Home » Microsoft » DP-420 » Which three permissions should you enable in the access policy?
You plan to create an Azure Cosmos DB Core (SQL) API account that will use customer-managed keys stored in Azure Key Vault.
You need to configure an access policy in Key Vault to allow Azure Cosmos DB access to the keys.
Which three permissions should you enable in the access policy? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Wrap Key
B. Get
C. List
D. Update
E. Sign
F. Verify
G. Unwrap Key
ANSWER: A B G
Explanation:
To Configure customer-managed keys for your Azure Cosmos account with Azure Key Vault: Add an access policy to your Azure Key Vault instance:
1. From the Azure portal, go to the Azure Key Vault instance that you plan to use to host your encryption keys. Select Access Policies from the left menu:
2. Select + Add Access Policy.
3. Under the Key permissions drop-down menu, select Get, Unwrap Key, and Wrap Key permissions:
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-setup-cmk