AZ-400 Exam - Question 106

Question

HOTSPOT -You have an Azure subscription that contains the resources shown in the following table. You plan to create a linked service in DF1. The linked service will connect to SQL1 by using Microsoft SQL Server authentication. The password for the SQLServer login will be stored -in KV1. You need to configure DF1 to retrieve the password when the data factory connects to SQL1. The solution must use the principle of least privilege. How should you configure DF1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:.

Examice · Accepted Answer

Box 1: Secret -Store credential in Azure Key Vault by reference secret stored in key vault. To reference a credential stored in Azure Key Vault, you need to:1. Retrieve data factory managed identity2. Grant the managed identity access to your Azure Key Vault. In your key vault -> Access policies -> Add Access Policy, search this managed identity to grantGet permission in Secret permissions dropdown. It allows this designated factory to access secret in key vault. 3. Create a linked service pointing to your Azure Key Vault. 4. Create data store linked service, inside which reference the corresponding secret stored in key vault. Box 2: Access policy -Reference:https://docs. microsoft. com/en-us/azure/data-factory/store-credentials-in-key-vault.

surensaluka · Answer

This came today (2023-02-14) for my exam. Selected Secret and Access Policy

meoukg · Answer

saw it yesterday in my exam

zellck · Answer

1. Secret
2. Access policy

https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
A Key Vault access policy determines whether a given security principal, namely a user, application or user group, can perform different operations on Key Vault secrets, keys, and certificates. You can assign access policies using the Azure portal, the Azure CLI, or Azure PowerShell.

Rod_DA · Answer

New recommended acceess configuration to vault is now RBAC instead of access policy and there is a role to give access only to secrets so The answer should be secret and RBAC

Aqlanoz · Answer

since keyvault have rbac now, should the answer be rbac instead of access policy ?

Tyler2023 · Answer

Access Policy is a legacy authorization system built in Key Vault to provide access to keys, secrets, and certificates but there is new recommended authorization, which is RBAC, you can setup the Managed Identity of Azure Data Factory and allow the identity to access Key Vault
BUT since, in the question, they ask which permission type that you need which is Secret so you have to Access Policy instead of RBACK

Answer is Secret and Access Policy

refs:
https://learn.microsoft.com/en-us/azure/data-factory/data-factory-service-identity
https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy

ppo12 · Answer

I think correct, since password usually stored in Secret,

No need to give RBAC, access policy will do

Leandrocei · Answer

Correct. Came today 22 july 9

Govcomm · Answer

Secret
Access Policy (Data Plan)

UnknowMan · Answer

Secret (Password is stored) And Access Policy

syu31svc · Answer

"Password" so secret for permission

Access to Key Vault so Access Policy

Answer is correct

dibbadobbagibbu · Answer

RBAC is the only one than can limit access per Secret. So you could argue that Rbac is correct

xRiot007 · Answer

Answer is secret and access policy. See ref: https://tech-tutes.com/2020/05/16/get-database-password-from-key-vault-in-data-factory/

yana_b · Answer

Provided answer is correct

vsvaid · Answer

Agree with suggested answer

ozbonny · Answer

secret 
access policy

Skankhunt · Answer

It's an old question. I believe the correct answer now would be:
Secret
RBAC

AZ-400 Exam - Question 106

Discussion