ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 22 discussion

Actual exam question from Microsoft's AZ-500
Question #: 22
Topic #: 5
[All AZ-500 Questions]

DRAG DROP -
You have an Azure subscription named Sub1 that contains an Azure Storage account named contosostorage1 and an Azure key vault named Contosokeyvault1.
You plan to create an Azure Automation runbook that will rotate the keys of contosostorage1 and store them in Contosokeyvault1.
You need to implement prerequisites to ensure that you can implement the runbook.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Step 1: Create an Azure Automation account
Runbooks live within the Azure Automation account and can execute PowerShell scripts.
Step 2: Import PowerShell modules to the Azure Automation account
Under 'Assets' from the Azure Automation account Resources section select 'to add in Modules to the runbook. To execute key vault cmdlets in the runbook, we need to add AzureRM.profile and AzureRM.key vault.
Step 3: Create a connection resource in the Azure Automation account
You can use the sample code below, taken from the AzureAutomationTutorialScript example runbook, to authenticate using the Run As account to manage
Resource Manager resources with your runbooks. The AzureRunAsConnection is a connection asset automatically created when we created 'run as accounts' above. This can be found under Assets -> Connections. After the authentication code, run the same code above to get all the keys from the vault.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
Reference:
https://www.rahulpnath.com/blog/accessing-azure-key-vault-from-azure-runbook/
by Pinto at March 19, 2021, 5:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ZakS
Highly Voted 4 years, 1 month ago
My thinking is that the given answers for boxes 1 and 2 are correct. 3rd box should be Run Set-AzKeyVaultAccessPolicy. So, answers should be: Box 1 - Create Azure Automation account (This step automatically creates the Azure Run As account) Box 2 - Import PowerShell modules (Adds the required modules to the Automation account) Box 3 - Run Set-AzKeyVaultAccessPolicy (Gives the Azure Run As account access to the Key Vault)
upvoted 42 times
...
Pinto
Highly Voted 4 years, 3 months ago
It should be: Box1: Create azure automation account Box2: Run Set-AzKeyVaultAccessPolicy. Box3: Import powershell modules A connection resource cannot function till access is set. Also found this blog which agrees with what I believe is correct - https://kasunkodagoda.com/2018/05/07/key-rotation-made-easy-with-azure-key-vault-and-azure-automation/
upvoted 20 times
akp1000
3 years, 7 months ago
Definitely wrong. How can you run the powershell command before you import the module.
upvoted 16 times
pentium75
10 months, 4 weeks ago
The Powershell command here would NOT be part of the automation, you would run it separately. But import refers to the automation account.
upvoted 1 times
...
...
canonigo
4 years, 3 months ago
I agree.
upvoted 2 times
sureshatt
4 years, 3 months ago
I agree.
upvoted 2 times
...
...
macco455
4 years, 2 months ago
Agree based on this article from 2 1/2 years ago, but things might have changed since then although I am not able to find anything else besides the article in the answer which is from almost 5 years ago. SO this is better than that and I will go with this as well.
upvoted 2 times
...
...
wardy1983
Most Recent 1 year, 7 months ago
Explanation: Step 1: Create an Azure Automation account Runbooks live within the Azure Automation account and can execute PowerShell scripts. Step 2: Import PowerShell modules to the Azure Automation account Under 'Assets' from the Azure Automation account Resources section select 'to add in Modules to the runbook. To execute key vault cmdlets in the runbook, we need to add AzureRM.profile and AzureRM.key vault. Step 3: Run Set-AzKeyVaultAccessPolicy (Gives the Azure Run As account access to the Key Vault)
upvoted 4 times
...
majstor86
2 years, 3 months ago
1 - Create Azure Automation account 2 - Import PowerShell modules 3 - Run Set-AzKeyVaultAccessPolicy
upvoted 4 times
billo79152718
2 years, 3 months ago
Will you please stop spamming with the same answers to the questions each time?! You do that on all the questions. PLEASE. We do not need that kind of comments.
upvoted 5 times
saturation97
2 years, 2 months ago
Yup, I have to agree.
upvoted 1 times
...
...
majstor86
2 years, 3 months ago
correction Per documentation: 1 - Create Azure Automation account 2 - Import PowerShell modules 3 - Create a connection resource in the Azure Automation account 4 - Run Set-AzKeyVaultAccessPolicy
upvoted 5 times
Nian
2 years, 3 months ago
Agree - also the correct answer (4 step) according to the whizlab site
upvoted 1 times
...
...
...
Muaamar_Alsayyad
2 years, 8 months ago
Box 1 - Create Azure Automation account Box 2 - Import PowerShell modules Box 3 - Run Set-AzKeyVaultAccessPolicy
upvoted 7 times
...
xingu
2 years, 12 months ago
A repsosta esta correta, voce faz a conta de automacao , importa os modulos e em sequencia faz a conexao. no passo 4 voce define o set-azkeyvaultacesspolicy como parte do script dessa conexao.
upvoted 2 times
Ajdlfasudfo0
2 years, 5 months ago
get help
upvoted 2 times
...
...
poplovic
3 years, 9 months ago
tested. the connection resource is created automatically, so as the managed identity. therefore, the first step is to create azure automation account. the next two steps could be in any order 2. import powershell modulese, azureRm.profile and AzureRM.keyvault 3. modify key vault access policy to allow the access see also https://www.rahulpnath.com/blog/accessing-azure-key-vault-from-azure-runbook/
upvoted 7 times
...
kumax
4 years ago
On exam, May 2021.
upvoted 3 times
...
Cyberbug2021
4 years, 1 month ago
given answer seems correct - run set-az* could be the fourth step.
upvoted 4 times
souvik123
4 years, 1 month ago
I think the given answer is correct. Run Set-AzKeyVaultAccessPolicy can be the next step.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel