Topic: AZ-400 topic 4 question 65

HOTSPOT
-

You have an Azure subscription that contains an Azure key vault named Vault1, an Azure pipeline named Pipeline1, and an Azure SQL database named DB1.

Pipeline1 is used to deploy an app that will authenticate to DB1 by using a password.

You need to store the password in Vault1. The solution must ensure that the password can be accessed by Pipeline1.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Re: AZ-400 topic 4 question 65

1. Secret
2. Access policy

https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
A Key Vault access policy determines whether a given security principal, namely a user, application or user group, can perform different operations on Key Vault secrets, keys, and certificates. You can assign access policies using the Azure portal, the Azure CLI, or Azure PowerShell.

Re: AZ-400 topic 4 question 65

Azure RBAC is the recommended authorization system for the Azure Key Vault data plane.
https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy

1. Secret
2. Access Control (IAM)

  • arr73
  • New member
  • Offline

Re: AZ-400 topic 4 question 65

Slot2 is "Access policy", because in the context of azure pipelines "Key Vaults using Azure role-based access control (Azure RBAC) are not supported" as said in the link bellow:
Reference: https://learn.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups?view=azure-devops&tabs=yaml#link-secrets-from-an-azure-key-vault

It's a little confusing, because as you say, in general RBAC is recommended over policies (legacy), but not from Azure Pipelines because it's not supported.

Re: AZ-400 topic 4 question 65

Then the question should change the Access Control (IAM) settings to Access Control (IAM) role assignment

Re: AZ-400 topic 4 question 65

1. Secret
2. Access policy

According with this policy

https://microsoftlearning.github.io/AZ400-DesigningandImplementingMicrosoftDevOpsSolutions/Instructions/Labs/AZ400_M05_L10_Integrating_Azure_Key_Vault_with_Azure_DevOps.html

Re: AZ-400 topic 4 question 65

Agree with the answer. Secret and Access policy. But Access Control (IAM) is also right. I wonder if both answers can be right

Re: AZ-400 topic 4 question 65

Same as Question 1.
https://www.islever.com/discussions/microsoft/view/74304-exam-az-400-topic-4-question-1-discussion

Re: AZ-400 topic 4 question 65

Correct.