Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure Key Vault named kv-prod. The vault's permission model is set to Azure role-based access control (RBAC). A system-assigned managed identity named webapp-mi must be able to retrieve existing secrets from kv-prod but must not be allowed to set, delete, or manage access to secrets or keys. Following the principle of least privilege, which built-in Azure role should you assign to webapp-mi at the scope of kv-prod?

  • Key Vault Administrator

  • Key Vault Secrets Officer

  • Key Vault Reader

  • Key Vault Secrets User

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot