Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
You are designing a solution for Contoso's global e-commerce platform hosted in Microsoft Azure. The platform must store application secrets and customer data-encryption keys in a service that
is validated to FIPS 140-2 Level 3 security standards,
offers automatic key rotation and versioning,
integrates with Azure role-based access control (Azure RBAC), and
provides built-in geo-redundant availability across Azure regions without requiring on-premises HSM devices.
Which Azure service should you recommend to meet all of these requirements?
Azure Managed HSM
Azure Key Vault Premium tier
Azure Dedicated HSM
Azure App Configuration with customer-managed keys
Azure Managed HSM is a fully managed cloud-based hardware security module service that is validated to FIPS 140-2 Level 3, the highest level available for Azure key-management services. Managed HSM supports automatic key rotation and maintains previous key versions for recovery. Access is controlled through Azure RBAC rather than separate key vault policies, simplifying authorization. Managed HSM instances can be provisioned in a clustered, geo-redundant configuration, eliminating any need for customer-owned HSM appliances.
Azure Key Vault Premium uses HSM-backed keys but is validated only to FIPS 140-2 Level 2, so it fails the Level 3 requirement. Azure Dedicated HSM meets Level 3 but requires customers to deploy and manage the physical devices in Azure datacenters and does not natively integrate with Azure RBAC or provide automatic key rotation. Azure App Configuration is for configuration data, not for storing encryption keys or certificates and lacks FIPS 140-2 certification. Therefore, Azure Managed HSM is the only option that satisfies every stated requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 140-2 Level 3 certification?
Open an interactive chat with Bash
How does Azure Managed HSM achieve geo-redundant availability?
Open an interactive chat with Bash
What is automatic key rotation in Azure Managed HSM?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .