Exam SC-300 topic 2 question 70 discussion

- Key Vault Crypto Officer - Key Vault Certificates Officer Key Vault Crypto Officer: Perform any action on the keys of a key vault, except manage permissions. Key Vault Certificates Officer: Perform any action on the certificates of a key vault, except manage permissions. Key Vault Secrets Officer: Perform any action on the secrets of a key vault, except manage permissions. Ref: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli.

Correct. Key Vault Certificates Officer DataActions: - Microsoft.KeyVault/vaults/certificates/* - Microsoft.KeyVault/vaults/certificates/* - Microsoft.KeyVault/vaults/certificatecontacts/write Key Vault Crypto Officer DataActions: - Microsoft.KeyVault/vaults/keys/* - Microsoft.KeyVault/vaults/keyrotationpolicies/* Key Vault Secrets Officer DataActions: - Microsoft.KeyVault/vaults/secrets/* https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-certificates-officer https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-crypto-officer https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#key-vault-secrets-officer

Correct

- Key Vault Crypto Officer - Key Vault Certificates Officer

Looks good according to docs: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide#azure-built-in-roles-for-key-vault-data-plane-operations User1: manage and create keys in Vault1 - Key Vault Crypto Officer User2: access a certificate stored in Vault1 - Key Vault Certificates Officer