Learn how Azure Key Vault encrypts administrative credentials during server deployment to Azure. Essential knowledge for the AZ-900 certification exam.
Table of Contents
Question
Your company plans to automate the deployment of servers to Azure.
Your manager is concerned that you may expose administrative credentials during the deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.
What should you include in the recommendation?
A. Azure Key Vault
B. Azure Information Protection
C. Azure Security Center
D. Azure Multi-Factor Authentication (MFA)
Answer
A. Azure Key Vault
Explanation
Azure Key Vault is a secure store for storage various types of sensitive information. In this question, we would store the administrative credentials in the Key Vault.
With this solution, there is no need to store the administrative credentials as plain text in the deployment scripts.
All information stored in the Key Vault is encrypted.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are
Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.
Azure Key Vault is the recommended solution for securely storing and managing sensitive information like encryption keys, passwords, certificates, and other secrets used by cloud apps and services.
When automating the deployment of servers to Azure, you can use Key Vault to encrypt and securely store the administrative credentials required during the process. This ensures the credentials are never exposed in plain text.
Key Vault provides the following key benefits relevant to the scenario:
- Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs).
- Tight access control and monitoring through Azure Active Directory and Key Vault’s own access policies.
- Convenient integration with other Azure services for easier credential management during deployment and runtime.
- Centralized administration of keys and secrets across multiple applications, services and environments.
So in summary, by leveraging Azure Key Vault to encrypt administrative credentials during an automated server deployment, you can comprehensively address your manager’s security concerns. The other options like Azure Information Protection, Security Center, and MFA are useful security tools but not the most applicable to solving this specific challenge.
Microsoft AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-900 exam and earn Microsoft AZ-900 certification.