ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 3 question 34 discussion

Actual exam question from Microsoft's AZ-500
Question #: 34
Topic #: 3
[All AZ-500 Questions]

HOTSPOT -
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
✑ Provide a user named User1 with the ability to set advanced access policies for the key vault.
✑ Provide a user named User2 with the ability to add and delete certificates in the key vault.
✑ Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
User1: RBAC -
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:
✑ set Key Vault access policies
✑ create, read, update, and delete key vaults
✑ set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
by Rume at June 30, 2021, 11:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BayaliJihad
Highly Voted 1 year, 7 months ago
I think this is outdated. Because now you can use RBAC also to handle data plane.
upvoted 21 times
JBAnalyst
4 months, 3 weeks ago
principle of least privilege , RBAC will give more, access policy is granular
upvoted 1 times
...
...
francis6170
Highly Voted 3 years, 2 months ago
Got this in the AZ-500 exam (Sept 2021)! A: RBAC, KV access policy
upvoted 19 times
...
joegie00698
Most Recent 10 months, 3 weeks ago
best practice would be to use RBAC for both management and data plane but depends on the age of the question...so better follow the current one
upvoted 3 times
...
ESAJRR
1 year, 2 months ago
User1: RBAC User2: A key vault access policy
upvoted 2 times
...
Self_Study
1 year, 3 months ago
on exam 7/8/23, I went with the provided answers. Who knows if answers are updated on the MS side.
upvoted 4 times
...
majstor86
1 year, 8 months ago
User1: RBAC User2: A key vault access policy
upvoted 4 times
...
ligu
1 year, 9 months ago
Answers are correct
upvoted 1 times
...
RocksT
1 year, 9 months ago
RBAC can be used for key vault data plane operations such as certificate management now. Answer should be RBAC for both. https://learn.microsoft.com/en-us/azure/key-vault/general/security-features
upvoted 4 times
ConanBarb
1 year, 8 months ago
Agree! Actually it is the recommended way (always RBAC over access policies if you can)
upvoted 1 times
...
...
ltjones12
1 year, 10 months ago
a source of confusion because I think the recommendation now is to use RBAC for all keyvault access, but I can't seem to find anything definitive
upvoted 2 times
OrangeSG
1 year, 10 months ago
Azure Key Vault access policies can have least privilege assigned for the requirement of “to add and delete certificates in the key vault”. Please refer to Azure Key Vault access policies assignment UI: https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
upvoted 2 times
...
...
koreshio
2 years, 1 month ago
hang on, you can use either RBAC or vault access policy when creating the Key vault. But not both. So if using RBAC, you can't use vault access policy again? right? ref: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#enable-azure-rbac-permissions-on-key-vault
upvoted 5 times
OrangeSG
1 year, 10 months ago
User1 is at management plane; user 2 is at data plane. So they can choose authentication method independantly.
upvoted 1 times
...
...
snake_alejo
2 years, 9 months ago
answer is OK
upvoted 3 times
...
jl92
3 years ago
# IN EXAM - 19/11/2021
upvoted 4 times
...
zioggs
3 years ago
Exam - 4/11/21
upvoted 3 times
...
itbrpl
3 years, 1 month ago
Today 20/10/21...
upvoted 2 times
...
Jco
3 years, 1 month ago
#exam ques # 29 Sep
upvoted 2 times
...
JaiSharma
3 years, 2 months ago
In exam today: 27th Sep 2021
upvoted 2 times
...
Villar
3 years, 2 months ago
RBAC can also be used to grant data plane access by using a Key Vault access policy https://docs.microsoft.com/en-us/azure/key-vault/general/security-features#privileged-access
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel