AZ-400 · Question #283
Drag and Drop Question You are configuring an Azure DevOps deployment pipeline. The deployed application will authenticate to a web service by using a secret stored in an Azure key vault. You need to
The correct answer is Create a service principal in Azure Active Directory (Azure AD).; Configure an access policy in the key vault.; Add an Azure Resource Manager service connection to the pipeline.. The correct sequence is: (1) Create a service principal in Azure AD to establish an identity for the pipeline to authenticate with, (2) Configure an access policy in the key vault to grant that service principal permission to read secrets, and (3) Add an Azure Resource Manager se
Question
Exhibit
Answer Area
Drag items
Correct arrangement
- Create a service principal in Azure Active Directory (Azure AD).
- Configure an access policy in the key vault.
- Add an Azure Resource Manager service connection to the pipeline.
Explanation
The correct sequence is: (1) Create a service principal in Azure AD to establish an identity for the pipeline to authenticate with, (2) Configure an access policy in the key vault to grant that service principal permission to read secrets, and (3) Add an Azure Resource Manager service connection to the pipeline so Azure DevOps can use the service principal's credentials to connect to Azure and retrieve the secret. This follows the least-privilege principle by tying a specific identity to specific vault permissions and wiring it into the pipeline securely.
Topics
Community Discussion
No community discussion yet for this question.
