Microsoft Azure Security Engineer Associate AZ-500 Practice Question
An Azure Key Vault stores app connection-string secrets and an RSA key used to sign JWTs. The DevOps Azure AD group deploys the app and must add new versions of the connection-string secrets during deployments but must never read secret values or use the RSA key. Which Key Vault permissions satisfy least privilege for DevOps?
Secret permissions: Set; Key permissions: None
Secret permissions: Set and Get; Key permissions: None
Secret permissions: Set and List; Key permissions: None
To upload a new value for an existing secret, the only permission required is Set. The Get permission returns the secret value, which must be blocked. Assigning any key permission (such as Sign or Get) would let the group access or use the RSA key, violating the requirement. Granting Set on secrets while leaving key permissions empty therefore provides the minimum access necessary.
Incorrect choices either expose secret values, permit key usage, or include extra permissions that exceed the stated need.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between 'Set' and 'Get' permissions in Azure Key Vault?
Open an interactive chat with Bash
What are JWTs and how does an RSA key sign them?
Open an interactive chat with Bash
Why is it important to follow least privilege principles in Azure Key Vault?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .