Challenge - 5 Problems

🎖️

Key Vault Creation Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ Architecture

intermediate

2:00remaining

Key Vault Network Access Configuration

You create an Azure Key Vault and want to restrict access to only your company's on-premises network using a firewall rule. Which configuration will correctly restrict access?

ADisable the firewall and rely on Azure Active Directory authentication only.

BEnable the firewall and add the on-premises public IP address range to the Key Vault's allowed IP addresses.

CSet the Key Vault firewall to allow access from all networks and configure access policies to restrict users.

DEnable the firewall and add the on-premises private IP address range to the Key Vault's allowed IP addresses.

Attempts:

2 left

❓ service_behavior

intermediate

2:00remaining

Key Vault Access Policy Behavior

You have a Key Vault with multiple access policies. One policy grants a user read access to secrets. Another policy denies all permissions to the same user. What will happen when the user tries to read a secret?

AThe user will have read access because allow policies are cumulative and deny policies do not exist in Key Vault.

BThe user will be denied access because deny policies override allow policies.

CThe user will have no access because conflicting policies cause an error.

DThe user will have read access only if they authenticate with a managed identity.

Attempts:

2 left

❓ Configuration

advanced

2:00remaining

ARM Template for Key Vault Creation with Soft Delete

Which ARM template snippet correctly creates an Azure Key Vault with soft delete enabled and a 90-day retention period?

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "myKeyVault",
  "properties": {
    "enablePurgeProtection": true,
    "softDeleteRetentionInDays": 90
  }
}

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "myKeyVault",
  "properties": {
    "enableSoftDelete": true
  }
}

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "myKeyVault",
  "properties": {
    "enableSoftDelete": true,
    "softDeleteRetentionInDays": 90
  }
}

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "myKeyVault",
  "properties": {
    "enableSoftDelete": false,
    "softDeleteRetentionInDays": 90
  }
}

Attempts:

2 left

❓ security

advanced

2:00remaining

Key Vault Managed Identity Access

You want an Azure VM to access secrets in a Key Vault without storing credentials in the VM. Which setup achieves this securely?

AUse a shared access signature (SAS) token to authenticate the VM to the Key Vault.

BStore the Key Vault access key as a secret in the VM's local storage and use it to authenticate.

CCreate a user-assigned managed identity and assign it to the VM, then grant it access in the Key Vault access policies.

DAssign a system-assigned managed identity to the VM and grant it access in the Key Vault access policies.

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Key Vault Soft Delete and Purge Protection Behavior

After enabling soft delete and purge protection on a Key Vault, what happens if a user deletes a secret and then attempts to permanently delete (purge) it before the retention period ends?

AThe secret is moved to a soft deleted state and cannot be purged until the retention period expires because purge protection is enabled.

BThe secret is deleted and purged immediately, but the Key Vault itself cannot be deleted.

CThe secret remains accessible and cannot be deleted while purge protection is enabled.

DThe secret is immediately and permanently deleted, bypassing soft delete due to purge protection.

Attempts:

2 left