
Q

What happens to existing Key Vault connections when network filtering is enabled?

A

Existing connections will be allowed if they are from an allowed IP or virtual network.

66
Q

How does Azure Key Vault Network Filtering enhance security?

A

It limits access to specific trusted networks, reducing exposure to threats.

67
Q

Can Azure services bypass Azure Key Vault Network Filtering restrictions?

A

Yes, Azure services can be allowed to bypass network restrictions.

68
Q

What feature allows for granular control over which IP addresses can access Azure Key Vault?

A

IP address range rules allow specific IP addresses or ranges to access the vault.

69
Q

Is Azure Key Vault Network Filtering available for both public and private endpoints?

A

Yes, it supports both public and private endpoints for network filtering.

70
Q

When using Software-Backed keys stored in a multi-tenant or isolated single-tenant environment?

A

Multi-tenant environment.

71
Q

Is Azure KeyVault Software-Backed key store FIPS 140-2 Level 3 compliant?

A

Yes, Azure KeyVault Software-Backed key store is FIPS 140-2 Level 3 compliant.

72
Q

Is Azure KeyVault HSM Backed key store FIPS 140-2 Level 3 compliant?

A

Yes, Azure KeyVault HSM key store is FIPS 140-2 Level 3 compliant.

73
Q

Can you back up Azure Key Vault certs, keys, and secrets?

A

Yes, you can backup in the portal, but it’s not recommended as it’s a point in time, and keys and certs may change or be rotated later.

74
Q

Having backed up Azure Key Vault and downloaded the backup, can you inspect it outside Azure?

A

No, it’s encrypted.

75
Q

After backing up Azure Key Vault and downloading the backup, can you restore it to a key value in another geographical region?

A

No, it must be restored to an Azure Key Vault in the same geographical region.