Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

You are configuring an Azure DevOps YAML pipeline that will run on a self-hosted agent in Azure. During execution, the pipeline must:

  1. Download a PFX certificate named web-api-cert from an Azure Key Vault and save it as a secure file on the agent.
  2. Generate a JSON Web Token (JWT) by calling the Azure Key Vault key jwt-signing. The private portion of the key must never leave the vault; the pipeline only needs to invoke the signing operation.

You create a service principal for the pipeline and add it to the Key Vault access policies. Which single set of permissions meets the requirements while following the principle of least privilege?

  • Secrets: Get, List | Keys: Get

  • Secrets: Get | Keys: Sign

  • Certificates: Get | Keys: Sign, Decrypt

  • Certificates: Get | Keys: Sign

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot