Practice Test 2 | Designing And Implementing Microsoft DevOps Solutions | AZ-400 | Dumps | Mock Test
Your team needs to deploy several Azure Resource Manager templates. These templates will refer to secrets stored in the Azure Key Vault service. You have to recommend the right solution that will access the secrets in the Key Vault during the deployment of the Azure Resource Manager templates. You have to ensure the solution that uses the principle of least privilege.
Which of the following would you use to restrict access to the secrets stored in the Key Vault?
A. Azure Key vault access policy
B. A Personal Access Token
C. OAuth 2.0
D. RBAC
Answer – A
For data plane access to the key vault, you can use Key Vault access policies.
The Microsoft documentation mentions the following.
Option A is CORRECT because using Key vault access policies user gets access to the data plane. With the data plane access, users can manage secrets, keys, and certificates stored in the key vault.
Option B is incorrect because you can use a personal access token (PAT) as an alternate password to authenticate into Azure DevOps but it can not be used for managing Azure resources.
Option C is incorrect because OAuth 2.0 is the industry-standard protocol for authorization but using it we do not get access to the data plane in the key vault, for that we need to use key vault access policies.
Option D is incorrect because with RBAC we get access to the control plane of the key vault but we do not get permission to manage secrets, keys, and certificates stored in the key vault.
For more information on securing the Key Vault, please visit the following URL-
Comments are closed, but trackbacks and pingbacks are open.