🔥 40% Off Crucial Exams Memberships — This Week Only

3 days, 11 hours remaining!
Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

Your company maintains several Azure DevOps pipelines that deploy workloads to different subscriptions. All runtime connection strings are stored as secrets in a single Azure Key Vault. The security team mandates that the service principal used by the build stage must be able to retrieve only the specific secrets referenced in the pipeline code and must not be able to enumerate other secrets in the vault. Which configuration meets the requirement with the principle of least privilege?

  • Assign the Reader role to the service principal at the vault scope and reference secrets by name in the pipeline.

  • Switch the vault to Azure RBAC authorization and assign the service principal the Key Vault Secrets User role at the vault scope.

  • Keep the vault in access-policy mode and grant the service principal a secrets access policy that includes only the Get operation.

  • Enable a private endpoint for the vault and restrict inbound IP ranges to the Azure DevOps agent pool.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot