Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure Key Vault named kv-contoso that holds an RSA key named AppKey. The key already has an expiry date set to one year after creation. Security policy states that a new version of the key must be generated automatically 30 days before the current version expires, without requiring additional scripts or external services. Which configuration should you apply to meet this requirement?

  • Enable soft-delete and purge protection on kv-contoso.

  • Update the rotation policy of AppKey to include a lifetime action of rotate that runs 30 days before the key's expiry.

  • Assign an Azure Policy that audits keys older than 30 days without rotation.

  • Create an Azure Automation runbook that calls az keyvault key rotate on a 30-day schedule.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot