Configure Azure Key Vault for Recovery
Question
You are developing an application to transfer data between on-premises file servers and Azure Blob storage.
The application stores keys, secrets, and certificates in Azure Key Vault and makes use of the Azure Key Vault APIs.
You want to configure the application to allow recovery of an accidental deletion of the key vault or key vault objects for 90 days after deletion.
What should you do?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: <map><m x1="13" x2="172" y1="117" y2="140" ss="0" a="0" /><m x1="272" x2="432" y1="138" y2="162" ss="0" a="0" /></map>
When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default)
The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.
Purge protection is an optional Key Vault behavior and is not enabled by default.
Purge protection can only be enabled once soft-delete is enabled.
When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed.
Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed.
The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal.
Once the retention policy interval is set and saved it cannot be changed for that vault.
https://docs.microsoft.com/en-us/azure/key-vault/general/overview-soft-deleteThe Web App provides services and must run in multiple regions.
You want to be notified whenever the Web App uses more than 85 percent of the available CPU cores over a 5 minute period.
Your solution must minimize costs.
Which command should you use? To answer, select the appropriate settings to the answer area.
NOTE: Each correct selection is worth one point.
![Answer Area
az monitor metrics alert create -n myAlert-g myResourceGroup
--scopes targetResourcelD -—-condition “| v
=] Sm ‘CPU Usage
window size Percentage CPU
--evaluation-frequency avg Percentage CPU
~auto-mitigate
>3s"](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Developing-Solutions-for-Microsoft-Azure-(AZ-204)/answer/img0047900001.png)
/answer/img0047900002.png)
The correct answer is B. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI.
Explanation: To configure an Azure Key Vault to allow recovery of deleted vaults or objects, you need to enable soft delete and purge protection.
Soft delete is a feature that allows you to recover a deleted Key Vault or its objects from the backup for a period of time, without the need to restore from a backup. By default, soft delete is disabled in Azure Key Vault.
Purge protection is a feature that protects Key Vault or its objects from being purged permanently, even if soft delete is enabled. This feature allows for recovery of the deleted object beyond the soft delete retention period. Purge protection is also disabled by default.
To enable soft delete and purge protection, you can use the Azure CLI command "az keyvault update" with the following options:
--enable-soft-delete true: This option enables soft delete for the Key Vault.
--enable-purge-protection true: This option enables purge protection for the Key Vault.
Therefore, option B is the correct answer.
Option A (Run the Add-AzKeyVaultKey cmdlet) is not relevant to this scenario. This cmdlet is used to add a new key to a Key Vault.
Option C (Implement virtual network service endpoints for Azure Key Vault) is a best practice for securing access to Azure Key Vault from a virtual network. However, it does not relate to the scenario described in the question.
Option D (Run the az keyvault update --enable-soft-delete false CLI) would disable the soft delete feature, which is not what the scenario requires.
