Microsoft Azure Developer Associate AZ-204 Practice Question
Your team is developing an Azure Function app that uses the Azure.Identity library with DefaultAzureCredential to retrieve a secret from an Azure Key Vault at runtime. The Function app is deployed with a system-assigned managed identity. You need to ensure that the code can successfully call GetSecretAsync without storing any credentials or certificates in the code or configuration. What should you do?
Add a Key Vault reference in the Function app settings that uses the secret's URI.
Assign the managed identity the Contributor role on the resource group that contains the Key Vault.
Create a Key Vault access policy that grants the Function app's managed identity the Get permission for secrets.
Enable soft-delete and purge protection on the Key Vault.
DefaultAzureCredential automatically tries the managed identity of the running workload when it is enabled. For that identity to read a secret, Key Vault must explicitly allow it. Adding a Key Vault access policy (or the equivalent Key Vault Data Reader role) that grants the managed identity the "Get" permission on secrets provides the necessary but least-privilege access. Using Key Vault references in application settings only works for configuration values and is not required when the code uses the SDK directly. Granting the Contributor role gives the identity broad management rights but does not grant data-plane secret retrieval permission. Enabling soft-delete and purge protection affects vault resiliency, not access control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a system-assigned managed identity in Azure?
Open an interactive chat with Bash
What is DefaultAzureCredential and how does it work?
Open an interactive chat with Bash
What is an Azure Key Vault access policy and how does it control access?
Open an interactive chat with Bash
Microsoft Azure Developer Associate AZ-204
Implement Azure security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .