ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 1 question 23 discussion

Actual exam question from Microsoft's AZ-500
Question #: 23
Topic #: 1
[All AZ-500 Questions]

You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?

  • A. A key vault access policy
  • B. Azure policy
  • C. Azure AD Privileged Identity Management (PIM)
  • D. Azure DevOps
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by secisfun at July 10, 2021, 12:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SecurityAnalyst
Highly Voted 3 years, 1 month ago
# IN EXAM - 31/8/2021
upvoted 15 times
...
nexel
Highly Voted 3 years, 3 months ago
A is correct
upvoted 13 times
...
stonwall12
Most Recent 2 months, 2 weeks ago
Selected Answer: A
Answer: A, Key vault access policy Reason: Key vault access policies allow you to grant specific permissions for managing certificates in Azure Key Vault. This method provides granular control over actions like adding and deleting certificates, adhering to the principle of least privilege by granting only the necessary permissions to the user. Reference: https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
upvoted 2 times
...
AdityaGupta
3 months, 1 week ago
Selected Answer: A
Azure Key Vault Access Policies are used for granular control on key vault Keys, secrets, certificates.
upvoted 1 times
...
Ruffyit
7 months ago
These operations are done on the key vault's data plane. The suitable built-in role would be a Key Vault Certificates Officer - able to perform any action on the certificates of a key vault, except manage permissions.
upvoted 4 times
...
jacqs101
9 months, 1 week ago
Answer A is correct - RBAC gives you access to the vault (management plane), Key vault policies grants access to the data within the vault (data plane)
upvoted 4 times
...
wardy1983
11 months, 2 weeks ago
Answer: A Explanation: These operations are done on the key vault's data plane. The suitable built-in role would be a Key Vault Certificates Officer - able to perform any action on the certificates of a key vault, except manage permissions. Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
upvoted 2 times
...
JunetGoyal
1 year ago
KW has 2 models for access 1. RBAC 2. KW policy. If you want more control one should go for KW policy Ans a
upvoted 1 times
...
TheProfessor
1 year, 1 month ago
Selected Answer: A
The answer is: A
upvoted 2 times
...
ESAJRR
1 year, 2 months ago
Selected Answer: A
A. A key vault access policy
upvoted 1 times
...
zellck
1 year, 5 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy A Key Vault access policy determines whether a given security principal, namely a user, application or user group, can perform different operations on Key Vault secrets, keys, and certificates. You can assign access policies using the Azure portal, the Azure CLI, or Azure PowerShell.
upvoted 2 times
...
Dinya_jui
1 year, 7 months ago
correct answer A
upvoted 1 times
...
majstor86
1 year, 7 months ago
Selected Answer: A
A. A key vault access policy
upvoted 2 times
...
AZ5cert
1 year, 10 months ago
A. A key vault access policy
upvoted 1 times
...
jore041
2 years ago
Selected Answer: A
A is correct
upvoted 1 times
...
us3r
2 years, 6 months ago
Selected Answer: A
vote A
upvoted 3 times
...
in_da_cloud
2 years, 7 months ago
Selected Answer: A
The answer is A: These operations are done on the key vault's data plane. The suitable built-in role would be a Key Vault Certificates Officer - able to perform any action on the certificates of a key vault, except manage permissions. https://docs.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago