You need to meet the security requirements for the E-Commerce Web App. Which two steps should you take? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A.
Update the E-Commerce Web App with the service principal's client secret.
B.
Enable Managed Service Identity (MSI) on the E-Commerce Web App.
C.
Add a policy to the Azure Key Vault to grant access to the E-Commerce Web App.
Suggested Answer:BC🗳️
Scenario: E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD). A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. T References: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
The A,C is not enough alone with that the app cannot access to the key vault an RBAC or an access policy still need so the B,C is correct with that the webabb access to the kv.
There are two requirements securing access to Key Vault (requires B,C) and securing Web App with AAD (reuquiers A,D). So all answers seems to be necessary and if one suppose that prerequisites (msi + principal) are done there can be that the correct answer is A,C
The answers all relate to the "all settings must be in Key Vault" requirement. Storing secrets in apps is bad practice and breaches requirements, which rule out A and D. It is more secure to use a Managed Identity that has access to Key Vault; ie, C & C.
IMO, given Answer is wrong. it should be A and D
the requirement is "E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD)."
So therefore you need to enable APP Service Authentication and add the Service Principal. Secret is optional.
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
The given answer should be correct. It's mentioned in MS docs on how to configure and allow access from WebApp to Key Vault:
- Add a system-assigned identity
- Add a user-assigned identity
- Obtain tokens for Azure resources
"An app can use its managed identity to get tokens to access other resources protected by Azure AD, such as Azure Key Vault."
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-a-system-assigned-identity
upvoted 6 times
...
...
This section is not available anymore. Please use the main Exam Page.AZ-203 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Zsolt72
4 years, 3 months agonhtmyzpx
4 years, 5 months agoBrak
4 years, 4 months agoBrak
4 years, 4 months agoharry973
4 years, 11 months agopate
4 years, 5 months agoLTiwana
4 years, 11 months ago