Crucial Exams

Microsoft DevOps Engineer Expert AZ-400 Practice Question

Your team runs multiple independent microservices in Azure Kubernetes Service (AKS). Each microservice requires a distinct Azure AD identity for audited access to its own secrets in Azure Key Vault. A key security requirement is that no credentials, like secrets or certificates, are stored within the Kubernetes cluster, and that any underlying service credentials are automatically rotated by Azure. Which identity mechanism best meets these requirements?

  • Enable the system-assigned managed identity on the AKS cluster and grant it access to all the required Key Vaults.

  • Create a single user-assigned managed identity, grant it access to all necessary Key Vaults, and assign it to all microservices.

  • For each microservice, create a user-assigned managed identity and use AKS Workload Identity to associate it with the microservice's Kubernetes service account.

  • Create a single Azure AD service principal and mount its client secret into each microservice pod using Kubernetes secrets.

Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot