Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

Your company uses a customer-managed RSA key named cmk1 that resides in Azure Key Vault. Compliance rules state that a new version of the key must be generated automatically every 12 months and that each previous version must remain usable for an additional 90 days before it is deleted. With the least administrative effort, which configuration should you implement to satisfy both requirements?

  • Enable purge protection and soft delete on the Key Vault that contains cmk1.

  • Create an Event Grid subscription for the Microsoft.KeyVault.KeyNearExpiry event and invoke an Azure Automation runbook to generate a new key version.

  • Define a Key Vault rotation policy on cmk1 that sets a Rotate lifetime action after P365D and an expiryTime of P455D.

  • Modify cmk1 so its activation date is 90 days before its expiration date.

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot