AZ-204 Exam - Question 245

Question

You are developing several microservices to deploy to a new Azure Kubernetes Service cluster. The microservices manage data stored in Azure Cosmos DB and Azure Blob storage. The data is secured by using customer-managed keys stored in Azure Key Vault.

You must automate key rotation for all Azure Key Vault keys and allow for manual key rotation. Keys must rotate every three months. Notifications of expiring keys must be sent before key expiry.

You need to configure key rotation and enable key expiry notifications.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

To configure key rotation and enable key expiry notifications in Azure Key Vault, you should create and configure a new Azure Event Grid instance and create and configure a key rotation policy during key creation. Azure Event Grid can be used to trigger notifications when a key is about to expire, ensuring timely alerts. Additionally, setting up a key rotation policy during key creation allows for automated key rotations at specified intervals, such as every three months, meeting the requirement for both automated and manual key rotation.

abcdx · Answer

A&D for sure!
https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation

halfway · Answer

Key rotation policy and Event Grid notification

paunski7 · Answer

B & D

To configure key rotation and enable key expiry notifications for Azure Key Vault, you should perform the following two actions:

B. Configure Azure Key Vault alerts: Configure alerts for when a key is expiring, so that you can receive notifications before the key expiry. You can configure these alerts in Azure Key Vault using Azure Monitor, which sends an email or a webhook notification to a recipient or service when the key is about to expire. You can specify the notification threshold in terms of days, so you can receive alerts, for example, seven days before the key expiry.

C. Create and assign an Azure Key Vault access policy: Create and assign an access policy for your Azure Key Vault that allows your microservices to perform key rotations manually, and automated key rotations using a key rotation script. You can create and assign access policies for Azure Key Vault through the Azure portal or the Azure CLI.

These actions enable you to configure key rotation and notifications for key expiry.

130nk3r5 · Answer

B. Configure Azure Key Vault alerts. To receive notifications of expiring keys, you need to configure Azure Key Vault alerts. You can set up alerts for key expiration events, which will notify you before the key expires.

D. Create and configure a key rotation policy during key creation. To automate key rotation, you need to create and configure a key rotation policy when creating the keys in Azure Key Vault. You can set the rotation interval to three months, as required, and also allow for manual key rotation.

Ciupaz · Answer

For me, B and D for sure.

macobuzi · Answer

We can use the Key Rotation Policy in Azure Key Vault combined with Event Grid to trigger sending notification when a secret in the key vault is about to expire.
https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-tutorial

Vichu_1607 · Answer

B. Configure Azure Key Vault alerts.
D. Create and configure a key rotation policy during key creation.

kumdoboy1102 · Answer

Key Vault is integrated Event Grid already, so there is no need to create an additional Event Grid instance.

nekkilodeon · Answer

B & C are correct
Alerts for notifications and Access policies for storage acess to existing keys

Mattt · Answer

B&D are correct

Iaminall · Answer

B AND D

AZ-204 Exam - Question 245

Discussion