SIMULATION - You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-123456789-kv. To complete this task, sign in to the Microsoft Azure portal.
Suggested Answer:See explanation below.
You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault. 1. Sign in to Azure portal 2. Locate virtual machine VM1. 3. Select Identity 4. Enable the system-assigned identity for VM1 by setting the Status to On. Note: Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad
Here are the missing steps:
Go to KV - access policy - select permissions - Key - key mgmt- all, key rotation- all, Secret - mgmt- all. After selecting permission, select MI to assign the permission. In this case it is the VM's MI. Look up the MI using the VM MI's object ID. Then click next to make the assignment.
it is not completed
1 in your VM search input type : identity -> system assigned -> create -> copy object id
2 in Key vault new access policy -> set permissions -> in principal paste the id -> review create
1. Sign in to Azure portal
2. Locate virtual machine VM1.
3. Select Identity
4. Enable the system-assigned identity for VM1 by setting the Status to On.
5. Allow the managed identity of VM1 in Key vault using Access control (IAM) blade role assignment
Access Key Vault from Azure virtual machine.
1. Assign Managed Identity to the virtual machine
Enable System-Assigned managed identity for VM1.
This creates an identity for the virtual machine within Azure Active Directory (Azure AD).
2. Configure Key Vault Access Policies
Add Access Policy, select "Virtual Machine VM1"
Add Appropriate permissions, such as "Get" or "List"
Select principal, search and select the "Managed Identity" associated with VM1.
3. Access the Key Vault from VM1
The system-assigned managed identity is enabled for VM1 (OK)
Key Vault access policies are configured (OK)
You can programmatically access the secrets.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.AZ-400 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stefan1234567
Highly Voted 1 year, 6 months agoRams_84zO6n
Highly Voted 1 year, 1 month agoChristian_garcia_martin
Most Recent 3 months agoTyler2023
7 months, 3 weeks agorenzoku
9 months, 2 weeks ago