Practice Test 2 | Designing And Implementing Microsoft DevOps Solutions | AZ-400 | Dumps | Mock Test
Your team needs to deploy several Azure Resource Manager templates. These templates will refer to secrets stored in the Azure Key Vault service. You have to recommend the right solution. It will access to the secrets in the Key Vault during the deployment of the Azure Resource Manager templates. You have to ensure the solution that uses the principle of least privilege.
Which of the following would you use to restrict access to delete the key vault?
A. Azure Key vault access policy
B. A Personal Access Token
C. OAuth 2.0
D. RBAC
Answer – D
For control plane access to the key vault, you can use Role-based access control.
The Microsoft documentation mentions the following.
Option A is incorrect because with the Azure Key Vault access policy you can manage secrets, keys, and certificates. You do not get control plane level access, so you can not delete the key vault.
Option B is incorrect because you can use a personal access token (PAT) as an alternate password to authenticate into Azure DevOps but it can not be used for deleting azure resources.
Option C is incorrect because OAuth2.0 is the industry-standard protocol for authorization, it does not provide user permission to delete the key vault. For delete permissions, we need to use RBAC.
Option D is CORRECT because with RBAC you can assign user permission for the control plane where the user can modify and delete the key vault.
For more information on securing the Key Vault, please visit the following URL-
Comments are closed, but trackbacks and pingbacks are open.