ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 1 discussion

Actual exam question from Microsoft's AZ-304
Question #: 1
Topic #: 2
[All AZ-304 Questions]

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
✑ Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
✑ Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
  • B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
  • C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
  • D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
  • E. Assign the Key Vault Contributor role to the IT staff.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by certmonster at Oct. 27, 2020, 12:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
certmonster
Highly Voted 4 years, 9 months ago
The answers are correct.
upvoted 57 times
sanketshah
4 years, 7 months ago
given answer is correct.
upvoted 5 times
...
...
Virendrak
Highly Voted 4 years, 9 months ago
The answers are correct: 1. On access policy page of azure key vault check the option "Azure Resource Manager for template deployment" Enable Access to: Azure Virtual Machines for deployment Azure Resource Manager for template deployment Azure Disk Encryption for volume encryption 2. Add a custom role for IT staff
upvoted 14 times
...
OCHT
Most Recent 3 years, 2 months ago
Ofcos BD . https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli
upvoted 1 times
...
kanweng
3 years, 4 months ago
Selected Answer: BD
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli
upvoted 3 times
...
plmmsg
3 years, 4 months ago
B & D is correct answers
upvoted 1 times
...
ERROR505
3 years, 5 months ago
Selected Answer: BD
Correct
upvoted 1 times
...
Hudhaifa
3 years, 5 months ago
On Exam 19th Feb 2022
upvoted 1 times
...
Azure_daemon
3 years, 5 months ago
B & D are the correct answers
upvoted 1 times
...
examineezer
3 years, 7 months ago
I guess D is preferable to E because of the "principle of least privilege" requirement.
upvoted 1 times
...
dorian_grecu
3 years, 8 months ago
Selected Answer: BD
The answers are correct.
upvoted 5 times
...
Bob888
3 years, 10 months ago
BD are correct https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-powershell
upvoted 2 times
...
syu31svc
3 years, 10 months ago
"least privilege" Only B and D fit the bill
upvoted 2 times
...
nkv
3 years, 10 months ago
Came in exam on 20-sep-21, i passed, answers are correct, but i choose E by mistake, but passed
upvoted 4 times
...
murongqing
4 years ago
B&D correct answer
upvoted 1 times
...
DragonsGav
4 years, 1 month ago
Correct BD Option D [Refer to https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-use-key-vault]
upvoted 2 times
...
heamgu
4 years, 1 month ago
B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment. D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
upvoted 1 times
...
LT
4 years, 2 months ago
Passed the exam (8th May 2021). This question was in exam. Dump covered 50-60%
upvoted 4 times
17Master
3 years, 5 months ago
moderador "delete LT"
upvoted 1 times
...
Amit3
4 years, 1 month ago
So how did you cover rest of exam material (50-40%) ?
upvoted 1 times
...
cfsxtuv33
4 years, 1 month ago
What other material did you use for the exam?
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel