After registering an application in Azure AD, what permission configuration is required for the application to access Azure Key Vault secrets on behalf of users?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Multiple Choice

After registering an application in Azure AD, what permission configuration is required for the application to access Azure Key Vault secrets on behalf of users?

Explanation:
To allow an application registered in Azure Active Directory (Azure AD) to access Azure Key Vault secrets on behalf of users, delegated permissions are required. Delegated permissions mean that the application acts on behalf of a user and can utilize the user's identity and permissions when accessing resources. When a user is signed in, the application can gain access to resources that the user has rights to. In this case, the Azure Key Vault requires the application to have the appropriate delegated permission to retrieve secrets. Since delegated permissions operate under the context of the signed-in user, they do not necessarily require admin consent if the permissions fall under user-level scopes that the user can grant themselves. Thus, delegated permission without admin consent is indeed the correct choice, as it aligns with the needs for user context in accessing the secrets. Admin consent generally relates to application permissions where permissions are granted at the application level rather than user level, which is not the case here. Therefore, the selection highlights a clear understanding of how delegated permissions function in relation to the Azure Key Vault and user context access.

To allow an application registered in Azure Active Directory (Azure AD) to access Azure Key Vault secrets on behalf of users, delegated permissions are required. Delegated permissions mean that the application acts on behalf of a user and can utilize the user's identity and permissions when accessing resources.

When a user is signed in, the application can gain access to resources that the user has rights to. In this case, the Azure Key Vault requires the application to have the appropriate delegated permission to retrieve secrets. Since delegated permissions operate under the context of the signed-in user, they do not necessarily require admin consent if the permissions fall under user-level scopes that the user can grant themselves.

Thus, delegated permission without admin consent is indeed the correct choice, as it aligns with the needs for user context in accessing the secrets. Admin consent generally relates to application permissions where permissions are granted at the application level rather than user level, which is not the case here.

Therefore, the selection highlights a clear understanding of how delegated permissions function in relation to the Azure Key Vault and user context access.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy