Home » Microsoft » AZ-500 v.2 » You have an Azure subscription that contains an Azure key vault named Vault1.
You have an Azure subscription that contains an Azure key vault named Vault1.
In Vault1, you create a secret named Secret1.
An application developer registers an application in Azure Active Directory (Azure AD).
You need to ensure that the application can use Secret1.
What should you do?
A. In Azure AD, create a role.
B. In Azure Key Vault, create a key.
C. In Azure Key Vault, create an access policy.
D. In Azure AD, enable Azure AD Application Proxy.
Correct Answer: A
Explanation/Reference:
Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them.
Managed identities for Azure resources overview makes solving this problem simpler, by giving Azure services an automatically managed identity in Azure Active Directory (Azure AD). You can use this identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without having any credentials in your code.
Example: How a system-assigned managed identity works with an Azure VM After the VM has an identity, use the service principal information to grant the VM access to Azure resources. To call Azure Resource Manager, use role-based access control (RBAC) in Azure AD to assign the appropriate role to the VM service principal. To call Key Vault, grant your code access to the specific secret or key in Key Vault.
References: https://docs.microsoft.com/en-us/azure/key-vault/quick-create-net https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication#:~:text=Authentication%20with%20Key%20Vault%20works,requesting%20access%20to%20Azure%20resources.
it is access policies for secrets , roles are for admin access over key vault
i would go for C
as the dev already has a principle account and within the Access policy u select the Authorized application
Authorizes this application to perform the specified permissions on the User’s or Group’s behalf.