Key Vault (1 / 13): Your organization is migrating sensitive data to Azure and has decided to use Azure Key Vault for secure storage. To enhance data protection, the IT team wants to ensure that if any key vault or its associated objects are unintentionally deleted, they can be recovered. Moreover, they want to ensure that once an item is marked as deleted, it cannot be permanently removed until a specified retention period elapses. Which Azure CLI commands should the IT team execute to implement these protective measures?
Answer:
You need to enablesoft delete (--enable-soft-delete true) and purge protection (--enable-purge-protection true)
az keyvault create --name <YourKeyVaultName> --retention-days 90 is not a valid command
az keyvault set-policy --name <YourKeyVaultName> --object-id <ObjectId> --key-permissions purge grants a user the permission to purge objects from the Key Vault. However, it doesn't prevent purging during the retention period.
az keyvault delete --name <YourKeyVaultName> --force-immediate is not a valid command