Microsoft Exam AZ-204 Topic 4 Question 108 Discussion

Actual exam question for Microsoft's AZ-204 exam

Question #: 108
Topic #: 4

You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.

You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be stored in code.

What should you do?

AEnable App Service authentication for Appt. Assign a custom RBAC role to Vault1.

BAdd a TLS/SSL binding to App1.

CAssign a managed identity to App1.

DUpload a self-signed client certificate to Vault1. Update App1 to use the client certificate.

Show Suggested Answer

Suggested Answer: B

by Rosina at Oct 24, 2024, 12:55 AM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gilma

28 days ago

Wow, this is a real 'vault' of a question, isn't it? I'm 'locking' in my answer as Option C. Managed identities are the 'key' to securing your app without all the 'vault' of dealing with credentials. Sorry, I'll stop with the puns now.

upvoted 0 times

...

Cristal

29 days ago

I bet the person who wrote this question is a real 'key' master! Get it? Key Vault? Ah, I kill myself. But seriously, Option C is the way to go. Managed identities are the future, and the future is now!

upvoted 0 times

Merilyn

16 days ago

I agree, using a managed identity for App1 is the most secure and efficient way to grant access to Vault1.

upvoted 0 times

...

Misty

19 days ago

Option C is definitely the best choice. Managed identities are the way to go.

upvoted 0 times

...

Valentine

2 months ago

Hold up, is this a trick question? Everyone knows the answer is C, right? Managed identities are the way to go these days. Who wants to mess with RBAC roles and SSL bindings when you can just let Azure handle it all?

upvoted 0 times

Gail

16 days ago

Yeah, it's much easier and more secure than messing with RBAC roles and SSL bindings.

upvoted 0 times

...

An

1 months ago

I think you're right, managed identities are definitely the way to go.

upvoted 0 times

...

Glory

2 months ago

Hmm, I'm not sure about Option D. Uploading a self-signed certificate seems like it could be a bit of a hassle, and I'm not sure how well that would integrate with the rest of the app. I'd go with the managed identity approach.

upvoted 0 times

...

Francoise

2 months ago

Option C sounds like the way to go. Managed identities make it easy to secure access to resources without having to deal with credentials in the code. Rotating them automatically is a nice bonus too!

upvoted 0 times

...

Jesusita

2 months ago

I'm not sure about that. I think enabling App Service authentication for App1 and assigning a custom RBAC role to Vault1 could also be a valid option.

upvoted 0 times

...

Tiffiny

2 months ago

I agree with Irma. Assigning a managed identity to App1 would allow it to access Vault1 securely without storing credentials in code.

upvoted 0 times

...

Irma

2 months ago

I think the answer is C) Assign a managed identity to App1.

upvoted 0 times

...