AZ-400 – Question 97

You have an Azure DevOps organization named Contoso that contains a project named Project1.

You provision an Azure key vault named Keyvault1.
You need to reference Keyvault1 secrets in a build pipeline of Project1.

What should you do first?

A. Add a secure file to Project1.
B. Create an XAML build service.
C. Create a variable group in Project1. 
D. Configure the security policy of Contoso.

Correct Answer: C

Before this will work, the build needs permission to access the Azure Key Vault. This can be added in the Azure Portal.
Open the Access Policies in the Key Vault and add a new one. Choose the principle used in the DevOps build.