AZ-400 – Question 87


Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.

What should you include in the recommendation?
To answer, drag the appropriate configurations to the correct targets.
Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
Box 1: A key Vault access policy
Box 2: RBAC –
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.