Exam AZ-104 topic 1 question 20 discussion

Key vault + access policy

The two components you should create to achieve your goal are: 1. An Azure Key Vault: you can store the administrative password in an Azure Key Vault, which provides secure storage and management of cryptographic keys, certificates, and secrets. Storing the password in a Key Vault ensures that it is not stored in plain text and provides an additional layer of security to protect the password. 2. An access policy: You should create an access policy to control access to the Key Vault secrets. An access policy specifies who can perform operations on the secrets stored in the Key Vault. You can grant permissions to users, applications, and services to access the Key Vault and its secrets, and you can specify the level of access that they have. By creating an access policy, you can control who has access to the administrative password and ensure that it is used only by authorized entities. Therefore, to achieve your goal, you should create an Azure Key Vault to store the administrative password, and an access policy to control access to the Key Vault secrets.

CORRECT

Be carefull, Accesspolicy is legacy, now we have RBAC. If they replace it with RBAC, you know this is the correct answer

Given answer is right

Key vault + access policy

I think is B

The question says "You need to make sure that the password cannot be stored in plain text," not how do you set it up so it's not stored in plain text.

Key Vault and Access Policy Securely Deploy Azure VM With Local Admin Password from Azure Key Vault and not in ARM Template.

Azure key vault to store the password and Access policy to make it accessible. https://learn.microsoft.com/en-us/azure/key-vault/general/basic-concepts

The question states "option", not "options". Based on the text I assume there is only one correct answer. In this case I would go with the Key Vault

This question is explained in below youtube video.

If you need to store stuff securely, you should use an Azure Key Vault and store it as key-value, where the key is a string and the value can be anything. To access the keyvault data you need an Access Policy taht defines who has access to the vault.

This whole answers/grid situation is confusing.

The two components that should be created to achieve the goal of storing an administrative password securely are: An Azure Key Vault, which can securely store and manage cryptographic keys, certificates, and passwords. The password can be stored as a secret in the Key Vault and then accessed by the ARM template using a reference to the Key Vault. An access policy, which is used to define who has permissions to access and manage the Key Vault. This is important to ensure that only authorized users can access the password stored in the Key Vault.

answer is correct, plus this question appears in the MS free Assessment exam in MS page for this course.

Key Vault & Access Policy