Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
Your organization is planning to enhance its cybersecurity posture by implementing a robust solution for managing secrets, keys, and certificates across its Azure environment. The solution must comply with industry standards, ensure high availability, and support automated rotation and expiration policies. Additionally, the organization aims to minimize operational overhead and avoid practices that could introduce security vulnerabilities. Considering these requirements, which of the following practices should be strictly avoided when designing this solution? (Choose one option)
A
Utilizing Azure Key Vault for centralized management of secrets, keys, and certificates, leveraging its access controls, auditing capabilities, and integration with Azure services.
B
Adopting a decentralized approach where each development team manages their own secrets, keys, and certificates using local storage solutions without centralized access controls or auditing.
C
Implementing automated rotation and expiration policies for all secrets, keys, and certificates to ensure they are regularly updated and invalidated when no longer needed.
D
Allowing individual team members to store and manage secrets, keys, and certificates in personal repositories or unsecured locations without any organizational oversight or controls.