Microsoft Cybersecurity Architect — Question 28

You have an Azure subscription.

You plan to deploy enterprise-scale landing zones based on the Microsoft Cloud Adoption Framework for Azure. The deployment will include a single-platform landing zone for all shared services and three application landing zones that will each host a different Azure application.

You need to recommend which resource to deploy to each landing zone. The solution must meet the Cloud Adoption Framework best-practice recommendations for enterprise-scale landing zones.

What should you recommend?

Answer options

• A. an Azure firewall
• B. an Azure virtual network gateway
• C. an Azure Private DNS zone
• D. an Azure key vault

Correct answer: D

Explanation

The correct answer is D, an Azure key vault, as it is essential for securely storing and managing sensitive information like encryption keys and secrets required by applications. The other options, while valuable resources, do not align as closely with the recommended practices for enterprise-scale landing zones, focusing more on network and DNS management rather than security for applications.