AZ-500 Question #173: Real Exam Question with Answer & Explanation

Question

SIMULATION You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200. To complete this task, sign in to the Azure portal. Answer: You need to configure an option in the Advanced Access Policy of the key vault. 1. In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane. 2. In the properties of the key vault, click on Advanced Access Policies. 3. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment. 4. Click Save to save the changes.

Options

• taskEnsure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.
• prerequisitesAzure portal access

Explanation

The 'Enable access to Azure Resource Manager for template deployment' setting in the Key Vault's Advanced Access Policies is specifically designed to allow ARM templates to retrieve secrets stored in the vault during deployment. Without enabling this setting, ARM template deployments that reference Key Vault secrets using the 'reference' function will fail because Azure Resource Manager lacks authorization to read from the vault. This is a deliberate security boundary that must be explicitly unlocked by a Key Vault administrator.

No community discussion yet for this question.