Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure Key Vault that currently uses vault access policies. You must grant an Azure AD group named DevOpsTeam the ability to list and read all current and future secrets, but the group must not be able to add, modify, or delete secrets. You decide to switch the vault's permission model to Azure role-based access control (Azure RBAC). Which built-in Azure RBAC role should you assign to the DevOpsTeam group at the scope of the key vault?

  • Key Vault Reader

  • Key Vault Administrator

  • Key Vault Secrets Officer

  • Key Vault Secrets User

Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot