Back to assessment | Back to main |
Learning Path 7: AZ-204: Implement secure Azure solutions
Multiple-choice questions
-
Which of the below methods of authenticating to Azure Key Vault is recommended for most scenarios?
- A. Service principal and certificate
- B. Service principal and secret
- C. Managed identities
Show answer
Managed identities -
Azure Key Vault protects data when it’s traveling between Azure Key Vault and clients. What protocol does it use for encryption?
- A. Secure Sockets Layer
- B. Transport Layer Security
- C. Presentation Layer
Show answer
Transport Layer Security -
Which of the following managed identity characteristics is indicative of user assigned identities?
- A. Shared lifecycle with an Azure resource
- B. Independent life-cycle
- C. Can only be associated with a single Azure esource
Show answer
Independent life-cycle -
A client app requests managed identities for an access token for a given resource. Which of the below is the basis for the token?
- A. Oauth 2.0
- B. Service principal
- C. Virtual machine
Show answer
Service principal -
Which type of encryption does Azure App Configuration use to encrypt data at rest?
- A. 64-bit AES
- B. 128-bit AES
- C. 256-bit AES
Show answer
256-bit AES -
Which of the following options evaluates the state of a feature flag?
- A. Feature flag
- B. Feature manager
- C. Filter
Show answer
Filter
Open ended questions
-
Describe at least one of the three main security problems Azure Key Vault helps to solve.
Show answer
1. Secrets management: Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. 2. Key management: Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data. 3. Certificate management: Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Azure and your internal connected resources. -
To do any operation with Azure Key Vault, you first need to authenticate to it. There are three ways to manage authenticating to Key Vault, which method is considered a best practice?
Show answer
Using managed identities for authentication is onsidered a best practice. When you deploy an app on a virtual machine in Azure, you can assign an identity to your virtual machine that has access to Key Vault. You can also assign identities to other Azure resources. The benefit of this approach is that the app or service isn't managing the rotation of the first secret. Azure automatically rotates the service principal client secret associated with the identity. -
Describe how Azure App Configuration enhances running apps in the cloud.
Show answer
Modern programs, especially programs running in a cloud, generally have many components that are distributed in nature. Spreading configuration settings across these components can lead to hard-to-troubleshoot errors during an application deployment. Use App Configuration to store all the settings for your application and secure their access in one place.
Back to top | Back to assessment | Back to main |