Topic 1
Question #10
You are developing an e-Commerce Web App.
You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and
Azure Active
Directory (AAD).
What should you do on the e-Commerce Web App?
A. Run the az keyvault secret command.
B. Enable Azure AD Connect.
C. Enable Managed Service Identity (MSI).
D. Create an Azure AD service principal.
Correct Answer:
C
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/samples/azure-
samples/app-service-msi-keyvault-dotnet/keyvault-msi-appservice-sample/
ZodiaC
Highly Voted
1year, 4months ago
100% Correct
upvoted 10 times
Molte
11months, 1week ago
Why C and not D?
upvoted 2 times
chingdm
9months, 1week ago
"Azure Key Vault provides a way to store credentials and other secrets with increased security. But your code needs to authenticate to Key
Vault to retrieve them. Managed identities for Azure resources help to solve this problem by giving Azure services an automatically managed
identity in Azure Active Directory (Azure AD). You can use this identity to authenticate to any service that supports Azure AD authentication,
including Key Vault, without having to display credentials in your code."
https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
upvoted 2 times
ucsdmiami2020
1year ago
Agreed C. Quoting the provided Microsoft docs URL references,
" Managed identities for Azure resources allow for giving Azure services an automatically managed identitfy in Azure Active Directory (Azure
AD).
upvoted 3 times
OPT_001122
Most Recent
1week, 1day ago
Selected Answer: C
C. Enable Managed Service Identity (MSI).
upvoted 2 times
KingChuang
1day, 12hours ago
While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide
an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active
Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any
credentials.
Ref:https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
upvoted 1 times
ericci
3weeks, 2days ago
Selected Answer: A
I think the right answer is A: https://learn.microsoft.com/en-us/azure/data-factory/v1/data-factory-on-premises-mongodb-connector
upvoted 1 times
sca88
2months ago
C is better than D, because thanks to ManageIdentity, your code can forget to store keys, so is better solution than Service Principal
upvoted 1 times
Community vote distribution