Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

What is the most suitable solution for managing Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates in Azure?

• A. Azure Security Center
• B. Azure Information Protection (AIP)
• C. Key Vault
• D. Azure Advanced Threat Protection (ATP)

The correct answer is: Key Vault

The most suitable solution for managing Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates in Azure is Key Vault. Azure Key Vault is specifically designed to securely store and manage cryptographic keys, secrets, and certificates. It provides a centralized, secure location for these sensitive artifacts, along with features like access policies and auditing to control and monitor access to the certificates. Key Vault allows developers and administrators to automate certificate issuance, management, and renewal processes, which helps in maintaining a secure environment. Additionally, it integrates with other Azure services, making it easier to manage certificates across different applications and services that require SSL/TLS encryption. Other options like Azure Security Center, Azure Information Protection, and Azure Advanced Threat Protection do contribute to security but do not provide the specialized functionality required for SSL/TLS certificate management. For instance, Security Center focuses on overall security posture management and threat protection, while Azure Information Protection is centered around data classification and protection. Advanced Threat Protection primarily addresses security threats and does not deal with certificate management. Thus, Key Vault is clearly the most appropriate choice for handling SSL/TLS certificates in Azure.