Implement Azure security (20–25%) Flashcards
You are a developer of security consulting for multiple customers with solutions running in Azure.
You are currently implementing the below solutions with your customers:
* SolutionA: a line of business (LOB} application running in Azure VM Scale Sets. The application is
stateless, and the infrastructure is disposable, with the resources being recreated in every deployment.
* SolutionB: a web application developed in ASP.Net Core in Azure App Service. The application runs in
a Linux App Service Premium Plan and has autoscaling enabled. New versions of the application are
deployed to a deployment slot.
* SolutionC: a mix of function applications running in Azure Functions and a web frontend in Python in
Azure App Service. Both applications need permission to access the same Azure resources.
You plan to use managed identities to grant permission to the solutions to use other Azure resources, such
as Azure Key Vault, Azure Storage, and Azure SQL Databases.
You need to recommend when to implement user-assigned managed identities instead of system-assigned
managed identities, with the intention of simplifying the management of the application permission grant
process in Azure AD.
Which solutions are best suited to using user-assigned managed identities?
SolutionA and SolutionC
You are developing an internal website for employees to access sensitive sales data.
The website uses Microsoft Entr ID for authentication. The employee accounts use Microsoft Entra ID Free licenses.
You need to implement MFA for a group of employees. WHich 2 actions should you perform?
- Create a new conditional access policy in Microsoft Entra
- Upgrade the employee accounts to MS Entra ID P1
Your company is testing a new app in-house with key0value pairs stored in an Azure App Config service. Developers are preparing to work on bug fixes and remedial testing, and want to copy data from the Azure App Configuration service to a local JSON file.
Which command should they use?
az appconfig kv export
The developers should should use the az appconfig kv export command. This copies key-value pairs from the specified App Configuration file to a local file, such as a JSON file, or to a different App Configuration store. You could run a command string similar to the following:
az appconfig kv export --name myDevAppConfigStore --file /DevFix.json
They should not use the az appconfig kv import command. This is used to copy from one or more sources into an App Configuration file. Sources can include multiple sources, such as other App Configuration files, or JSON, YAML, or properties files.
They should not use any of the following commands:
az keyvault key import az keyvault key backup az keyvault secret
These commands are for configuring and managing Key Vault, not App Configuration files. You would use az keyvault key import to import a private key into a Key Vault. You would use az keyvault key backup to back up a private key that is downloaded to the client running the command. You would use az keyvault secret to manage Key Vault secrets, including backing up, restoring, and recovering secrets.
