ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 24 discussion

Actual exam question from Microsoft's AZ-305
Question #: 24
Topic #: 1
[All AZ-305 Questions]

HOTSPOT -
You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store the settings of the web app as secrets in an Azure key vault. The solution must meet the following requirements:
✑ Minimize changes to the app code.
✑ Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Key Vault references in Application settings
Source Application Settings from Key Vault.
Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.
To use a Key Vault reference for an app setting, set the reference as the value of the setting. Your app can reference the secret through its key as normal. No code changes are required.

Box 2: Secrets: Get -
In order to read secrets from Key Vault, you need to have a vault created and give your app permission to access it.
1. Create a key vault by following the Key Vault quickstart.
2. Create a managed identity for your application.
3. Key Vault references will use the app's system assigned identity by default, but you can specify a user-assigned identity.
4. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
by niravkanakhara at Sept. 19, 2022, 6 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zellck
Highly Voted 2 years, 4 months ago
1. Key Vault references in Application settings. 2. Secrets: Get https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#source-application-settings-from-key-vault Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault. To use a Key Vault reference for an app setting, set the reference as the value of the setting. Your app can reference the secret through its key as normal. No code changes are required. https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#granting-your-app-access-to-key-vault Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy. Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity.
upvoted 28 times
...
GarryK
Highly Voted 2 years, 4 months ago
Correct https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy. Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.
upvoted 9 times
...
[Removed]
Most Recent 7 months, 3 weeks ago
CORRECT
upvoted 1 times
...
23169fd
1 year ago
The given answer is correct. Key Vault references in Application settings. All other option requires code changes. Get permission: The principle of least privilege means granting only the permissions necessary for the task. In this case, the application needs to retrieve secrets from Key Vault, so the Get permission is sufficient
upvoted 1 times
...
phinixferb
1 year, 8 months ago
Correct
upvoted 2 times
...
Klalslsls
1 year, 8 months ago
We are looking for a solution to STORE the settings of the web app as secrets in an Azure key vault. So the answer should be SET and not GET.
upvoted 1 times
TJ001
1 year, 5 months ago
it does not make sense to just SET and cant GET
upvoted 1 times
...
...
InvalidNickname
1 year, 10 months ago
Got this on Aug 5th, 2023.
upvoted 4 times
...
OPT_001122
2 years, 5 months ago
Key Vault references in Application settings Secrets:GET
upvoted 3 times
...
VBK8579
2 years, 5 months ago
Key Vault references in Application settings and secrets: List and Get is the best key vault integration method and key vault permissions for managed identity. per ChatGPT
upvoted 1 times
AdventureChick
1 year, 10 months ago
ChatGPT apparently doesn't understand the concept of "least privilege". List gives the user access list all the keys in the vault. The user only needs access to the specific key, so you shouldn't include List privileges.
upvoted 1 times
...
...
adamp54
2 years, 8 months ago
Explanation how to configure Application settings: https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal#configure-app-settings https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli "Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault. To use a Key Vault reference for an app setting, set the reference as the value of the setting."
upvoted 3 times
...
niravkanakhara
2 years, 9 months ago
.Net core has appsettting.json only to store application settinggs or configuration data. Not sure what is application setting ?
upvoted 4 times
ElectricPants
2 years, 9 months ago
Maybe app settings == App Configuration? Then it makes sense because you dont need to redeploy the app to change variables
upvoted 2 times
...
r3verse
2 years, 7 months ago
Application settings are referred to as app settings here: https://learn.microsoft.com/en-us/azure/app-service/reference-app-settings?tabs=kudu%2Cdotnet. They are just the settings you can set for an app, directly in the Azure resource, without going into an actual appsettings.json file.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel