Domain 1.4: Application Identities

You are designing an application architecture where an application running on an Azure Virtual Machine needs to retrieve database connection strings securely from Azure Key Vault. The security team mandates that no credentials or secrets used to authenticate to the Key Vault can be stored in the VM's code or configuration files. The identity used must be tied to the lifecycle of the VM. Which identity solution should you use?

You are designing an API architecture using Azure API Management (APIM). The backend APIs require a shared access key for authentication. To meet security compliance, the shared access key must be stored in Azure Key Vault and rotated every 30 days. APIM must automatically use the latest version of the key without requiring manual configuration updates or APIM downtime. Which TWO actions must you perform to achieve this? (Select TWO)

You are designing an application architecture that uses an Azure Virtual Machine Scale Set (VMSS) with 10 instances. The application needs to authenticate to Azure Key Vault to retrieve database connection strings. To adhere to security best practices, you want to use Managed Identities. You need to ensure that if the VMSS scales out to 20 instances, the new instances immediately have access to the Key Vault without any manual role assignments or script executions. Which type of identity should you recommend?

A web application hosted on Azure App Service requires access to a third-party API. The API key must be stored securely and must not be visible in the application code or App Service configuration settings. You decide to store the API key in Azure Key Vault. Which TWO steps must you perform to allow the App Service to retrieve the API key securely without managing credentials? (Select TWO)

You are designing an application hosted on an Azure Virtual Machine Scale Set (VMSS) that scales dynamically between 5 and 50 instances based on CPU load. The application needs to authenticate to an Azure SQL Database and an Azure Key Vault. You want to use Managed Identities to avoid storing credentials in code. Which type of managed identity should you recommend to minimize administrative overhead and ensure seamless scaling?

You are designing the security architecture for an Azure App Service web application. The application needs to retrieve database connection strings stored securely in an Azure Key Vault. You must adhere to the principle of least privilege. The web app must only be able to read secrets, not certificates or keys. You want to use the modern Azure RBAC permission model for Key Vault rather than legacy Access Policies. Which TWO steps must you perform? (Select TWO)

You are designing an architecture where an Azure App Service web app needs to securely access an Azure SQL Database. You want to eliminate the need for developers to manage credentials or connection strings. The identity used for access must be tied to the lifecycle of the App Service and deleted automatically if the App Service is deleted. What should you use?

An application running on an Azure Virtual Machine needs to access a third-party API using an API key. The API key must be stored securely in Azure Key Vault. You need to design a solution for the VM to retrieve the API key without storing any credentials in the VM's code or configuration files. Which TWO actions should you include in your design? (Select TWO)

An application running on an Azure VM needs to retrieve secrets from Azure Key Vault. You want to avoid storing credentials in the application code. The identity should be tied to the lifecycle of the VM. What should you use?

You are designing an Azure Kubernetes Service (AKS) cluster. Pods need to securely access database connection strings stored in Azure Key Vault as if they were local files. What should you implement?