Exam AZ-204 topic 13 question 1 discussion

As per requirement: - Azure Key Vault name: cpandlkeyvault - Secret name: PostgreSQLConn - Id: 80df3e46ffcd4f1cb187f79905e9a1e8 https://myvault.vault.azure.net//secrets/mysecretname/4387e9f3d6e14c459867679a90fd0f79?api-version=7.1 Box 1: cpandlkeyvault We specify the key vault, cpandlkeyvault. Box 2: PostgreSQLConn We specify the secret, PostgreSQLConn. Box 3: Environment If a reference is not resolved properly, the reference value will be used instead. This means that for application settings, an environment variable would be created

To prevent reading the cases multiple times: Please see the spots below where you can find the questions (page/topic/question/subject) City Power & Light company 50 13 1 API endpoint to Key Vault + variable 50 13 2 create and import certificate in azure web app 50 13 3 configure APIM for authentication with JWT 50 13 4 authenticate user by JWT 50 13 5 MI Authentication to Azure Logic app 51 13 6 Azure Service Bus to Event Grid integration Tier of bus + RBAC role 52 17 1 Application Insights/Monitor/Log Analytics 52 17 2 Azure Blob storage settings SAS or MI, file auditing 52 18 1 solve function timeout 55 24 1 cli for integration Azure Service Bus and Azure Event Grid 55 24 2 ingestion for Grid events 58 32 1 create appropriate storage account + geo settings + cool/hot

Got this case City Power and Lights on my exam 9th Aug 2024. Went with highly voted answer, Scored:871

No way it can be query string. It doesn't have query params for the REST operation. And for environment "If a reference is not resolved properly, the reference value will be used instead. This means that for application settings, an environment variable would be created" This text no longer exists or was copied from stackoverflow. This variable type comes from: https://learn.microsoft.com/en-us/power-automate/guidance/automation-kit/setup/environment-variables#get-the-url-path-for-your-azure-key-vault-secrets "The Azure Key Vault secrets are using the environment variable type. These environment variables need to be in the following format." I think the question is wrong. But either way, select environment. Other options are more incorrect.

The variable type is Environment, See: https://learn.microsoft.com/en-us/power-apps/maker/data-platform/environmentvariables-azure-key-vault-secrets

I got this question on my exam, 2023Dec, go with what I remember was the most voted answer. Score 902, most of the questions were here, slightly different on wording because the Azure Ad <-> Entra Id change. Case was City Power & Light. Good luck! Important tip, you have access to microsoft learn during the exam!

Got this case on my exam 2023July13. Went with highest wote and scored 917.

Query string makes nonsense. You'll have to specify a new version every time it updates in the query string. If you use it as environment variable the following will happen. If a version is not specified in the reference, then the app will use the latest version that exists in the key vault. When newer versions become available, such as with a rotation event, the app will automatically update and begin using the latest version within 24 hours. The delay is because App Service caches the values of the key vault references and refetches it every 24 hours. Any configuration changes to the app that results in a site restart causes an immediate refetch of all referenced secrets. https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli

got it on my exam 30-12-2022 score: 818

The most debated is the third, I guess Microsoft probably mean how to give this secret reference to the app. It is using appsettings, that is a type of Environment variable. So, I will go for that and hope for the best

"variable type to access azure key vault secret value" < this probably does not mean where the response comes. That comes in "value" property. The question creator probably means how to access keyvault key itself. How to pass that authorization. But considering this is functions I do not think query string is correct.

https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/get-secret/get-secret

I think it's a Function App variable, so it should be Environment

Correct Answer: Box 1: cpandlkeyvault Name of the key vault. Box 2: PostgreSQLConn Name of the secret. Box 3: QueryString Variable type to access the secret (100% correct - Not environment)

Got this one 01/2022. Went with most voted (to avoid writing answers again) @mlantonis

nah, i read it wrong, they do not have ID in the URL...it is only in the comments.

I have an issue with the "original question" meaning, they are assuming that we would send ID of the secret version to the HTTP GET. This means that we would ALWAYS retrieve the SAME version of the secret, and would not get the latest version. And they specifically said that the latest version should be used, so based on the information on page https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret we see that the ID is OPTIONAL, and if we do omit it the latest version will be retrieved. My comment is just to point out the possibility that the proposed solution by Microsoft is invalid.