Which three actions should you perform?

You are deploying a server application that will run on a Server Core installation of Windows Server 2019.

You create an Azure key vault and a secret.

You need to use the key vault to secure API secrets for third-party integrations.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

D18912E1457D5D1DDCBD40AB3BF70D5D
A . Configure RBAC for the key vault.
B . Modify the application to access the key vault.
C . Configure a Key Vault access policy.
D . Deploy an Azure Desired State Configuration (DSC) extension.
E . Deploy a virtual machine that uses a system-assigned managed identity.

View Answer

Answer: B,C,E

Explanation:

BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.

✑ Select Add Access Policy.

✑ Open Secret permissions and provide the app with Get and List permissions.

✑ Select Select principal and select the registered app by name. Select the Select

button.

✑ Select OK.

✑ Select Save.

✑ Deploy the app.

References:

https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration

https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-virtual-machine