ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.4: Application IdentitiesDomain 1API ManagementKey VaultManaged Identity

AZ-305 · Question 15 · Domain 1.4: Application Identities

You are designing an API architecture using Azure API Management (APIM). The backend APIs require a shared access key for authentication.

To meet security compliance, the shared access key must be stored in Azure Key Vault and rotated every 30 days. APIM must automatically use the latest version of the key without requiring manual configuration updates or APIM downtime.

Which TWO actions must you perform to achieve this? (Select TWO)

Answer options:

A.

Enable a Managed Identity on the APIM instance and grant it Key Vault Secrets User role.

B.

Reference the Key Vault secret in APIM using a Named Value without specifying the secret version.

C.

Reference the Key Vault secret in APIM using a Named Value and explicitly specify the latest secret version.

D.

Configure an Azure Event Grid subscription to trigger an APIM restart when the Key Vault secret changes.

E.

Store the shared access key directly in APIM as a secure Named Value.

How to approach this question

Determine how APIM authenticates to Key Vault and how to configure the secret reference to auto-update.

Full Answer

Enable a Managed Identity on the APIM instance and grant it Key Vault Secrets User role., Reference the Key Vault secret in APIM using a Named Value without specifying the secret version.
To integrate APIM with Key Vault securely, you enable a Managed Identity on APIM and grant it access to the Key Vault. To ensure APIM automatically picks up rotated keys without manual intervention, you create a 'Named Value' in APIM that references the Key Vault secret URI *without* including the version GUID. APIM periodically polls Key Vault and automatically updates to the latest version.

Common mistakes

Including the secret version in the URI. This is a common mistake that breaks auto-rotation.
14All questions16

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel. The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...Hard
View all 55 questions →