ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 8 question 14 discussion

Actual exam question from Microsoft's AZ-400
Question #: 14
Topic #: 8
[All AZ-400 Questions]

DRAG DROP -
Your company has a project in Azure DevOps.
You plan to create a release pipeline that will deploy resources by using Azure Resource Manager templates. The templates will reference secrets stored in Azure
Key Vault.
You need to recommend a solution for accessing the secrets stored in the key vault during deployments. The solution must use the principle of least privilege.
What should you include in the recommendation? To answer, drag the appropriate configurations to the correct targets. Each configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: An Azure Key Vault access policy


Box 2: RBAC -
Management plane access control uses RBAC.
The management plane consists of operations that affect the key vault itself, such as:
✑ Creating or deleting a key vault.
✑ Getting a list of vaults in a subscription.
✑ Retrieving Key Vault properties (such as SKU and tags).
✑ Setting Key Vault access policies that control user and application access to keys and secrets.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault
by meinekarte at April 3, 2021, 3:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LeeVee
Highly Voted 4 years, 3 months ago
Other way around, should be rbac and then access policy.
upvoted 116 times
rdemontis
3 years, 3 months ago
exactly, you are right
upvoted 4 times
...
vvkds
3 years, 2 months ago
Agreed
upvoted 3 times
...
...
Tigger
Highly Voted 4 years, 3 months ago
Delete key vault - RBAC Access to secrets - Vault Policy https://docs.microsoft.com/en-us/azure/key-vault/general/security-overview
upvoted 43 times
...
UrbanRellik
Most Recent 9 months, 1 week ago
1. RBAC (management plane) 2. RBAC or Key Vault Access Policy (data plane)
upvoted 4 times
...
arr73
1 year, 2 months ago
Slot1: RBAC Slot2: Access Policy (because in azure pipelines Azure Key Vaults that use Azure role-based access control (Azure RBAC) are not supported -- this is the link to the related documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/release/azure-key-vault?view=azure-devops&tabs=classic#set-up-key-vault-access-policies
upvoted 3 times
...
vsvaid
1 year, 6 months ago
Will pick RBAC and Access Policy although RBAC and RBAC is also correct
upvoted 5 times
...
varinder82
1 year, 7 months ago
Final answer after going thorugh all comments 1. RBAC 2. Access Policy
upvoted 1 times
...
pc1707
1 year, 10 months ago
ChatGPT: RBAC (Role-Based Access Control) to grant the necessary permissions to the appropriate users or groups. Access Policies allow you to specify which users, groups, or applications have access to the secrets stored in the key vault.
upvoted 1 times
...
ieboaix
1 year, 11 months ago
RBAC RBAC https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli
upvoted 3 times
nakedsun
1 year, 10 months ago
RBAC for polices inside the vault is a fairly new feature i think. So depending on how up to date the exam is it may be correct. However the vault policy should still work at the moment, so is the safe bet.
upvoted 2 times
...
...
Mcelona
1 year, 11 months ago
In my opinion: rbac & rbac https://learn.microsoft.com/en-gb/azure/key-vault/general/rbac-access-policy
upvoted 2 times
...
hebertpena88
2 years, 9 months ago
RBAC will prevent the key vault from being deleted Access policy will prevent data from being deleted
upvoted 7 times
...
General45
2 years, 9 months ago
Access to vaults takes place through two interfaces or planes. Management plane is controlled via RBAC to manage Key Vault itself. Operations that can be controlled are: > Create, read, update, and delete key vaults > Set Key Vault access policies > Set Key Vault tags Data plane is controlled via Access Policies to allows you to work with the data stored in a key vault. Operations that can be controlled are: > Keys: encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, recover, backup, restore, purge > Certificates: managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, get, list, create, import, update, delete, recover, backup, restore, purge > Secrets: get, list, set, delete,recover, backup, restore, purge
upvoted 2 times
chingdm
2 years, 5 months ago
RBAC to restrict deletion of key vault https://learn.microsoft.com/en-us/azure/role-based-access-control/overview Policy to restrict data in kv. https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
upvoted 2 times
...
...
murat12345
2 years, 9 months ago
Why not RBAC and RBAC?
upvoted 2 times
...
SerdarG
2 years, 11 months ago
Delete key vault - RBAC Access to secrets - Vault Policy https://docs.microsoft.com/en-us/answers/questions/370371/restrict-access-to-the-secrets-in-the-key-vault-ar.html
upvoted 2 times
...
syu31svc
2 years, 11 months ago
It is the other way round https://docs.microsoft.com/en-us/azure/key-vault/general/security-features Look under the section "Privileged access"
upvoted 1 times
...
Eltooth
3 years, 2 months ago
RBAC Access Policy
upvoted 2 times
...
Cheehp
3 years, 3 months ago
Selected during exam. Delete key vault - RBAC Access to secrets - Vault Policy
upvoted 3 times
...
Mev4953
3 years, 4 months ago
To manage to delete KEYVAULT ==> RBAC To access to secrets inside KV ==> Access Policy https://docs.microsoft.com/en-us/answers/questions/370371/restrict-access-to-the-secrets-in-the-key-vault-ar.html
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel