Practice free →
HomeAzure AZ-500cloudcomputingaz500compstoragedb › Which AKS feature should a security engineer use…

Which AKS feature should a security engineer use to give pods authenticated access to Azure Key Vault WITHOUT mounting service-principal secrets in the pod filesystem?

AHardcoding service-principal secrets in environment variables
BGranting Owner to every pod
CDisabling RBAC on the cluster
DMicrosoft Entra Workload Identity on AKS (federating K8s service accounts to Entra identities with short-lived OIDC tokens)
Answer & Solution
Correct answer: D. Microsoft Entra Workload Identity on AKS (federating K8s service accounts to Entra identities with short-lived OIDC tokens)
Workload Identity federates K8s SAs to Entra (per AZ-500 §3 AKS auth). The other options are textbook insecurity.
Solve this in the app — Azure AZ-500 practice & 24k+ MCQs →
Related questions