Challenge - 5 Problems

🎖️

Access Control Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

2:00remaining

Difference between Access Policies and RBAC in Azure

Which statement correctly describes the main difference between Access Policies and Role-Based Access Control (RBAC) in Azure?

AAccess Policies are specific to individual resources like Key Vaults, while RBAC applies broadly across Azure resources.

BAccess Policies allow assigning roles to users, but RBAC only manages firewall rules.

CRBAC is only used for network security, whereas Access Policies control user permissions on storage accounts.

DRBAC is deprecated and replaced entirely by Access Policies in Azure.

Attempts:

2 left

❓ Architecture

intermediate

2:00remaining

Choosing Access Control Method for Azure Key Vault

You need to secure an Azure Key Vault so that only specific users can read secrets. Which access control method should you use?

AUse Azure AD Conditional Access policies to restrict secret access.

BUse Azure RBAC to assign the 'Key Vault Secrets User' role to those users.

CCreate Access Policies in the Key Vault to grant secret read permissions to those users.

DConfigure Network Security Groups to restrict access to the Key Vault.

Attempts:

2 left

❓ security

advanced

2:00remaining

Impact of RBAC Role Assignment on Azure Storage Account Access

If a user is assigned the 'Storage Blob Data Contributor' role via RBAC on a storage account, what access do they have?

AThey have full administrative control over the storage account and its keys.

BThey can only read blobs but cannot write or delete them.

CThey can manage the storage account settings but cannot access blob data.

DThey can read, write, and delete blobs in the storage account containers.

Attempts:

2 left

✅ Best Practice

advanced

2:00remaining

Best Practice for Managing Access to Multiple Azure Resources

Which approach is best to manage user permissions across multiple Azure resources efficiently?

ACreate individual Access Policies for each resource separately for every user.

BUse RBAC role assignments at the resource group level to cover all resources inside it.

CAssign users the Owner role on the subscription to simplify access management.

DUse network security groups to control user access to resources.

Attempts:

2 left

❓ service_behavior

expert

2:00remaining

Effect of Conflicting Access Policies and RBAC on Azure Key Vault Access

In Azure Key Vault, if a user has an Access Policy denying secret read but is assigned an RBAC role allowing secret read, what is the effective access?

AThe user cannot read secrets because Access Policies deny access regardless of RBAC.

BThe user’s access depends on the order of policy evaluation, which is random.

CThe user can read secrets only if they access via Azure Portal, not via API.

DThe user can read secrets because RBAC permissions override Access Policies.

Attempts:

2 left