Home › Azure AZ-500 › cloudcomputing › az500defendersentinel › Which Azure feature should a security engineer u…
Which Azure feature should a security engineer use to BACK UP Key Vault keys + secrets + certificates with the option to restore them in a different Key Vault if the source is destroyed?
AManual screenshots of the secret values
BAzure DNS
CDisabling soft delete
DKey Vault soft delete + purge protection + Key Vault backup/restore APIs
Answer & Solution
Correct answer: D. Key Vault soft delete + purge protection + Key Vault backup/restore APIs
Key Vault soft delete + purge protection + backup/restore APIs is the canonical resilience pattern (per AZ-500 §4 Key Vault backup). The other options are insecure.
Related questions
Which Azure Key Vault network setting should a security engineer enable to restrict accessWhich Azure governance service should a security engineer use to define and assign policieWhich Microsoft Sentinel feature lets a security engineer automatically respond to incidenWhich Microsoft Sentinel feature lets a security engineer define KQL queries that automatiWhich Microsoft Sentinel feature lets a security engineer ingest data from Azure / MicrosoWhich Microsoft service is Azure's cloud-native SIEM + SOAR — ingesting logs from many souWhich Microsoft Defender for Cloud feature lets a security engineer connect AWS / GCP enviWhich Microsoft Defender for Cloud plan should a security engineer enable to detect SQL in