You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized. You need to design the approach to loading application secrets. What should you do? A. Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity. B. Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault. C. Create a system assigned Managed Identity in each App Service with permission to access Key Vault. D. Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault. Â Suggested Answer: C Use Key Vault references for App Service and Azure Functions. Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used. Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references This question is in AZ-204: Developing Solutions for Microsoft Azure Exam For getting Microsoft Azure Developer Associate Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Microsoft. The website does not contain actual questions and answers from Microsoft's Certification Exams. Trademarks, certification & product names are used for reference only and belong to Microsoft.
Please login or Register to submit your answer
