ExpertHard1 markMultiple Choice
AZ-305 · Question 19 · Domain 1.4: Design Identities and Access for Applications
You are migrating a legacy third-party application to an Azure Virtual Machine.
The application requires an API key to access an external vendor's service. The application cannot be modified to use Azure SDKs or Managed Identities directly. You need to securely store the API key in Azure Key Vault and deliver it to the application securely.
Which TWO components should you include in your design? (Select TWO)
You are migrating a legacy third-party application to an Azure Virtual Machine.
The application requires an API key to access an external vendor's service. The application cannot be modified to use Azure SDKs or Managed Identities directly. You need to securely store the API key in Azure Key Vault and deliver it to the application securely.
Which TWO components should you include in your design? (Select TWO)
Answer options:
A.
Azure Key Vault VM Extension
B.
System-assigned Managed Identity on the VM
C.
Azure App Configuration
D.
Azure AD Application Proxy
E.
Shared Access Signature (SAS) token
How to approach this question
Legacy app = no code changes. How do we get secrets to the VM? (KV Extension). How does the VM prove who it is to Key Vault? (Managed Identity).
Full Answer
Because the legacy application cannot be modified to call Azure Key Vault APIs, you must use the Azure Key Vault Virtual Machine Extension. This extension runs in the background, authenticates to Key Vault using the VM's System-assigned Managed Identity, and automatically retrieves and refreshes secrets/certificates, placing them in the local certificate store where the legacy app can read them.
Common mistakes
Thinking the legacy app can just use a Managed Identity directly. Managed Identities provide the *token*, but the app still has to be coded to request the token and call the Key Vault API. The extension bridges this gap.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4
55 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: Tailspin Toys
Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ02CASE STUDY: Tailspin Toys
Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ03CASE STUDY: Tailspin Toys
Tailspin Toys is a global manufacturing company with 50,000 employees ...HardQ04CASE STUDY: Tailspin Toys
Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ05CASE STUDY: Tailspin Toys
Tailspin Toys is a global manufacturing company with 50,000 employees ...Hard