nerdexam
Microsoft

AZ-400 · Question #34

You have an Azure Resource Manager template that deploys a multi-tier application. You need to prevent the user who performs the deployment from viewing the account credentials and connection strings

The correct answer is D. Azure Key Vault. When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only referenc

Submitted by anna_se· Mar 6, 2026Develop a security and compliance plan

Question

You have an Azure Resource Manager template that deploys a multi-tier application. You need to prevent the user who performs the deployment from viewing the account credentials and connection strings used by the application. What should you use?

Options

  • Aan Azure Resource Manager parameter file
  • Ban Azure Storage table
  • Can Appsettings.json files
  • DAzure Key Vault
  • Ea Web.config file

How the community answered

(25 responses)
  • D
    96% (24)
  • E
    4% (1)

Explanation

When you need to pass a secure value (like a password) as a parameter during deployment, you can retrieve the value from an Azure Key Vault. You retrieve the value by referencing the key vault and secret in your parameter file. The value is never exposed because you only reference its key vault ID. The key vault can exist in a different subscription than the resource group you are https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice