Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You are designing access for an Azure Virtual Machine Scale Set and an Azure App Service web app that are deployed in the same tenant. Both workloads must retrieve secrets from the same Azure Key Vault. Management wants to minimize the number of role assignments and ensure the identity persists even if either workload is redeployed. Which managed identity approach should you recommend?

  • Register a new application in Microsoft Entra ID, generate a client secret, and store the secret in each workload's configuration settings.

  • Create a separate user-assigned managed identity for each resource and grant each identity access to the Key Vault.

  • Create a single user-assigned managed identity, assign it to both resources, and grant it access to the Key Vault.

  • Enable a system-assigned managed identity on the scale set and share it with the web app.

Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot