Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 20

DRAG DROP -

You have downloaded an Azure Resource Manager (ARM) template to deploy numerous virtual machines (VMs). The ARM template is based on a current VM, but must be adapted to reference an administrative password.

You need to make sure that the password cannot be stored in plain text.

You are preparing to create the necessary components to achieve your goal.

Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area.

Select and Place:

    Correct Answer:

    You can use a template that allows you to deploy a simple Windows VM by retrieving the password that is stored in a Key Vault. Therefore, the password is never put in plain text in the template parameter file.

Discussion
pakman

Key vault + access policy

jackdryan

This is correct.

jackill

I agree : key vault + access policy But please note that now the access policy is considered a legacy way to provide access to the key vault. Now you can use RBAC. See : https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal

Incredible99

This was in my exam at 10/31/2021

Madbo

The two components that should be created to achieve the goal of storing an administrative password securely are: An Azure Key Vault, which can securely store and manage cryptographic keys, certificates, and passwords. The password can be stored as a secret in the Key Vault and then accessed by the ARM template using a reference to the Key Vault. An access policy, which is used to define who has permissions to access and manage the Key Vault. This is important to ensure that only authorized users can access the password stored in the Key Vault.

kamalpur

This question is explained in below youtube video. https://www.youtube.com/watch?v=odmOZ7ZB3L8

xRiot007

If you need to store stuff securely, you should use an Azure Key Vault and store it as key-value, where the key is a string and the value can be anything. To access the keyvault data you need an Access Policy taht defines who has access to the vault.

fiahbone

Azure key vault to store the password and Access policy to make it accessible. https://learn.microsoft.com/en-us/azure/key-vault/general/basic-concepts

havoc2k7

i love it when i find simplest exact answers

Yuraq

Key Vault and Access Policy Securely Deploy Azure VM With Local Admin Password from Azure Key Vault and not in ARM Template. https://www.youtube.com/watch?v=eiI_PpCjXpA

SeregonAzDev

The question states "option", not "options". Based on the text I assume there is only one correct answer. In this case I would go with the Key Vault

LCR

This whole answers/grid situation is confusing.

D1nk8887

The question says "You need to make sure that the password cannot be stored in plain text," not how do you set it up so it's not stored in plain text.

SofiaLorean

I cleared the exam today. This question was in my exam. Thanks ET and everyone. Most of the questions from ET.

tashakori

Given answer is right

_gio_

Key vault + access policy

Aldair66

I think is B

[Removed]

Key vault + access policy

JoePerry42491

Key Vault and Access Policy per the following documentation: https://learn.microsoft.com/en-us/azure/key-vault/secrets/about-secrets https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-cli

james2033

Please tell me, Do I need keep order of answer?