Exam AZ-900 topic 1 question 254 discussion

I would go with "D". Server Applications.

D - Should be the answer. Why would Vault be used to store (Azure AD) user accounts but not (Azure AD) admin accounts? makes no sense.

User have passwords, you create SECRETS for applications

I would go with D - Key Vault can store secret / key information (API key for example). Imagine you have sever azure resources that require sensitive information to be locked away, you'd use Key Vault for this. Strictly speaking, you can store Admin secret/key under key vault, but this answer would be too limiting in this question

I would go with A - This is the exact definition of a Key Vault. See here from a Microsoft Site: What is used to store secrets for Azure Active Directory user accounts? Azure Key Vault enables Microsoft Azure applications and users to store and use several types of secret/key data: keys, secrets, and certificates Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module(HSM) pools

Azure Keyvault is used to store different type of secrets incudi g certificates, apps credential and admin users etc.. so it depends what they are looking for A would be correct but incomplete D is wrong with just „server applications“

D is the answer per https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

The correct answer is D. The statement as provided is not entirely accurate. Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. While Azure Key Vault can store secrets for a variety of purposes, it's not specifically for storing secrets for Azure Active Directory (Azure AD) user accounts. Instead, it is commonly used for managing secrets needed by server applications, services, and administrative accounts, ensuring that these secrets are stored securely and accessed by authenticated services or individuals only. Thus, the correct choice would be option 4) server applications, as it describes one of the primary use cases of the Azure Key Vault service. Personal data like Personally Identifiable Information (PII) can also be safeguarded by Azure Key Vault, but it's more about protecting access to information rather than storing user account details specifically.

I think the answer D is simply incomplete and should say “configuration secrets’ at the end of it

L'affirmation "Azure Key Vault est utilisé pour stocker les secrets des comptes d'utilisateur Azure Active Directory (Azure AD)" est incorrecte. Azure Key Vault est utilisé principalement pour stocker et gérer les secrets, clés cryptographiques et certificats utilisés par les applications et services, et non spécifiquement pour les secrets des comptes d'utilisateur Azure AD. La meilleure correction serait : D. applications serveur

What is really needed here is to know what is underlined in this question. It seems what should be underlined is "Azure Active Directory (Azure AD) user accounts" which would lead to the answer of D. server applications. • Azure AD: Focuses on user identities and access control. It provides features for password hashing, multi-factor authentication, and role-based access control (RBAC) to secure your Azure environment. • Azure Key Vault: Designed for securing secrets used by applications and services. This includes API keys, certificates, and cryptographic keys. Key Vault offers strong access control mechanisms to manage who can access these secrets.

Key Vault. Safeguard cryptographic keys and other secrets used by cloud apps and services.

in the first paragraph provided in the link below, it says that "Azure Key Vault enables Microsoft Azure applications and users to store and use several types of secret/key data: keys, secrets, and certificates." https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates

https://learn.microsoft.com/en-us/azure/key-vault/general/authentication

answer is A

Correct answer is D - "Key Vault is designed to store configuration secrets for server apps"

Agree on the given answer and the provided link.