Exam AZ-500 topic 1 question 22 discussion

For those that won't see it B is right in front of the option A.

Admins please fix formatting so the option B is on the new line

Answer: It's cooked, the answer is B, RBAC Reason: Role-Based Access Control (RBAC) in Azure allows you to assign specific permissions to users based on their roles, adhering to the principle of least privilege. For managing advanced access policies in Azure Key Vault, the 'Key Vault Contributor' role provides the necessary permissions without granting excessive access. Reference: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide

It can be either RBAC or Access Policies. We have option B as RBAC.

You can't use PIM (C) for this scenario so go for RBAC (B). In a real life scenario, the user would have a ticket on a backlog that he is required to complete after setting up. Then you de-assign the role from his identity, to respect the least privilege principle, unless the user is explicitly required permanent access from then onwards.

The correct answer is RBAC. RBAC allows you to assign specific roles like Key Vault Contributor, which grants the user the ability to set advanced access policies, ensuring access based on the principle of least privilege. Azure Information Protection focuses on data classification, labeling, and protection, not managing access to Azure Key Vault. While Azure AD Privileged Identity Management offers time-based and approval-based role activation, it doesn't directly manage access to Azure Key Vault or allow setting advanced access policies for it. Azure DevOps is primarily a set of services for software development, not for managing access to Azure Key Vault. https://learn.microsoft.com/en-us/azure/key-vault/general/security-features

B. RBAC (Role-Based Access Control) RBAC allows you to grant specific permissions to users, groups, or service principals based on their roles. By assigning the appropriate RBAC role to the specific user, you can grant them the necessary permissions to set advanced access policies for the Key Vault, while ensuring that they only have the minimum privileges required for their tasks. RBAC provides a granular level of control over access to Azure resources, allowing you to assign roles such as "Key Vault Contributor" or "Key Vault Administrator" to the user, depending on the level of access needed. This ensures that the user has the necessary permissions to manage the Key Vault without granting excessive privileges.

the b is not visible

B is the answer. https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. With Azure RBAC you control access to resources by creating role assignments, which consist of three elements: a security principal, a role definition (predefined set of permissions), and a scope (group of resources or individual resource).

correct answer B

B. RBAC

Just to notify you that the answer B is RBAC

B: RBAC

Ans is B (RBAC) "Authorization in Key Vault uses a combination of Azure role-based access control (Azure RBAC) and Azure Key Vault access policies" https://docs.microsoft.com/en-us/azure/key-vault/general/security-features

The answer is B but for some reason is BUGGED.

The answer is B: The management plane uses RBAC - this is where you manage Key Vault itself which implies creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. https://docs.microsoft.com/en-us/azure/key-vault/general/security-features#access-model-overview

B is correct answer.