nerdexam
Microsoft

AZ-400 · Question #478

You have an Azure key vault named KV1 and three web servers. You plan to deploy an app named App1 to the web servers. You need to ensure that App1 can retrieve a secret from KV1. The solution must mee

The correct answer is C. a user-assigned managed identity. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identity-best-practice-recommendations

Submitted by akirajp· Mar 6, 2026Develop a security and compliance plan

Question

You have an Azure key vault named KV1 and three web servers. You plan to deploy an app named App1 to the web servers. You need to ensure that App1 can retrieve a secret from KV1. The solution must meet the following requirements: - Minimize the number of permission grants required. - Follow the principle of least privilege. What should you include in the solution?

Options

  • Arole-based access control (RBAC) permission
  • Ba system-assigned managed identity
  • Ca user-assigned managed identity
  • Da service principal

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    8% (2)
  • C
    77% (20)
  • D
    12% (3)

Explanation

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identity-best-practice-recommendations

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice