Question 12 of 179 from exam AZ-204: Developing Solutions for Microsoft Azure

Question 12 of 179 from exam AZ-204: Developing Solutions for Microsoft Azure

Question

DRAG DROP - You are developing a serverless Java application on Azure.

You create a new Azure Key Vault to work with secrets from a new Azure Functions application.

The application must meet the following requirements: -> Reference the Azure Key Vault without requiring any changes to the Java code.

-> Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events.

-> Ensure that instances are perpetually warm to avoid any cold starts.

-> Connect to a VNet.

-> Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted.

You need to grant the Azure Functions application access to the Azure Key Vault.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

Actions

Create a user-assigned managed identity for
the application.

Create the Azure Functions app with a
Premium plan type

Create an access policy in Azure Key Vault
for the application identity.

Create an SSL certification in Azure Key
Vault for the application identity

Create the Azure Functions app with an
App Service plan type.

Create the Azure Functions app with a
‘Consumption plan type.

Create a system-assigned managed identity
for the application.

Answer Area

@
©

OO

Explanations

Actions

Answer Area

Create a user-assigned managed identity for
the application.

Create the Azure Functions app with a
‘Consumption plan type.

Create the Azure Functions app with a
Premium plan type

Create a user-assigned managed identity for
the application.

Create an access policy in Azure Key Vault
for the application identity.

Create an access policy in Azure Key Vault
for the application identity.

Create an SSL certification in Azure Key
Vault for the application identity

@
©

Create the Azure Functions app with an
App Service plan type.

Create the Azure Functions app with a
‘Consumption plan type.

Create a system-assigned managed identity
for the application.

OO)

Step 1: Create the Azure Functions app with a Consumption plan type.

Use the Consumption plan for serverless.

Step 2: Create a system-assigned managed identity for the application.

Create a system-assigned managed identity for your application.

Key Vault references currently only support system-assigned managed identities.

User-assigned identities cannot be used.

Step 3: Create an access policy in Key Vault for the application identity.

Create an access policy in Key Vault for the application identity you created earlier.

Enable the "Get" secret permission on this policy.

Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity.

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references