Home » Microsoft » AZ-305 » What should you include in the recommendation?
HOTSPOT
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Scenario: Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Box 1: A service principal
A service principal is a type of security principal that identifies an application or service, which is to say, a piece of code rather than a user or group. A service principal’s object ID is known as its client ID and acts like its username. The service principal’s client secret acts like its password.
Note: Authentication with Key Vault works in conjunction with Azure Active Directory (Azure AD), which is responsible for authenticating the identity of any given security principal.
A security principal is an object that represents a user, group, service, or application that’s requesting access to Azure resources. Azure assigns a unique object ID to every security principal.
Box 2: A role assignment
You can provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
How To Pass Azure AZ-305 Exam?
Microsoft Azure AZ-305 PDF dumps.
High quality AZ-305 PDF and software. VALID exam to help you pass.
|
|
How To Pass AZ-305 Exam?
Microsoft AZ-305 PDF dumps.
High quality AZ-305 pdf and software. VALID exam to help you pass.
|
|
Service principal
An access policy
Assign an access policy
In the Azure portal, navigate to the Key Vault resource.
Under Settings, select Access policies, then select Add Access Policy:
Select Access policies, selecting Add role assignment
Select the permissions you want under Certificate permissions, Key permissions, and Secret permissions. You can also select a template that contains common permission combinations:
Specifying access policy permissions
Under Select principal, choose the None selected link to open the Principal selection pane. Enter the name of the user, app or service principal in the search field, select the appropriate result, then choose Select.
Selecting the security principal for the access policy
If you’re using a managed identity for the app, search for and select the name of the app itself. (For more information on security principals, see Key Vault authentication.
Back in the Add access policy pane, select Add to save the access policy.
Adding the access policy with the security principal assigned
Back on the Access policies page, verify that your access policy is listed under Current Access Policies, then select Save. Access policies aren’t applied until you save them.
https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal