HOTSPOT - You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements: ✑ Provide a user named User1 with the ability to set advanced access policies for the key vault. ✑ Provide a user named User2 with the ability to add and delete certificates in the key vault. ✑ Use the principle of least privilege. What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: 

User1: RBAC - RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to: ✑ set Key Vault access policies ✑ create, read, update, and delete key vaults ✑ set Key Vault tags Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. User2: A key vault access policy A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates. References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault