Question 12 of 179 from exam AZ-204: Developing Solutions for Microsoft Azure
Question
DRAG DROP - You are developing a serverless Java application on Azure.
You create a new Azure Key Vault to work with secrets from a new Azure Functions application.
The application must meet the following requirements: -> Reference the Azure Key Vault without requiring any changes to the Java code.
-> Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events.
-> Ensure that instances are perpetually warm to avoid any cold starts.
-> Connect to a VNet.
-> Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted.
You need to grant the Azure Functions application access to the Azure Key Vault.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
/question/img0006000001.png)
Explanations
/answer/img0006100001.png)
Step 1: Create the Azure Functions app with a Consumption plan type.
Use the Consumption plan for serverless.
Step 2: Create a system-assigned managed identity for the application.
Create a system-assigned managed identity for your application.
Key Vault references currently only support system-assigned managed identities.
User-assigned identities cannot be used.
Step 3: Create an access policy in Key Vault for the application identity.
Create an access policy in Key Vault for the application identity you created earlier.
Enable the "Get" secret permission on this policy.
Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity.
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references