nerdexam
Microsoft

AZ-400 · Question #176

SIMULATION You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv. To complete this task, sign in to the Microsoft Azure port

Enabling a system-assigned managed identity on VM1 is the correct approach because it creates an automatically managed identity in Azure Active Directory that is tied directly to the VM's lifecycle, eliminating the need to manage credentials manually. Once the managed identity is

Submitted by mike_84· Mar 6, 2026Implement and manage secure access to Azure resources using managed identities and Azure Key Vault - aligning with AZ-400 domain: Implement security and validate code bases for compliance (DevSecOps / Secrets Management)

Question

SIMULATION You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv. To complete this task, sign in to the Microsoft Azure portal. Answer: You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault. 1. Sign in to Azure portal 2. Locate virtual machine VM1. 3. Select Identity 4. Enable the system-assigned identity for VM1 by setting the Status to On. Note: Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/tutorial-windows-vm-access-nonaad

Exhibit

AZ-400 question #176 exhibit

Explanation

Enabling a system-assigned managed identity on VM1 is the correct approach because it creates an automatically managed identity in Azure Active Directory that is tied directly to the VM's lifecycle, eliminating the need to manage credentials manually. Once the managed identity is enabled, you can then grant that identity access to the Key Vault (az400-11566895-kv) via an access policy, allowing the VM to securely retrieve secrets without storing credentials in code or configuration. This follows the principle of least privilege and Azure's recommended zero-secrets architecture for service-to-service authentication.

Topics

#Managed Identity#Azure Key Vault#VM Security#Azure Active Directory

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice