Home › Azure AZ-500 › cloudcomputing › az500identityaccess › Which Azure resource feature lets an Azure VM / …
Which Azure resource feature lets an Azure VM / App Service / Function App authenticate to Key Vault and other Azure APIs WITHOUT storing credentials in code or config?
ADisabling auth on Key Vault
BSharing the global admin's password with the service
CManaged Identity (system-assigned or user-assigned) on the resource
DHardcoded credentials in App Settings
Answer & Solution
Correct answer: C. Managed Identity (system-assigned or user-assigned) on the resource
Managed Identity is the no-credential-in-code pattern (per AZ-500 §1 managed identities). The others are textbook insecurity.
Related questions
Which Microsoft Entra ID feature lets a security engineer detect risky user behaviour (impWhich Microsoft Entra capability lets an admin enforce per-user MFA via a Conditional AcceWhich Microsoft Entra ID feature lets a developer register an app and obtain a CLIENT ID aWhich Azure / Microsoft Entra feature lets an admin enforce 'block sign-in from countries Which Microsoft Entra ID feature lets an admin enforce 'every privileged role activation mWhich Microsoft Entra ID feature lets an admin define a custom role with EXACTLY the actioWhich Microsoft Entra ID feature should an admin use to require user CONSENT to specific OWhich Microsoft Entra ID construct represents the identity of a non-human workload (an app