Microsoft Exam AZ-204 Topic 1 Question 48 Discussion

Actual exam question for Microsoft's AZ-204 exam

Question #: 48
Topic #: 1

You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault.

Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized.

You need to design the approach to loading application secrets.

What should you do?

ACreate a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity.

BCreate a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault.

CCreate a system assigned Managed Identity in each App Service with permission to access Key Vault.

DCreate an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.

Show Suggested Answer

Suggested Answer: C

Use Key Vault references for App Service and Azure Functions.

Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used.

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

by Willard at May 08, 2022, 10:02 AM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!