Question 1

You are migrating a legacy third-party application to an Azure Virtual Machine.

The application requires an API key to access an external vendor's service. The application cannot be modified to use Azure SDKs or Managed Identities directly. You need to securely store the API key in Azure Key Vault and deliver it to the application securely.

Which TWO components should you include in your design? (Select TWO)

Accepted Answer

Legacy app = no code changes. How do we get secrets to the VM? (KV Extension). How does the VM prove who it is to Key Vault? (Managed Identity).

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Thinking the legacy app can just use a Managed Identity directly. Managed Identities provide the *token*, but the app still has to be coded to request the token and call the Key Vault API. The extension bridges this gap.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

More questions from this exam