Learn how user and group permissions in Azure Key Vault affect access to secrets and cryptographic operations, ensuring your sensitive information remains secure.
Question
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type |
|---|---|
| User1 | Azure Active Directory (Azure AD) user |
| User2 | Azure Active Directory (Azure AD) user |
| Group1 | Azure Active Directory (Azure AD) group |
| Vault1 | Azure key vault |
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
- Key Management Operations: Get, List, and Restore
- Cryptographic Operations: Decrypt and Unwrap Key
- Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
- Key Management Operations: Get and Recover
- Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Statements:
- On January 1, 2019, User1 can view the value of Password1.
- On June 1, 2019, User2 can view the value of Password1.
- On June 1, 2019, User1 can view the value of Password1.
Answer
- On January 1, 2019, User1 can view the value of Password1: No
- On June 1, 2019, User2 can view the value of Password1: Yes
- On June 1, 2019, User1 can view the value of Password1: No
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.