Developing Microsoft Azure and Web Services — Question 75

You are deploying an ASP.NET Core API application to an Azure App Services Docker container instance.
When customers access the application, secret keys are generated so that users can access to the data that they need. Security keys must expire after one hour.
All key usage must be logged.
You need to store the customer secret keys.
Which storage option should you use?
Each correct selection is worth one point.
NOTE:

Answer options

• A. Encrypted in Azure SQL with a manual audit trail and a key rotation algorithm
• B. Environment variables with an audit trail stored in Azure Blob Storage
• C. Inside the Docker container using system logs for auditing
• D. Azure Key Vault with key rotation and auditing

Correct answer: D

Explanation

The correct answer is D because Azure Key Vault is specifically designed for securely storing and managing sensitive information like secret keys, and it provides built-in key rotation and auditing features. Options A and B are not ideal since they lack the comprehensive security and management capabilities of Azure Key Vault. Option C is insecure as it involves storing sensitive information within the Docker container, which could lead to exposure.