Home › Azure AZ-204 › cloudcomputing › az204security › Which configuration gives an Azure VM, App Servi…
Which configuration gives an Azure VM, App Service, or Function App an identity to call Key Vault and other Azure APIs without storing credentials in code?
AA Managed Identity (system-assigned or user-assigned) attached to the resource
BHardcoding an access key in the code
CSharing the developer's Entra credentials with the service
DDisabling authentication on Key Vault
Answer & Solution
Correct answer: A. A Managed Identity (system-assigned or user-assigned) attached to the resource
Managed Identities are Entra identities Azure manages for the resource — calls to Key Vault use them with no static credentials. The others leak credentials or remove auth.
Related questions
Which Azure feature continuously scans App Service / Function code for known vulnerabilitiWhich type of Microsoft Identity token does a client present to a downstream API to prove Which configuration lets an Azure Function access a SECRET stored in Key Vault via an App An Azure Function needs to read a secret from Key Vault on every cold start. What's the MOAn Azure Web App needs to authenticate users with Entra ID without writing OAuth code. WhiWhich Azure feature lets an admin grant a role assignment that's only ACTIVE for an approvWhich Azure feature lets a developer call `DefaultAzureCredential` from the Azure SDK and Which Azure service handles consumer/customer-facing identity (B2C) — sign-in for end user