You have been tasked with delegate administrative access to your company`s Azure key vault. You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege. Which of the following options should you use to achieve your goal? 

Answer options:

A. A key vault access policy
B. Azure policy
C. Azure AD Privileged Identity Management (PIM)
D. Azure DevOps

A

Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault