Exam SC-100 topic 3 question 4 discussion

wrong one, I would select - Key Vault for box1 and for box 2 is Private Link

Data Security : Access Keys stored in Azure Key Vault Network access control : Azure Private Link with network service tags

access keys stored.. azure private link appear to be the correct response

Data security: Access keys stored in Azure Key Vault: This ensures that sensitive keys are securely stored and managed, reducing the risk of unauthorized access. Network access control: Azure Private Link with network service tags: This provides secure and private connectivity to Azure services, ensuring that data transfer occurs over a private network rather than the public internet.

• Data safety: Lock keys in Key Vault, network isolation with Private Link & service tags for secured Azure Data Lake Gen2 copy via Automation runbook. • Network control: Private Link & service tags shield your Azure Data Lake Gen2 copy process from the public internet for enhanced security.

App GW with WAF cant play a role because it applies to client facing which is not the ASK in the question.

in exam Nov 23, Agree with Alex

Box1:Key Vault Box2:Private Link

Have we managed to figure out the correct answer? Data: Azure key vault Network: Private link with service tags. I have my doubts if service tags are supported by azure private links.

A & C - Secure the assets in Azure Automation including credentials, certificates, connections and encrypted variables. These assets are protected in Azure Automation using multiple levels of encryption. By default, data is encrypted with Microsoft-managed keys. For additional control over encryption keys, you can supply customer-managed keys to use for encryption of Automation assets. These keys must be present in Azure Key Vault for Automation service to be able to access the keys. Use Azure Private Link to securely connect Hybrid runbook workers to Azure Automation. Azure Private Endpoint is a network interface that connects you privately and securely to a an Azure Automation service powered by Azure Private Link. Private Endpoint uses a private IP address from your Virtual Network (VNet), to effectively bring the Automation service into your VNet. https://learn.microsoft.com/en-us/azure/automation/automation-security-guidelines

Hey all, Lets exclude the nonsensical options first: Automation Contributor role is the RBAC role for working with the Automation service, "design-time" if you will, and hence has nothing to do with securing data run-time. Private link with network service tags is nonse for N/W security. There is no such thing. Network service tags is used in NSGs and firewall rules. Hence, even though these options seem strange as well but in theory relevant: Data Security: Key vault N/W Security: App GW with WAF

Box1: Key Vault Box2: Private Link

Azure Automation Run As Account will retire on September 30, 2023 and will be replaced with Managed Identities. Before that date, you'll need to start migrating your runbooks to use managed identities. For more information, see migrating from an existing Run As accounts to managed identity to start migrating the runbooks from Run As account to managed identities before 30 September 2023.

Data Security : Access Keys stored in Azure Key Vault Network access control : Azure Private Link with network service tags https://learn.microsoft.com/en-us/azure/automation/automation-security-guidelines

None of the answers provided is a good answer. They are fragmentary or just wrong. Key Vault with access keys is a bad answer because using shared access keys is only recommended if a service accessing the storage cannot use a managed identity or a certificate to authenticate. "Azure Private Link with network service tags" doesn't mean anything. Network Service Tags can be used in NSG rules, and in routing rules, if either were specified, but they aren't.

Data Security : Access Keys stored in Azure Key Vault Network access control : Azure Private Link with network service tags

https://learn.microsoft.com/en-us/azure/automation/automation-security-guidelines