Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your company uses a customer-managed RSA key named cmk1 that resides in Azure Key Vault. Compliance rules state that a new version of the key must be generated automatically every 12 months and that each previous version must remain usable for an additional 90 days before it is deleted. With the least administrative effort, which configuration should you implement to satisfy both requirements?
Modify cmk1 so its activation date is 90 days before its expiration date.
Define a Key Vault rotation policy on cmk1 that sets a Rotate lifetime action after P365D and an expiryTime of P455D.
Enable purge protection and soft delete on the Key Vault that contains cmk1.
Create an Event Grid subscription for the Microsoft.KeyVault.KeyNearExpiry event and invoke an Azure Automation runbook to generate a new key version.
Azure Key Vault supports automatic key rotation through a key-level rotation policy. In the policy you can define a Rotate lifetime action that creates a new key version after a period such as P365D (365 days) and set expiryTime so that each version automatically expires after 455 days (365 + 90). Because the service performs the rotation and expiry on schedule, no external automation, purge protection, or key activation settings are required. Event Grid-based solutions (for example, triggering an Automation runbook) meet the requirement but add unnecessary management overhead, while soft delete or purge protection provide only deletion safeguards and do not create new key versions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Key Vault, and why is it used for managing keys?
Open an interactive chat with Bash
What does 'Rotate lifetime action' mean in the context of Azure Key Vault?
Open an interactive chat with Bash
How does expiryTime in a rotation policy ensure compliance requirements for previous key versions?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .