ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 4 question 1 discussion

Actual exam question from Microsoft's AZ-400
Question #: 1
Topic #: 4
[All AZ-400 Questions]

HOTSPOT -
You have an Azure subscription that contains the resources shown in the following table.

You plan to create a linked service in DF1. The linked service will connect to SQL1 by using Microsoft SQL Server authentication. The password for the SQL

Server login will be stored -
in KV1.
You need to configure DF1 to retrieve the password when the data factory connects to SQL1. The solution must use the principle of least privilege.
How should you configure DF1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Secret -
Store credential in Azure Key Vault by reference secret stored in key vault.
To reference a credential stored in Azure Key Vault, you need to:
1. Retrieve data factory managed identity
2. Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grant
Get permission in Secret permissions dropdown. It allows this designated factory to access secret in key vault.
3. Create a linked service pointing to your Azure Key Vault.
4. Create data store linked service, inside which reference the corresponding secret stored in key vault.

Box 2: Access policy -
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault
by ppo12 at April 24, 2022, 11:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
surensaluka
Highly Voted 2 years, 2 months ago
This came today (2023-02-14) for my exam. Selected Secret and Access Policy
upvoted 15 times
pc1707
1 year, 8 months ago
Hey! Did you get simulation questions?
upvoted 7 times
...
...
meoukg
Highly Voted 2 years, 5 months ago
saw it yesterday in my exam
upvoted 9 times
pc1707
1 year, 8 months ago
Hey! Did you get simulation questions?
upvoted 2 times
Dankho
3 months, 3 weeks ago
You need to go back in time and post that message, just like I do so you can read my message, and even that won't work. We basically have to be studying for the test on the same day to respond to each other. They really need to incorporate an email notification here.
upvoted 2 times
...
...
...
nikolayivanov
Most Recent 3 months, 1 week ago
Permission type: Secret - Since the password for SQL Server login is stored as a secret in Key Vault, you should choose "Secret". Access method: Role-based access control (RBAC): - This method allows you to control access to the Key Vault using Azure Active Directory (Azure AD) roles. It is the recommended approach as it provides fine-grained access control and adheres to the principle of least privilege.
upvoted 2 times
...
skashanali
6 months, 1 week ago
Correct answer is: Secret, RBAC Access policies not available. The access configuration for this key vault is set to role-based access control. To add or manage your access policies, go to the Access control (IAM) page.
upvoted 4 times
...
Skankhunt
9 months, 1 week ago
It's an old question. I believe the correct answer now would be: Secret RBAC
upvoted 8 times
...
ozbonny
1 year, 2 months ago
secret access policy
upvoted 1 times
...
vsvaid
1 year, 4 months ago
Agree with suggested answer
upvoted 1 times
...
Rod_DA
1 year, 7 months ago
New recommended acceess configuration to vault is now RBAC instead of access policy and there is a role to give access only to secrets so The answer should be secret and RBAC
upvoted 6 times
...
Tyler2023
1 year, 7 months ago
Access Policy is a legacy authorization system built in Key Vault to provide access to keys, secrets, and certificates but there is new recommended authorization, which is RBAC, you can setup the Managed Identity of Azure Data Factory and allow the identity to access Key Vault BUT since, in the question, they ask which permission type that you need which is Secret so you have to Access Policy instead of RBACK Answer is Secret and Access Policy refs: https://learn.microsoft.com/en-us/azure/data-factory/data-factory-service-identity https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy
upvoted 8 times
...
yana_b
1 year, 8 months ago
Provided answer is correct
upvoted 1 times
...
xRiot007
1 year, 9 months ago
Answer is secret and access policy. See ref: https://tech-tutes.com/2020/05/16/get-database-password-from-key-vault-in-data-factory/
upvoted 1 times
...
zellck
1 year, 10 months ago
1. Secret 2. Access policy https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal A Key Vault access policy determines whether a given security principal, namely a user, application or user group, can perform different operations on Key Vault secrets, keys, and certificates. You can assign access policies using the Azure portal, the Azure CLI, or Azure PowerShell.
upvoted 6 times
...
dibbadobbagibbu
2 years, 2 months ago
RBAC is the only one than can limit access per Secret. So you could argue that Rbac is correct
upvoted 1 times
Rubends
2 years ago
RBAC is use for keyvault access for use secret you must configure access policy
upvoted 1 times
catfood
1 year, 9 months ago
no, rbac can be used for individual secrets, configure in the secret's IAM blade.
upvoted 2 times
Pav143
10 months, 2 weeks ago
Well, now that means RBAC for individual secret access satisfies for least privilege than an access policy that offers high privilege by giving access to ALL secrets. So yeah, microsoft is not dumb, if you select access policy when there is RBAC in the options, youre going to lose a point there for sure.
upvoted 1 times
...
...
...
...
Aqlanoz
2 years, 2 months ago
since keyvault have rbac now, should the answer be rbac instead of access policy ?
upvoted 6 times
...
syu31svc
2 years, 8 months ago
"Password" so secret for permission Access to Key Vault so Access Policy Answer is correct
upvoted 3 times
...
Govcomm
2 years, 9 months ago
Secret Access Policy (Data Plan)
upvoted 4 times
...
Leandrocei
2 years, 9 months ago
Correct. Came today 22 july 9
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago