Design and Implementing Microsoft DevOps Solutions | AZ-400 Exam | Microsoft

AZ-400: Design and Implementing Microsoft DevOps Solutions Exam - Question Answered

Prev Question Next Question

Question

You are deploying a server application that will run on a Server Core installation of Windows Server 2019.

You create an Azure key vault and a secret.

You need to use the key vault to secure API secrets for third-party integrations.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

BCE

BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using

Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.

C:

1. Select Add Access Policy.

2. Open Secret permissions and provide the app with Get and List permissions.

3. Select Select principal and select the registered app by name. Select the Select button.

4. Select OK.

5. Select Save.

6. Deploy the app.

https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration

To secure API secrets for third-party integrations in a server application that will run on a Server Core installation of Windows Server 2019, the following actions should be performed:

  1. Create an Azure key vault and a secret.

    • This will create an Azure Key Vault that will be used to store and manage the secrets securely.

  2. Configure a Key Vault access policy.

    • This will define who can access the Key Vault and what actions they can perform. In this case, we need to grant access to the server application to read the secrets.

  3. Modify the application to access the key vault.

    • The server application needs to be modified to use the Azure Key Vault to retrieve the secrets securely.

The correct answers are A, B, and C.

A. Configure RBAC for the key vault:

  • Role-based access control (RBAC) can be used to control who can access and manage the Key Vault. RBAC allows you to assign permissions to users, groups, or applications. You need to grant the server application the appropriate permissions to read the secrets.

B. Modify the application to access the key vault:

  • The server application needs to be modified to use the Azure Key Vault to retrieve the secrets securely. This can be done by using the Azure Key Vault REST API, Azure Key Vault SDK, or any other supported method.

C. Configure a Key Vault access policy:

  • A Key Vault access policy specifies who can access the secrets stored in the Key Vault and what actions they can perform. You need to create an access policy that allows the server application to read the secrets.

D. Deploy an Azure Desired State Configuration (DSC) extension:

  • This is not required to use Azure Key Vault to secure API secrets for third-party integrations. DSC is a configuration management tool that can be used to configure and manage servers.

E. Deploy a virtual machine that uses a system-assigned managed identity:

  • This is not required to use Azure Key Vault to secure API secrets for third-party integrations. Managed identities are used to provide Azure services with an automatically managed identity in Azure AD. It can be used to authenticate with other Azure services, but it is not required to access secrets stored in Azure Key Vault.

Prev Question Next Question