Microsoft
AZ-400 · Question #478
You have an Azure key vault named KV1 and three web servers. You plan to deploy an app named App1 to the web servers. You need to ensure that App1 can retrieve a secret from KV1. The solution must mee
The correct answer is C. a user-assigned managed identity. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identity-best-practice-recommendations
Submitted by akirajp· Mar 6, 2026Develop a security and compliance plan
Question
You have an Azure key vault named KV1 and three web servers. You plan to deploy an app named App1 to the web servers. You need to ensure that App1 can retrieve a secret from KV1. The solution must meet the following requirements: - Minimize the number of permission grants required. - Follow the principle of least privilege. What should you include in the solution?
Options
- Arole-based access control (RBAC) permission
- Ba system-assigned managed identity
- Ca user-assigned managed identity
- Da service principal
How the community answered
(26 responses)- A4% (1)
- B8% (2)
- C77% (20)
- D12% (3)
Explanation
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identity-best-practice-recommendations
Community Discussion
No community discussion yet for this question.