Exam AZ-900 topic 1 question 273 discussion

It should be D, instead of B. Azure key vault keep Security Tokens https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis

The answer B is correct, because it asks what "an application should connect to". An Application cannot connect to a Key Vault.

security token is a specific concept related to OAuth 2.0 and OIDC, so the answer is Azure AD.

Azure AD issues security tokens for authentication and authorization.

A security token is a specific concept related to OAuth 2.0 and OIDC, so the answer is Azure AD.

An application should connect to an authorization server to retrieve security tokens. This server is responsible for authenticating users and issuing tokens, such as access tokens, refresh tokens, and ID tokens. For example, in the context of the Microsoft identity platform, applications connect to Azure Active Directory (Azure AD) to obtain these tokens. The tokens are then used to access protected resources, such as web APIs

Key Vault

-> Azure Key Vault is used to store secrets for server applications -> You need to connect to Azure Active Directory to retrieve these security tokens Steps: 1) Application Authenticate with Azure AD 2) Application receives token from Azure AD

Azure Key Vault is a service used to securely store and manage secrets, keys, and certificates, but it is not used for retrieving security tokens for application authentication or authorization. Instead, Azure Active Directory (Azure AD) is the service used for obtaining and managing security tokens.

The correct answer is B. An application should connect to Azure Active Directory (Azure AD) to retrieve security tokens. Azure AD is the identity provider that issues security tokens for authentication and authorization purposes12. Azure Key Vault, on the other hand, is used to securely store secrets, such as API keys, passwords, and certificates, but it is not used to issue security tokens2.

the cuestion is right , it says applications security tokens not users , and of course application connect to key vault to can replace values of appSettings properties

imho it is B, https://learn.microsoft.com/en-us/azure/key-vault/general/authentication - check the diagram

Its D Storing Application Secrets: API Keys and Tokens: Securely store API keys, tokens, and other sensitive configuration data that applications need to access. Database Connection Strings: Store connection strings securely and retrieve them as needed for application configuration.

When an application needs to authenticate itself or a user to access another service, it typically requests a security token from Azure AD, which validates the credentials and returns a token that the application can use to access the desired service.

Answer D In the context of Azure and authentication, an application typically connects to Azure Active Directory (Azure AD) to retrieve security tokens. Azure AD is Microsoft's cloud-based identity and access management service that helps your users sign in and access resources

Azure AD authenticates users and provides access tokens. Key Vault stores it.

Key vault stores tokens, AAD is used to retrieve them