You manage a cloud service that utilizes data encryption.
You need to ensure that the certificate used to encrypt data can be accessed by the cloud
service application.
What should you do?
A.
Upload the certificate referenced in the application package.
B.
Deploy the certificate as part of the application package.
C.
Upload the certificate’s public key referenced in the application package.
D.
Use RDP to install the certificate.
Explanation:
http://msdn.microsoft.com/en-us/library/azure/gg981929.aspx
mmm A o C?
i think it C
I don’t sure because the certificate (.cer) can be public o private… I will select A
Based on: http://azure.microsoft.com/blog/2011/09/07/field-note-using-certificate-based-encryption-in-windows-azure-applications/ it is C.
The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role instance.
Looks like you need both A and C.
http://azure.microsoft.com/blog/2011/09/07/field-note-using-certificate-based-encryption-in-windows-azure-applications/
Yes you are correct. But what is the right answer then, can be both. Microsoft it will be “the best option”.
When deploying, they would simply replace the thumbprint in their encrypt/decrypt code with that of the service certificate uploaded to Windows Azure and also deploy the public key of the service certificate with their application.
The correct answer seems to be A. You first need to upload (!) the certificate and then deploy (!) the public key with your application.
it’s C
The developer must deploy the public key with their application so that, when Windows Azure spins up role instances, it will match up the thumbprint in the service definition with the uploaded service certificate and deploy the private key to the role instance. The private key is intentionally non-exportable to the .pfx format, so you won’t be able to grab the private key through an RDC connection into a role instance.
http://azure.microsoft.com/blog/2011/09/07/field-note-using-certificate-based-encryption-in-windows-azure-applications/
A is the correct answer.
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate/#step3
It really seems to be B
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate/#step3
The correct answer is C. The reason are as follows.
1. Separation of Concerns , a developer should never get access to any certificates. The IT team should deploy the certificate in the Azure portal.
2. Based on the above points options A , B and D are eliminated
…
…
Developer will get only thumbprint of the certificate and use it part of the code.
an Azure cloud service certificates is deployed via the CERTIFICATES tab from the management portal
this eliminates D and B
one does not deploy a publi key, but a thumbprint into the definition file
this eliminates C
so the answer is A that: deploy the certificate from the portal
There isn’t even an answer choice ” deploy the certificate from the portal” – where did that come from?
Old link doesn’t work. New one – https://azure.microsoft.com/en-us/documentation/articles/cloud-services-certs-create/
Definitely it’s C, use page search using words “developer may upload a service package that refers”
I think its “C”
Answer is: C – Upload the certificate’s public key referenced in the application package.
The Certificate thumbprint is held in ServiceConfiguration.cscfg so we’d need the public key to be uploaded / available.
I have changed my mind after re-reading the question – I think it’s A. Upload the certificate referenced in the application package. The Certificate needs to be present in the Azure Portal for the app to work.
So we haven’t concluded if it’s A or C yet?
Answer is A, because u have to upload a .pfx file not a .cer file. pfx contains the private key while cer contains public and private keys
Great dialog! Think I’m betting on (A) as Smaji points out in Step #3 of the Azure Doc above. No mention in question about SoC (between Developer and Admin) and who is uploading what.
Very few websites that transpire to become in depth below, from our point of view are undoubtedly well worth checking out.