You need to ensure the security policies are met.
What code do you add at line CS07 of ConfigureSSE.ps1?
A. -PermissionsToKeys create, encrypt, decrypt
B. -PermissionsToCertificates create, encrypt, decrypt
C. -PermissionsToCertificates wrapkey, unwrapkey, get
D. -PermissionsToKeys wrapkey, unwrapkey, get
Correct Answer: B
Explanation/Reference:
Explanation:
Scenario: All certificates and secrets used to secure data must be stored in Azure Key Vault.
You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToKeys specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter: decrypt, encrypt, unwrapKey, wrapKey, verify, sign, get, list, update, create, import, delete, backup, restore, recover, purge Incorrect Answers:
A, C: The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToCertificates specifies an array of certificate permissions to grant to a user or service principal. The acceptable values for this parameter: get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, recover, purge, backup, restore Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurermkeyvaultaccesspolicy05 – Implement Azure security
Microsoft AZ-204: Developing Solutions for Microsoft Azure
Free dumps for AZ-204 in PDF format also you can read online.
High quality AZ-204 PDF and software. VALID exam to help you pass.
|
|
D. -PermissionsToKeys wrapkey, unwrapkey, get
This code specifies the permissions required for keys to be “wrapkey, unwrapkey, get,” which is necessary to configure Server-Side Encryption (SSE) with customer-managed keys.
Answer is D. in the answer description mentioned this.