ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 63 discussion

Actual exam question from Microsoft's AZ-204
Question #: 63
Topic #: 4
[All AZ-204 Questions]

You are developing several microservices to deploy to a new Azure Kubernetes Service cluster. The microservices manage data stored in Azure Cosmos DB and Azure Blob storage. The data is secured by using customer-managed keys stored in Azure Key Vault.

You must automate key rotation for all Azure Key Vault keys and allow for manual key rotation. Keys must rotate every three months. Notifications of expiring keys must be sent before key expiry.

You need to configure key rotation and enable key expiry notifications.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. Create and configure a new Azure Event Grid instance.
  • B. Configure Azure Key Vault alerts.
  • C. Create and assign an Azure Key Vault access policy.
  • D. Create and configure a key rotation policy during key creation.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by halfway at April 19, 2023, 2:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
abcdx
Highly Voted 2 years ago
Selected Answer: AD
A&D for sure! https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
upvoted 23 times
...
halfway
Highly Voted 2 years ago
Selected Answer: AD
Key rotation policy and Event Grid notification
upvoted 6 times
...
kumdoboy1102
Most Recent 3 weeks ago
Selected Answer: BD
Key Vault is integrated Event Grid already, so there is no need to create an additional Event Grid instance.
upvoted 2 times
...
Iaminall
3 weeks, 1 day ago
Selected Answer: BD
B AND D
upvoted 1 times
...
Mattt
5 months, 3 weeks ago
Selected Answer: BD
B&D are correct
upvoted 1 times
Mattt
5 months, 3 weeks ago
ignore my answer AD are correct
upvoted 2 times
...
...
Vichu_1607
6 months, 1 week ago
Selected Answer: BD
B. Configure Azure Key Vault alerts. D. Create and configure a key rotation policy during key creation.
upvoted 2 times
...
Ciupaz
1 year, 3 months ago
Selected Answer: BD
For me, B and D for sure.
upvoted 4 times
...
130nk3r5
1 year, 4 months ago
Selected Answer: BD
B. Configure Azure Key Vault alerts. To receive notifications of expiring keys, you need to configure Azure Key Vault alerts. You can set up alerts for key expiration events, which will notify you before the key expires. D. Create and configure a key rotation policy during key creation. To automate key rotation, you need to create and configure a key rotation policy when creating the keys in Azure Key Vault. You can set the rotation interval to three months, as required, and also allow for manual key rotation.
upvoted 4 times
...
macobuzi
1 year, 8 months ago
Selected Answer: AD
We can use the Key Rotation Policy in Azure Key Vault combined with Event Grid to trigger sending notification when a secret in the key vault is about to expire. https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial
upvoted 2 times
...
nekkilodeon
2 years ago
Selected Answer: BC
B & C are correct Alerts for notifications and Access policies for storage acess to existing keys
upvoted 1 times
CarlosTheBoldest
1 year, 5 months ago
I thought as you and I was wrong :) "As you start to scale your service, the number of requests sent to your key vault will rise. This rise has a potential to increase the latency of your requests. In extreme cases, it can cause your requests to be throttled and affect the performance of your service. You also need to know if your key vault is sending an unusual number of error codes, so you can quickly handle any problems with an access policy or firewall configuration." So the KV alert is used to raised alerts when it begin to send too many errors or receive too many petitions https://learn.microsoft.com/en-us/azure/key-vault/general/alert
upvoted 1 times
...
...
paunski7
2 years ago
B & D To configure key rotation and enable key expiry notifications for Azure Key Vault, you should perform the following two actions: B. Configure Azure Key Vault alerts: Configure alerts for when a key is expiring, so that you can receive notifications before the key expiry. You can configure these alerts in Azure Key Vault using Azure Monitor, which sends an email or a webhook notification to a recipient or service when the key is about to expire. You can specify the notification threshold in terms of days, so you can receive alerts, for example, seven days before the key expiry. C. Create and assign an Azure Key Vault access policy: Create and assign an access policy for your Azure Key Vault that allows your microservices to perform key rotations manually, and automated key rotations using a key rotation script. You can create and assign access policies for Azure Key Vault through the Azure portal or the Azure CLI. These actions enable you to configure key rotation and notifications for key expiry.
upvoted 4 times
paunski7
2 years ago
Options A and D are not relevant to the solution. Azure Event Grid is a service that allows you to react to events in Azure services by routing them to different endpoints, but it is not required for key rotation or notifications for Azure Key Vault. Key rotation policies are not created during key creation, but rather they are created and applied to existing keys.
upvoted 3 times
smariussorin
1 year, 8 months ago
https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial check documentation:". When one of the secrets in the key vault is about to expire (defined as 30 days before expiration date), Event Grid is notified of the status change and makes an HTTP POST to the endpoint. " is A & D
upvoted 1 times
ProtossOR89144
10 months ago
That's the example for a key to access event grid... Webapp access cosmosdb and blob storage. I think paunski7 is right
upvoted 1 times
...
...
...
dy0917
1 year, 11 months ago
Key vault alerts use to monitor health issues. After you start to use Azure Key Vault to store your production secrets, it's important to monitor the health of your key vault to make sure that your service operates as intended.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago