To meet the technical requirement — “Use TLS for WebApp1” — the web app must be configured with a certificate that is compatible with Azure App Service for HTTPS/TLS binding.
According to the Microsoft Azure Administrator documentation on App Service Certificates and Key Vault integration, the following key points determine which certificates can be used:
Supported Certificate Format:Azure App Service supports importing certificates in PFX (PKCS #12) format, which includes both the public and private keys necessary for TLS/SSL binding.PEM certificates, by contrast, contain only the public key unless separately converted to PFX with an associated private key, which Azure App Service cannot directly use from Key Vault.
Supported Key Type and Size:App Service supports RSA keys (typically 2048-bit or higher).Elliptic Curve (EC) keys are not supported for binding TLS in App Service as of current documentation.
Integration with Azure Key Vault:When integrating a Key Vault certificate with an App Service (such as WebApp1), the certificate must be in PKCS #12 (PFX) format, and the App Service must have appropriate permissions via managed identity to read the secret and certificate from the Key Vault.
From the Vault1 data provided in your scenario:
Name
Content type
Key type
Key size
Cert1
PKCS #12
RSA
2048
Cert2
PKCS #12
RSA
4096
Cert3
PEM
RSA
2048
Cert4
PEM
RSA
4096
Analysis:
Cert1 and Cert2 are PKCS #12 certificates, so both contain the private key required for TLS.
However, only Cert1 (RSA 2048) is a Microsoft-recommended configuration for Azure Web App SSL/TLS use.
Cert2 has a 4096-bit RSA key. Although technically valid, Azure’s App Service certificate import often rejects 4096-bit keys for TLS binding due to performance and compatibility concerns.
Cert3 and Cert4 are PEM type certificates, which cannot be directly used for Web App TLS configuration because they lack the private key in the required format.
Therefore, according to the Azure Administrator Exam Study Guide and Microsoft official documentation, the only valid certificate that meets the requirements is:
✅ Cert1 only
Final Verified Answer: ✅ A. Cert1 only
