7: Implement secure Azure solutions

Questions and Answers

What types of containers does Azure Key Vault service support?

• Vaults and software containers
• Software and hardware containers
• HSM pools and software keys
• Vaults and managed HSM pools (correct)

What does the Premium tier of Azure Key Vault include?

• Management of public and private keys
• Hardware security module(HSM)-protected keys (correct)
• Software keys only
• SSL/TLS certificates

What kind of information can be securely stored in Azure Key Vault?

• User profiles and preferences
• Public and private keys
• Tokens, passwords, certificates, API keys, and other secrets (correct)
• Application code and scripts

How does centralizing storage of application secrets in Azure Key Vault benefit applications?

It allows control of their distribution and secure access using URIs (C)

What is used for authentication when accessing a key vault?

Microsoft Entra ID (A)

When is Azure RBAC used in relation to key vaults?

Dealing with the management of the vaults (D)

How can Azure Key Vault logs be managed?

Logs can be secured by restricting access and deleted when no longer needed (D)

What does the Azure Key Vault Premium tier provide for hardware protection?

Hardware security modules (HSMs) (C)

How is authentication done for accessing a key vault?

Via Microsoft Entra ID (B)

When is Azure RBAC used in relation to key vaults?

For management of the vaults (D)

How can Azure Key Vaults be configured to simplify administration of application secrets?

By ensuring security information follows a life cycle and is highly available (C)

What is used to hardware-protect Azure Key Vaults in the Premium tier?

Hardware security modules (HSMs) (C)

What is a secret in the context of Azure Key Vault?

API keys, passwords, or certificates (A)

How many ways are there to authenticate to Azure Key Vault?

Three (D)

What does Azure Key Vault enforce to protect data in transit?

Transport Layer Security (TLS) protocol (A)

What does Perfect Forward Secrecy (PFS) protect connections with?

Unique keys (D)

What encryption key lengths are used for connections to Azure Key Vault?

RSA-based 2,048-bit (B)

What is the main purpose of Azure Key Vault?

Securely storing and accessing secrets (A)

What is a vault in the context of Azure Key Vault?

Logical group of secrets (A)

What is the recommended practice for using Azure Key Vault with different environments?

Create a separate vault for each application in each environment (C)

How should access to Azure Key Vaults be controlled?

Allow only authorized applications and users (C)

What is the recommended action for guarding against force deletion of a secret in Azure Key Vault?

Turn on soft-delete and purge protection (C)