ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 11 discussion

Actual exam question from Microsoft's AZ-500
Question #: 11
Topic #: 5
[All AZ-500 Questions]

HOTSPOT -
You have an Azure subscription that contains an Azure key vault named Vault1.
On January 1, 2019, Vault1 stores the following secrets. All dates are in mm/dd/yy format.

When can each secret be used by an application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Never -
Password1 is disabled.
Box 2: Only between March 1, 2019 and May 1,
Password2:

Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretattribute
by dimaste at Oct. 10, 2021, 6:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wooyourdaddy
Highly Voted 3 years, 4 months ago
Box1: Never Box2: Only between March 1, 2019 and May 1, 2019 -Enable Indicates whether to enable a secret. Specify $False to disable a secret, or $True to enable a secret. If you do not specify this parameter, there is no change to the current secret's enabled or disabled state. -Expires Specifies the date and time that a secret expires. -NotBefore Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.
upvoted 31 times
ITFranz
1 year, 6 months ago
Thank you for the wooyourdaddy. This is the support link. https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets
upvoted 1 times
...
...
dimaste
Highly Voted 3 years, 6 months ago
1 - Never (disabled) 2 - Always Attributes in secrets are informational purposes only https://docs.microsoft.com/en-us/azure/key-vault/secrets/about-secrets
upvoted 16 times
dmlists
2 years, 3 months ago
correct. tested with az keyvault secret show: while retrieving a disabled secret says "Operation get is not allowed on a disabled secret", an expired secret value is returned.
upvoted 1 times
...
Ajdlfasudfo0
2 years, 4 months ago
I think 2 is wrong. enabled: boolean, optional, default is true. This attribute specifies whether the secret data can be retrieved. The enabled attribute is used in conjunction with nbf and exp when an operation occurs between nbf and exp, it will only be permitted if enabled is set to true. Operations outside the nbf and exp window are automatically disallowed, except in particular situations. so if enabled is set to true, nbf and exp will be respected. https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets#date-time-controlled-operations
upvoted 1 times
Ajdlfasudfo0
2 years, 3 months ago
correction: 2 is always, because it is always allowed to get the secret if enabled set to turn
upvoted 1 times
Ajdlfasudfo0
2 years, 3 months ago
true*.
upvoted 1 times
...
...
...
TheProfessor
1 year, 6 months ago
enabled: boolean, optional, default is true. This attribute specifies whether the secret data can be retrieved. The enabled attribute is used with nbf and exp when an operation occurs between nbf and exp, it will only be permitted if enabled is set to true. Operations outside the nbf and exp window are automatically disallowed, except in particular situations.
upvoted 1 times
...
...
xRiot007
Most Recent 9 months, 1 week ago
Box1 - Never - disabled Box2 - Always - enabled - attributes do not impose restrictions, they are just informational. Ref: https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets#secret-attributes
upvoted 1 times
...
brooklyn510
1 year, 3 months ago
On exam 1/2/24
upvoted 4 times
...
[Removed]
1 year, 4 months ago
Date-time controlled operations A secret's get operation will work for not-yet-valid and expired secrets, outside the nbf / exp window. Calling a secret's get operation, for a not-yet-valid secret, can be used for test purposes. Retrieving (getting) an expired secret, can be used for recovery operations.
upvoted 1 times
[Removed]
1 year, 4 months ago
Box1 is never Box 2 is Always
upvoted 1 times
...
...
Andy_S
1 year, 5 months ago
Box1: Never - (enabled=$false) Box2: Always - fields Expires and NotBefore ar for INFORMATION purpose ONLY https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets"
upvoted 3 times
...
wardy1983
1 year, 5 months ago
Box 1: Never - Password1 is disabled. Box 2: Only between March 1, 2019 and May 1, Password2: Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretatt
upvoted 2 times
...
tweleve
1 year, 6 months ago
In exam 13 Oct
upvoted 2 times
...
majstor86
2 years, 2 months ago
Password 1: Never (not enabled) Password 2: Always
upvoted 3 times
...
JBS
3 years, 6 months ago
Given answers are correct. For Password2, it's a use by application (not any user accessing it with Get, List etc permissions - this access has nothing to do with -NotBefore) and cannot be access out of the date range applied. https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecretattribute?view=azurermps-2.5.0 - read description of NotBefore as below, Specifies the Coordinated Universal Time (UTC) before which the secret can't be used. If you do not specify this parameter, there is no change to the current secret's NotBefore attribute.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago