An application running on an Azure Virtual Machine needs to access a third-party API using an API key. The API key must be stored securely in Azure Key Vault. You need to design a solution for the VM to retrieve the API key without storing any credentials in the VM's code or configuration files. Which TWO actions should you include in your design? (Select TWO)

Answer options:

Store the Key Vault client ID and secret in the VM's environment variables.

Enable a managed identity on the Azure Virtual Machine.

Configure a Key Vault access policy granting the VM's public IP address access.

Grant the VM's managed identity the Key Vault Secrets User role.

Use Azure AD B2C to authenticate the application.

How to approach this question

Identify the identity type for VMs and how to grant it access to Key Vault.

Full Answer

B,D

To access Key Vault without credentials, the VM must have a Managed Identity enabled. Then, that identity must be granted permission (via RBAC or Access Policy) to read secrets from the Key Vault.

Common mistakes

Attempting to use service principal secrets stored in environment variables.

Question 14 All questions Question 16

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...Medium Q02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...Hard Q03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...Hard Q04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...Easy Q05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium

View all 55 questions →