exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 2 question 109 discussion

Actual exam question from Microsoft's AZ-104
Question #: 109
Topic #: 2
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains the resources shown in the following table.



You plan to use an Azure key vault to provide a secret to app1.

What should you create for app1 to access the key vault, and from which key vault can the secret be used? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
SeMo0o0o0o
Highly Voted 3 months ago
WRONG Create a: Managed Identity Use the secret from: Vault1, Vault2, or Vault3
upvoted 13 times
happpieee
1 month ago
Secret can be assessed from cross region vault e.g. during failover Source: https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
upvoted 1 times
...
...
Chuong0810
Most Recent 3 weeks, 5 days ago
You can use a Key Vault in a different resource group and region to provide secrets to your web application in a different resource group and region. Azure allows cross-resource group and cross-region access to Key Vaults, as long as you have the necessary access policies configured. And the answers: Create a: Managed Identity Use the secret from: Vault1, Vault2, or Vault3
upvoted 3 times
...
Stunomatic
1 month, 2 weeks ago
Box 1: Correct, Managed Identity. Box 2: The best for microsoft recommendations is vault1, vault3. I think its about best practices ?
upvoted 2 times
rodrod
1 month ago
those test are NEVER about best practices (except if explicitly stated). it's always about what you CAN do. keep that in mind or you will fail your exam
upvoted 5 times
...
...
0378d43
1 month, 2 weeks ago
Managed Identity and VAULT1 and 3 due to the location of the APP.
upvoted 2 times
...
akinz
1 month, 3 weeks ago
my vault is in westus and my web application is in canadacentral, can my application use the key vault in westus to retrieve secret Copilot said: A web application in Canadacentral can use an Azure Key Vault in West US to retrieve secrets. Azure Key Vault is designed to be accessible from any region, allowing applications to securely retrieve secrets regardless of their geographic location.
upvoted 1 times
...
69b9d7c
3 months, 1 week ago
Box 1: Correct, Managed Identity. Box 2: The best for microsoft recommendations is vault1, vault3. Unfortunately the question is confusing, but I will opt for what Microsoft recommends. https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices
upvoted 4 times
...
pasangawa
3 months, 1 week ago
for box 2, i'll vote for vault 1, 2 and 3. though not best practice, i believe key vault can be access on resource group and region pair as long as configured properly.
upvoted 2 times
...
ELearn
3 months, 1 week ago
regarding the key vault aspect(2nd answer) , What do they mean here? what are the possibilities/options or which one is thew best option. we need to know instead of assuming ,in order for us to respond properly. 1st box: Managed Identity By creating a managed identity for app1, you can assign the necessary permissions to access the secrets in each key vault. The managed identity can be given access to multiple key vaults, regardless of their location or resource group. 2nd box: Confusing. we need to know what they mean here (either the best option , or all the possibilites/options)
upvoted 3 times
Dankho
2 months ago
agreed, the question doesn't specify so I think all 3 vaults are possible.
upvoted 2 times
...
ELearn
3 months, 1 week ago
Azure Key Vault allows secrets to be accessed from different regions and resource groups, provided that the necessary permissions are set up correctly. This means that app1 can access secrets from Vault1, Vault2, and Vault3, as long as it has the required access permissions to those key vaults. Best Option: Vault1 — due to the same region and resource group, offering the best balance of performance and management simplicity. Second Best: Vault3 — good for low latency but might need more attention for permissions and management due to being in a different resource group. Third Option: Vault2 — feasible but not optimal due to being in a different region, which could lead to latency and additional costs.
upvoted 4 times
...
...
majejim435
3 months, 1 week ago
*Correction: Vault2 is in different region
upvoted 2 times
...
majejim435
3 months, 1 week ago
Managed Identity Vault1, Vault2, or Vault3. Vault3 is in a different region and therefore latency and costs is increased. However, it can be used without deploying an additional resources.
upvoted 3 times
majejim435
3 months, 1 week ago
*Correction: Vault2 is in different region
upvoted 1 times
...
...
6c05b3d
3 months, 1 week ago
Managed Identity and Vault1. Managed Identity is often preferred for Azure resources like apps because it simplifies authentication and eliminates the need to manage credentials. It provides a secure way for the application to authenticate to Azure services. Vault 1: app1 is located in the same resource group (RG1) and region (East US) as Vault1, so it should use the secret from Vault1 for best performance and accessibility.
upvoted 1 times
...
HardeWerker433
3 months, 2 weeks ago
is this brokey?
upvoted 1 times
Jacky_1
3 months, 1 week ago
Managed id is right https://learn.microsoft.com/en-us/azure/container-apps/manage-secrets?tabs=azure-portal#reference-secret-from-key-vault But I think it should be vault 1, 2 and 3. I cannot find anything about restrictions on resource group, or region. Another region can give some latency.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...