Microsoft Azure Solutions Architect Expert AZ-305 Practice Question
Your company operates 20 containerized microservices running on multiple Azure Kubernetes Service (AKS) clusters and Azure App Service instances across three regions. Each microservice relies on dozens of environment-specific settings and several feature flags that must be toggled gradually during rollouts without redeploying the services. You need a centrally managed solution that provides RBAC-controlled access, auditing of changes, automatic client-side caching with event-based refresh, and secure storage of connection strings in an HSM-backed store. Which design should you recommend?
Store all configuration data, including feature flags, in Azure Key Vault; mount secrets to the AKS pods with the CSI driver and implement custom polling for App Service.
Persist all settings and feature flags in Azure Table Storage, have microservices poll the table periodically, and encrypt secrets stored in the same table with client-side encryption.
Store configuration values and feature flags in Azure App Configuration and reference secrets stored in Azure Key Vault; use Azure App Configuration provider libraries for caching and sentinel-based refresh.
Maintain environment-specific values in Kubernetes ConfigMaps synchronized with Argo CD for each cluster, and keep secrets in Kubernetes Secrets.
Azure App Configuration is designed for centralizing application settings and feature flags. It supports Azure role-based access control, activity logs, label-based versioning, and native feature-management capabilities. Client SDKs for .NET, Java, and other languages provide in-memory caching and sentinel keys that trigger dynamic refresh without redeployment. App Configuration can store Key Vault references so sensitive values, such as connection strings, remain in an HSM-backed Azure Key Vault, meeting the security requirement.
Using only Azure Key Vault would secure secrets but lacks feature-flag management and rich configuration querying, and would require custom polling logic. Kubernetes ConfigMaps or GitOps workflows do not cover App Service workloads uniformly and cannot provide dynamic feature-flag rollout or centralized RBAC across all environments. Azure Table Storage offers none of the built-in governance or feature-management capabilities and would require significant custom development. Therefore, combining Azure App Configuration with Key Vault best satisfies all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure App Configuration and why is it recommended for this scenario?
Open an interactive chat with Bash
How does Azure App Configuration handle dynamic updates to settings and feature flags?
Open an interactive chat with Bash
What is the role of Azure Key Vault in this solution, and why can't it be the sole solution?
Open an interactive chat with Bash
Microsoft Azure Solutions Architect Expert AZ-305
Design infrastructure solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .