Secure Cloud Solutions

Question 1

GRAPH

What is Microsoft Graph?

Answer 1

Is a gateway to data and intelligence in Microsoft 465, Windows 10 and Enterprise Mobility + Security

Question 2

GRAPH

What apps does Graph work with?

Answer 2

(1) Office 365
(2) Excel
(3) Windows 10
(4) Calendar
(5) Enterprise Mobility + Security
(6) Mail

Question 3

GRAPH

Features of Graph?

Answer 3

(1) Provides an unified programming model that you can use to access data in various apps
(2) Single End Point (https://graph.microsoft.com)
(3) Use REST API’s or SDK’s

Question 4

Azure Key Vault

What components are in Azure Key Vault

Answer 4

(1) Keys
(2) Secrets
(3) Certificates

Question 5

Azure Key Vault

Pricing Tiers

Answer 5

Standard and Premium

Premier contains Standard + HSM-protected

Question 6

Azure Key Vault

PowerShell command to create an Key Vault

Answer 6

New-AzKeyVault
-VaultName $name
-ResourceGroupName $rgname
-Location $location

Question 7

Azure Key Vault

Az Command to create a Secret in Key Vault

Answer 7

az keyvault secret
–name $name
[–description
–disabled
–encoding
–expires
–file
–not-before
–subscription
–tags
–value]

Question 8

Azure Key Vault

Az Command to create a Key Vault

Answer 8

az keyvault create
–name
–resource-group
–location

Question 9

Azure Key Vault

Authentication types for Azure Key Vault

Answer 9

(1) Use Azure AD App Registration
(2) Use Managed Identity
(3) Use Key Vault References

Question 10

Azure Key Vault

What is the recommend option for Azure Key Vault

Answer 10

Managed Identity

Question 11

Azure Key Vault

What is recommended option for Azure Key Vault for App Functions and App Services

Answer 11

Use Key Vault References

Question 12

Azure Key Vault

What is the steps to assign Manage Identity

Answer 12

(1) After creating an App Service, click on “Identity” link and get the system system assigned identity (ObjectId)
(2) In Azure Key Vault, “Add Access Policy” and select the principal
(select the secret permissions)

Question 13

Azure Key Vault

Describe a basic C# application to retrieve a secret

Answer 13

using Azure.Security.KeyVault.Secrets;

string url = “https://myvault.vault.azure.net;

SecretClient client = new SecretClient(new Uri(url), new DefaultAzureCredential());

string secret = client.GetSecretAsync(“secretmessage”).Result.Value;

Question 14

Azure Key Vault

Accessing a secret in App Settings

Answer 14

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecrets/ec944ffg3992iff2)

Question 15

Azure Key Vault

Steps to migrate app configurations to Key Vault

Answer 15

(1) Move configuration to Key Vault
(2) Create a system assigned identity for your app
(3) Update the configuration values with the KV reference syntax
(4) Deploy your App Service or Azure Function
(5) Give Get KV Secrets access to the app identity
(6) Verify app functionality

Question 16

Important (WILL BE ON EXAM)

Question 17

Information - Objects for Exam

Question 18

Azure Key Vault

What is soft-delete?

Answer 18

Allows recovery of the defaulted vautls and key value objects such as keys, secrets, and certificates

Is enabled by default

Recoverable within retention period 7 - 90 days

To finally delete, use the PURGE operation

Can use Portal, Azure CLI, ARM, and PowerShell commands to enable soft deletes and purge protection

Question 19

The NUGET packages used for Key Vault

Answer 19

(1) Azure.Security.KeyVault.Keys
(2) Azure.Security.KeyVault.Secrets
(3) Azure.Security.KeyVault.Certificates

Probably need to add Azure.Identity as well

Question 20

Azure Key Vault

C# Example to get a key type

Answer 20

var uri = “https://myvault.vault.azure.net”;
var client = new KeyClient(new Uri(uri), new DefaultAzureCredential());
var key = client.GetKeyAsync(“mykey”).Result;
Console.WriteLine($”Key = {key.Value.KeyType}”);

Question 21

Information

May want to better understand Service Principals vs. Managed Identity