ExpertMedium1 markMultiple Choice
AZ-305 · Question 19 · Domain 1.4: Application Identities
You are designing an Azure Kubernetes Service (AKS) cluster. Pods need to securely access database connection strings stored in Azure Key Vault as if they were local files. What should you implement?
You are designing an Azure Kubernetes Service (AKS) cluster. Pods need to securely access database connection strings stored in Azure Key Vault as if they were local files. What should you implement?
Answer options:
A.
Azure Key Vault Provider for Secrets Store CSI Driver
B.
Kubernetes native secrets
C.
Managed Identity for the AKS cluster
D.
Azure App Configuration
How to approach this question
Identify the CSI driver used for secret management in Kubernetes.
Full Answer
A.Azure Key Vault Provider for Secrets Store CSI Driver✓ Correct
The Secrets Store CSI Driver allows AKS to mount Key Vault secrets as local volumes. Pillar: Security.
Common mistakes
Relying purely on native Kubernetes secrets which are base64 encoded.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 7
55 questions · hints · full answers · grading
More questions from this exam
Q01CASE STUDY: Contoso migrating 500 servers to Azure. RTO 2h, RPO 15m, GDPR compliance, 10Gbps Expr...HardQ02CASE STUDY: Contoso migrating 500 servers to Azure. RTO 2h, RPO 15m, GDPR compliance, 10Gbps Expr...MediumQ03CASE STUDY: Contoso migrating 500 servers to Azure. RTO 2h, RPO 15m, GDPR compliance, 10Gbps Expr...HardQ04CASE STUDY: Contoso migrating 500 servers to Azure. RTO 2h, RPO 15m, GDPR compliance, 10Gbps Expr...MediumQ05CASE STUDY: Contoso migrating 500 servers to Azure. RTO 2h, RPO 15m, GDPR compliance, 10Gbps Expr...Hard