7: Implement secure Azure solutions

Questions and Answers

What types of containers does Azure Key Vault service support?

Vaults and software containers

Software and hardware containers

HSM pools and software keys

Vaults and managed HSM pools (correct)

What does the Premium tier of Azure Key Vault include?

Management of public and private keys

Hardware security module(HSM)-protected keys (correct)

Software keys only

SSL/TLS certificates

What kind of information can be securely stored in Azure Key Vault?

User profiles and preferences

Public and private keys

Tokens, passwords, certificates, API keys, and other secrets (correct)

Application code and scripts

How does centralizing storage of application secrets in Azure Key Vault benefit applications?

It allows control of their distribution and secure access using URIs

What is used for authentication when accessing a key vault?

Microsoft Entra ID

When is Azure RBAC used in relation to key vaults?

Dealing with the management of the vaults

How can Azure Key Vault logs be managed?

Logs can be secured by restricting access and deleted when no longer needed

What does the Azure Key Vault Premium tier provide for hardware protection?

Hardware security modules (HSMs)

How is authentication done for accessing a key vault?

Via Microsoft Entra ID

When is Azure RBAC used in relation to key vaults?

For management of the vaults

How can Azure Key Vaults be configured to simplify administration of application secrets?

By ensuring security information follows a life cycle and is highly available

What is used to hardware-protect Azure Key Vaults in the Premium tier?

Hardware security modules (HSMs)

What is a secret in the context of Azure Key Vault?

API keys, passwords, or certificates

How many ways are there to authenticate to Azure Key Vault?

Three

What does Azure Key Vault enforce to protect data in transit?

Transport Layer Security (TLS) protocol

What does Perfect Forward Secrecy (PFS) protect connections with?

Unique keys

What encryption key lengths are used for connections to Azure Key Vault?

RSA-based 2,048-bit

What is the main purpose of Azure Key Vault?

Securely storing and accessing secrets

What is a vault in the context of Azure Key Vault?

Logical group of secrets

What is the recommended practice for using Azure Key Vault with different environments?

Create a separate vault for each application in each environment

How should access to Azure Key Vaults be controlled?

Allow only authorized applications and users

What is the recommended action for guarding against force deletion of a secret in Azure Key Vault?

Turn on soft-delete and purge protection