ExpertMinds LogoExpertMinds
Easy1 markMultiple Choice
Domain 1.4: Application IdentitiesDomain 1Application IdentitiesKey VaultApp Service

AZ-305 · Question 15 · Domain 1.4: Application Identities

A web application hosted on Azure App Service requires access to a third-party API. The API key must be stored securely and must not be visible in the application code or App Service configuration settings.

You decide to store the API key in Azure Key Vault.

Which TWO steps must you perform to allow the App Service to retrieve the API key securely without managing credentials? (Select TWO)

Answer options:

A.

Enable a managed identity on the Azure App Service.

B.

Store the Key Vault client secret in the App Service application settings.

C.

Grant the managed identity 'Key Vault Secrets User' role (or access policy) on the Key Vault.

D.

Configure a Private Endpoint for the Key Vault.

E.

Register a new application in Microsoft Entra ID and generate a certificate.

How to approach this question

Identify the two parts of secure access: Authentication (Identity) and Authorization (RBAC/Access Policy).

Full Answer

To securely access Key Vault without managing credentials, you first enable a Managed Identity (System-assigned or User-assigned) on the App Service. This handles the authentication. Second, you must authorize that identity by granting it the appropriate RBAC role (e.g., Key Vault Secrets User) or an Access Policy on the Key Vault.

Common mistakes

Thinking that enabling the identity automatically grants it access to resources. Authorization is always a separate, required step.
14All questions16

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard
View all 55 questions →