Free Actual Microsoft Azure AZ-204 Actual Exam Questions - Question 10 Discussion
Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys
into Vault1.
You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be
stored in code.
What should you do?
It’s C because managed identities let App1 authenticate to Vault1 without any credentials in the code, plus Azure handles the token rotation automatically. D adds complexity with cert management, which isn’t as smooth.
Makes sense that managed identity (C) is the way to go here since it gives the app access without any secrets in the code. Plus, it works smoothly with Key Vault's built-in rotation. Option A only handles access permissions but not automatic rotation, so that’s out. D seems overkill and more manual, while B doesn’t relate to key vault access at all. So C feels like the cleanest, most secure choice.
C, managed identity handles access and avoids storing secrets in the app code.
Option A doesn’t solve the rotation part, just access control. Option C is better since managed identity removes the need to store credentials anywhere and works seamlessly with Key Vault’s rotation features.
C/D? Managed identity fits no secrets in code, but cert rotation might need D.
A imo doesn’t fit because custom RBAC roles are about permissions, not automatic credential rotation. B is off since TLS/SSL bindings are about securing app endpoints, not key vault access. D seems complicated and still involves managing certificates manually. C covers secure, code-free access, and managed identities work well with Key Vault’s auto-rotation features anyway.
Probably C since managed identity lets App1 access Vault1 without storing credentials.
C