Microsoft Azure Security Technologies — Question 32
You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
Answer options
- A. A key vault access policy
- B. Azure policy
- C. Azure AD Privileged Identity Management (PIM)
- D. Azure DevOps
Correct answer: A
Explanation
The correct answer is A, as a key vault access policy specifically allows you to define permissions for users on the key vault, including the ability to add and delete certificates. The other options do not provide the necessary granularity for managing access directly to the key vault; Azure policy focuses on compliance, PIM is for managing elevated access roles, and Azure DevOps is unrelated to key vault permissions.