Microsoft Identity and Access Administrator — Question 115

You have an Azure subscription that contains a user named User1 and an Azure key vault named Vault1.

You need to ensure that User1 can read the metadata of certificates, keys, and secrets stored in Vault1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

Answer options

• A. Key Vault Secrets User
• B. Key Vault Crypto User
• C. Key Vault Reader
• D. Key Vault Crypto Officer

Correct answer: C

Explanation

The correct answer is C, Key Vault Reader, as this role allows User1 to read the metadata of the items in the key vault without granting any additional permissions. Options A and B limit access to secrets and cryptographic operations respectively, while D provides broader permissions that exceed the least privilege requirement.