You have been tasked with delegate administrative access to your company's Azure key vault.
You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
To set advanced access policies for the Azure Key Vault and ensure that access is based on the principle of least privilege, you should use Azure Role-Based Access Control (RBAC). RBAC allows you to grant specific permissions to users, groups, or service principals based on their roles. By assigning appropriate RBAC roles, such as 'Key Vault Contributor' or 'Key Vault Administrator,' you can ensure the user has the necessary permissions to manage the Key Vault without granting excessive privileges. This provides a granular level of access control necessary for adhering to the principle of least privilege.
For those that won't see it B is right in front of the option A.
Ahh, thats funny, I kept seeing contributors saying B sits in front of A. i was like what the heck are they talking about!? Then I saw it....sitting in the same row as "A." So yeah, option "B" RBAC is correct.
Admins please fix formatting so the option B is on the new line
Ans is B (RBAC) "Authorization in Key Vault uses a combination of Azure role-based access control (Azure RBAC) and Azure Key Vault access policies" https://docs.microsoft.com/en-us/azure/key-vault/general/security-features
B. RBAC (Role-Based Access Control) RBAC allows you to grant specific permissions to users, groups, or service principals based on their roles. By assigning the appropriate RBAC role to the specific user, you can grant them the necessary permissions to set advanced access policies for the Key Vault, while ensuring that they only have the minimum privileges required for their tasks. RBAC provides a granular level of control over access to Azure resources, allowing you to assign roles such as "Key Vault Contributor" or "Key Vault Administrator" to the user, depending on the level of access needed. This ensures that the user has the necessary permissions to manage the Key Vault without granting excessive privileges.
B is correct answer
The correct answer is RBAC. RBAC allows you to assign specific roles like Key Vault Contributor, which grants the user the ability to set advanced access policies, ensuring access based on the principle of least privilege. Azure Information Protection focuses on data classification, labeling, and protection, not managing access to Azure Key Vault. While Azure AD Privileged Identity Management offers time-based and approval-based role activation, it doesn't directly manage access to Azure Key Vault or allow setting advanced access policies for it. Azure DevOps is primarily a set of services for software development, not for managing access to Azure Key Vault. https://learn.microsoft.com/en-us/azure/key-vault/general/security-features
The answer is B: The management plane uses RBAC - this is where you manage Key Vault itself which implies creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. https://docs.microsoft.com/en-us/azure/key-vault/general/security-features#access-model-overview
The answer is B but for some reason is BUGGED.
B. RBAC
B is the answer. https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-migration Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. With Azure RBAC you control access to resources by creating role assignments, which consist of three elements: a security principal, a role definition (predefined set of permissions), and a scope (group of resources or individual resource).
B - RBAC
B is correct answer.
B: RBAC
Just to notify you that the answer B is RBAC
correct answer B
the b is not visible
You can't use PIM (C) for this scenario so go for RBAC (B). In a real life scenario, the user would have a ticket on a backlog that he is required to complete after setting up. Then you de-assign the role from his identity, to respect the least privilege principle, unless the user is explicitly required permanent access from then onwards.