MCQs Of Day 18: MongoDB Authentication and Security
1. Which of the following MongoDB roles grants full access to all databases and operations?
A) readWrite
B) read
C) root
D) dbAdmin
Answer: C) root
Explanation: The root role provides full access to all databases and operations in MongoDB.
2. What is the default state of MongoDB authentication?
A) Disabled
B) Enabled
C) Mandatory
D) Optional
Answer: A) Disabled
Explanation: By default, MongoDB does not require authentication unless it is explicitly enabled.
3. What configuration file do you need to modify to enable authentication in MongoDB?
A) mongod.conf
B) mongo.conf
C) auth.conf
D) security.conf
Answer: A) mongod.conf
Explanation: Authentication is enabled by modifying the mongod.conf file.
4. What MongoDB user role can be granted to a user for read-only access to a database?
A) readWrite
B) read
C) root
D) dbAdmin
Answer: B) read
Explanation: The read role allows a user to only read data from the database.
5. Which MongoDB command is used to create a new user?
A) db.createAccount()
B) db.createUser()
C) createUser()
D) db.addUser()
Answer: B) db.createUser()
Explanation: The db.createUser() command is used to create a new user in MongoDB.
6. What does the readWrite role in MongoDB allow a user to do?
A) Only read data
B) Only write data
C) Both read and write data
D) Administer the database
Answer: C) Both read and write data
Explanation: The readWrite role grants both read and write permissions to a database.
7. In MongoDB, which role allows a user to perform administrative tasks like creating indexes?
A) read
B) readWrite
C) dbAdmin
D) root
Answer: C) dbAdmin
Explanation: The dbAdmin role allows administrative tasks like creating indexes.
8. What command is used to enable MongoDB authentication?
A) auth.enable()
B) enableAuth()
C) Modify mongod.conf file
D) db.enableAuthentication()
Answer: C) Modify mongod.conf file
Explanation: MongoDB authentication is enabled by modifying the mongod.conf file and setting the authorization parameter to "enabled".
9. What role is required to allow a user to manage their own database in MongoDB?
A) dbAdmin
B) readWrite
C) root
D) userAdmin
Answer: D) userAdmin
Explanation: The userAdmin role grants permissions to manage users within the database.
10. What is the primary database used to create administrative users in MongoDB?
A) test
B) admin
C) users
D) mongo
Answer: B) admin
Explanation: The admin database is used for creating administrative users.
11. What MongoDB command is used to connect as a user with authentication enabled?
A) mongo --auth
B) mongo -u
C) mongo --authenticationDatabase
D) Both B and C
Answer: D) Both B and C
Explanation: To authenticate a user, you can use both -u to specify the username and --authenticationDatabase to specify the database.
12. What type of access does the readWrite role provide in MongoDB?
A) Full database administration rights
B) Read and write access to collections within the database
C) Only read access to collections
D) Only write access to collections
Answer: B) Read and write access to collections within the database
Explanation: The readWrite role provides permissions to both read and write data.
13. How can you test if a MongoDB user has been granted the correct permissions?
A) By using the db.runCommand()
B) By checking the roles collection
C) By performing the operation the user is supposed to have access to
D) By using db.testPermissions()
Answer: C) By performing the operation the user is supposed to have access to
Explanation: Testing a user's permissions involves performing the operations that the user is allowed to do.
14. Which of the following is a role that gives permission to manage the MongoDB cluster?
A) clusterAdmin
B) dbAdmin
C) readWrite
D) read
Answer: A) clusterAdmin
Explanation: The clusterAdmin role grants permissions for managing the MongoDB cluster, including starting, stopping, and reconfiguring it.
15. How can you grant a user read-only permissions on a single collection in MongoDB?
A) Assign read role on the database
B) Create a custom role for the collection
C) Assign dbAdmin role
D) Assign readWrite role
Answer: B) Create a custom role for the collection
Explanation: Custom roles can be created to specify collection-level permissions.
16. Which command is used to revoke roles from a user in MongoDB?
A) db.revokeRolesFromUser()
B) db.removeRoles()
C) db.dropRole()
D) db.revokeUserRole()
Answer: A) db.revokeRolesFromUser()
Explanation: The db.revokeRolesFromUser() command is used to remove roles from a user.
17. How can MongoDB authentication be disabled after being enabled?
A) By editing the mongod.conf and setting authorization to "disabled"
B) By deleting the admin database
C) By setting auth.enable(false)
D) By restarting MongoDB with --noauth
Answer: A) By editing the mongod.conf and setting authorization to "disabled"
Explanation: To disable authentication, modify the mongod.conf file and set authorization to "disabled".
18. What happens if you try to access a MongoDB database without authentication enabled?
A) The user is always prompted for credentials
B) The user is granted access by default
C) Authentication errors occur
D) Only read permissions are granted
Answer: B) The user is granted access by default
Explanation: If authentication is not enabled, MongoDB allows anyone to access databases.
19. Which of the following is not a valid MongoDB role?
A) root
B) readWrite
C) superAdmin
D) dbAdmin
Answer: C) superAdmin
Explanation: There is no superAdmin role in MongoDB.
20. What is the effect of assigning the dbAdmin role to a MongoDB user?
A) The user can only read from the database
B) The user can manage collections and indexes
C) The user can read and write to the database
D) The user can administer the entire MongoDB instance
Answer: B) The user can manage collections and indexes
Explanation: The dbAdmin role grants permissions to manage collections and indexes, but not to perform read/write operations.
21. Which MongoDB command is used to list all users in a specific database?
A) db.showUsers()
B) db.getUsers()
C) db.listUsers()
D) show users
Answer: B) db.getUsers()
Explanation: The db.getUsers() command lists all users in the current database.
22. What is the role of the userAdmin role in MongoDB?
A) Allows the user to create and delete databases
B) Allows the user to manage users and their roles
C) Allows the user to perform read and write operations
D) Allows the user to monitor database performance
Answer: B) Allows the user to manage users and their roles
Explanation: The userAdmin role allows a user to create, modify, and delete users and manage roles.
23. What command is used to authenticate a user in MongoDB?
A) db.auth()
B) db.authenticate()
C) authenticateUser()
D) auth.login()
Answer: A) db.auth()
Explanation: The db.auth() command is used to authenticate a user within a MongoDB session.
24. What MongoDB role should be assigned to a user who needs full access to a single database?
A) root
B) dbAdmin
C) readWrite
D) read
Answer: C) readWrite
Explanation: The readWrite role grants full access to a single database for both read and write operations.
25. What type of access does the readWriteAnyDatabase role provide?
A) Read and write access to a specific database
B) Read and write access to any database
C) Read-only access to all databases
D) Administrative access to all databases
Answer: B) Read and write access to any database
Explanation: The readWriteAnyDatabase role provides read and write access to all databases.
26. Which of the following is used to verify if a MongoDB user has successfully authenticated?
A) db.isAuthenticated()
B) db.auth()
C) db.getUser()
D) Authentication is implicit once connected
Answer: D) Authentication is implicit once connected
Explanation: Once authenticated, MongoDB implicitly assumes the user has valid credentials, and no additional check is needed.
27. What is the default authentication database in MongoDB?
A) admin
B) test
C) system
D) users
Answer: A) admin
Explanation: The default authentication database in MongoDB is admin.
28. What does the clusterMonitor role allow a user to do?
A) Perform administrative tasks across the cluster
B) Monitor the health and status of the cluster
C) Manage user roles
D) Read and write data in any database
Answer: B) Monitor the health and status of the cluster
Explanation: The clusterMonitor role allows a user to monitor the cluster's health and status.
29. Which of the following roles allows for performing operations that affect the entire MongoDB cluster?
A) dbAdmin
B) root
C) readWrite
D) userAdmin
Answer: B) root
Explanation: The root role provides full access to the entire MongoDB cluster.
30. What command is used to remove a user from a MongoDB database?
A) db.removeUser()
B) db.dropUser()
C) db.deleteUser()
D) db.remove()
Answer: B) db.dropUser()
Explanation: The db.dropUser() command is used to remove a user from the database.
(Continuing in the next response to fit in all 50 questions...)
You said:
rest 20
ChatGPT said:
Continuing with the remaining MCQs:
31. What role should a user have to manage all MongoDB users across databases?
A) root
B) userAdminAnyDatabase
C) dbAdmin
D) readWriteAnyDatabase
Answer: B) userAdminAnyDatabase
Explanation: The userAdminAnyDatabase role allows users to manage all MongoDB users across any database.
32. How can a MongoDB user be restricted to a specific IP address?
A) By setting authMode in the mongod.conf file
B) By defining bindIp in the mongod.conf file
C) By setting ipAccess in the MongoDB shell
D) MongoDB doesn't allow IP restrictions
Answer: B) By defining bindIp in the mongod.conf file
Explanation: The bindIp parameter in mongod.conf restricts connections to specified IP addresses.
33. How do you ensure that the user can authenticate only to a specific database?
A) Use the --authenticationDatabase parameter during connection
B) Assign the dbAdmin role to the user
C) Specify authSource in the connection string
D) Set the authMode to database
Answer: A) Use the --authenticationDatabase parameter during connection
Explanation: The --authenticationDatabase parameter specifies which database MongoDB will authenticate the user against.
34. What role should be granted to a user to enable monitoring of operations, like query performance?
A) read
B) clusterMonitor
C) dbAdmin
D) readWrite
Answer: B) clusterMonitor
Explanation: The clusterMonitor role grants permission to monitor cluster health and performance.
35. What is the primary purpose of the audit role in MongoDB?
A) To monitor system health
B) To record database access for compliance purposes
C) To perform administrative tasks
D) To allow reading and writing data
Answer: B) To record database access for compliance purposes
Explanation: The audit role is intended for logging database operations to comply with security and regulatory policies.
36. Which of the following MongoDB roles allows managing database schema (collections, indexes)?
A) dbAdmin
B) readWrite
C) read
D) clusterAdmin
Answer: A) dbAdmin
Explanation: The dbAdmin role allows a user to manage collections and indexes in the database.
37. How can you test if a MongoDB user has been successfully created?
A) By running the db.getUser() command
B) By trying to log in with the user credentials
C) By checking the users collection in the database
D) All of the above
Answer: D) All of the above
Explanation: Testing user creation can involve checking the users collection, using db.getUser(), or attempting to log in.
38. Which command is used to modify an existing MongoDB user's roles?
A) db.modifyUserRoles()
B) db.updateUser()
C) db.setUserRoles()
D) db.updateRoles()
Answer: B) db.updateUser()
Explanation: The db.updateUser() command is used to modify a MongoDB user's roles.
39. What is the role of the readWriteAnyDatabase in MongoDB?
A) Full access to all databases
B) Read and write access to any database
C) Only read access to all databases
D) Administrative rights to all databases
Answer: B) Read and write access to any database
Explanation: The readWriteAnyDatabase role allows a user to read and write data in any database.
40. What happens when a MongoDB user exceeds their assigned permissions?
A) The operation is automatically rolled back
B) MongoDB will return an error message and deny the operation
C) MongoDB will temporarily elevate the user's permissions
D) The operation will succeed without restrictions
Answer: B) MongoDB will return an error message and deny the operation
Explanation: MongoDB will deny any operation that exceeds the assigned permissions, returning an error.
41. What MongoDB configuration file allows you to set user authentication and authorization settings?
A) mongod.conf
B) mongo.conf
C) auth.conf
D) settings.conf
Answer: A) mongod.conf
Explanation: The mongod.conf file is used to configure MongoDB authentication and authorization settings.
42. What role would you assign to a user who needs to create and delete databases in MongoDB?
A) dbAdmin
B) root
C) readWrite
D) dbOwner
Answer: B) root
Explanation: The root role grants full administrative privileges, including the ability to create and delete databases.
43. How can you make MongoDB enforce authentication?
A) By setting authMode to enabled
B) By enabling security in the mongod.conf file
C) By configuring --auth parameter in mongod startup
D) All of the above
Answer: D) All of the above
Explanation: Authentication enforcement is done by modifying the mongod.conf file, using the --auth startup flag, or setting security options.
44. In MongoDB, which of the following roles allows a user to create, modify, and drop collections?
A) dbAdmin
B) readWrite
C) root
D) read
Answer: A) dbAdmin
Explanation: The dbAdmin role allows users to manage collections, indexes, and other database-level settings.
45. How do you ensure that a user can only access a specific database in MongoDB?
A) By creating a custom role with access restrictions
B) By specifying the database name when creating the user
C) By assigning the readWriteAnyDatabase role
D) By modifying the mongod.conf file
Answer: A) By creating a custom role with access restrictions
Explanation: Custom roles can be created to restrict a user’s access to specific databases.
46. Which of the following is true about the root role in MongoDB?
A) It can only access one database
B) It grants full administrative access to all databases
C) It grants access to read-only operations
D) It is only available for monitoring purposes
Answer: B) It grants full administrative access to all databases
Explanation: The root role grants full access to perform administrative operations across all databases.
47. How can MongoDB users be authenticated when connecting remotely?
A) By specifying the authSource in the connection string
B) By using SSL certificates for secure connection
C) By providing a username and password during login
D) Both A and C
Answer: D) Both A and C
Explanation: MongoDB users can be authenticated by specifying the authSource and using username/password during the connection.
48. What is the role of the readWrite permission in MongoDB?
A) Grants permission to perform administrative actions
B) Grants permission to read and modify data in collections
C) Grants permission to monitor database performance
D) Grants permission to manage database users
Answer: B) Grants permission to read and modify data in collections
Explanation: The readWrite role allows both reading and writing data in collections.
49. What would you do if you mistakenly grant too many privileges to a MongoDB user?
A) Grant more privileges to other users
B) Revoke unnecessary roles using the db.revokeRolesFromUser() command
C) Delete the user and create a new one
D) Restart the MongoDB server
Answer: B) Revoke unnecessary roles using the db.revokeRolesFromUser() command
Explanation: If a user has too many privileges, you can revoke unnecessary roles using the db.revokeRolesFromUser() command.
50. Why is it important to implement MongoDB authentication and user management?
A) To enhance performance
B) To ensure database security and limit access
C) To create backups
D) To speed up queries
Answer: B) To ensure database security and limit access
Explanation: Authentication and user management are critical for securing MongoDB and ensuring that only authorized users can access sensitive data.
