ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 4 question 24 discussion

Actual exam question from Microsoft's AZ-300
Question #: 24
Topic #: 4
[All AZ-300 Questions]

HOTSPOT -
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure SQL Database to store and retrieve data. Several departments have the following requests to support the applications:

You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sql
by Serena_C at Feb. 16, 2020, 3:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thirstylion
Highly Voted 5 years, 1 month ago
1. Key Vault 2. MSI 3. Key Vault
upvoted 33 times
Shunya
5 years ago
2 is MSI because here the question is how to access the key vault by using access token. So MSI is correct.
upvoted 6 times
...
Shunya
5 years ago
3 is Key Vault as the ask is how to protect the Azure SQL Database connection string. Link to how this can be done: https://www.reddit.com/r/AZURE/comments/d43ok0/protecting_database_connection_string_with_azure/
upvoted 4 times
praveen97
5 years ago
Agree with Shunya and thirstylion
upvoted 2 times
...
...
...
milind8451
Highly Voted 5 years, 3 months ago
I think Key vault is for box 3 as well because They want to protect the connection string which can be stored securely in a key vault. Managed identity can not secure connection string.
upvoted 19 times
nagendra25may
5 years, 1 month ago
What you will store in Connection string ? a SQL authentication password ? its not recommended to use SQL password. Identify is better option.
upvoted 1 times
...
...
certmonster
Most Recent 4 years, 8 months ago
I'll go with - KeyVault, MSI and KeyVault. Fight me.
upvoted 2 times
...
azurehunter
4 years, 8 months ago
All are Key vault. The question is asking to store and protect the keys, certificates, and connection strings, which are all protected by Key Vault. Btw, key vault itself is protected by AD.
upvoted 1 times
...
RoryGates
4 years, 10 months ago
Bit of a tricky question, but #2 should be MSI just for the access token. No sure how that would be done in KV. So: KV MSI MSI
upvoted 1 times
...
umangsingh123
4 years, 10 months ago
The B part is a bit tricky , you need to read the lines carefully . If you see certs then first thing would com to mind that its key vault but then it talks about access so it is MSI
upvoted 1 times
...
ravishankarj
5 years ago
Box 2 should be MSI. https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#obtain-tokens-for-azure-resources An app can use its managed identity to get tokens to access other resources protected by Azure AD.
upvoted 2 times
...
azureexaminer
5 years, 1 month ago
Notice the use of the key words: 1. store = keyvault. reason - keyvault can be used to store keys 2. access token = msi. reason - Your code can use a managed identity to request access tokens for services that support Azure AD authentication. This includes key vault. 3. protect/allow access = keyvault. reason - 'protect' by storing the key in the keyvault, 'allow access' by configuring an access policy in keyvault. we are not concerned about MSI here because of the keywords.
upvoted 15 times
...
chaudh
5 years, 1 month ago
Database: Azure Key Vault is an ideal location for key storage Development: for application you can call the MSI endpoint to get an access token to authenticate the the Azure resource. Security: pay attention on "only allow access to the connection strings during the application runtime", again this is an application authentication to AZ resource, why not MSI.
upvoted 1 times
...
tmurfet
5 years, 2 months ago
Boxes might have got switched around in the answer. Box 2, Development mentions X.509 cert and access token so MSI might fit with that?
upvoted 5 times
...
spiraltrip
5 years, 2 months ago
Under the Azure Key Vaults Secret Documentation, it clearly states that: "Key Vault provides secure storage of secrets, such as passwords and database connection strings." Ref: https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets
upvoted 4 times
...
kumar123
5 years, 2 months ago
Box 3 MSI is right. https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
upvoted 1 times
...
Myk
5 years, 5 months ago
I think its because of this. https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi Tutorial: Secure Azure SQL Database connection from App Service using a managed identity
upvoted 6 times
test777
5 years, 2 months ago
In the question it says "Protect Azure SQL Database connection strings" and link that you've provided says "Secure Azure SQL Database connection". Connection and connection string is not that same thing, MSI can not protect connection string, so if question text is correct, I think Key Vault should be the answer
upvoted 8 times
...
...
Serena_C
5 years, 5 months ago
Why Box 3 is MSI? not key vault?
upvoted 1 times
tartar
4 years, 10 months ago
Key Vault MSI Key Vault
upvoted 4 times
...
AhmedAL
4 years, 10 months ago
only during app runtime, hence a system account can guarantee it
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel