You have an Azure Key Vault named vault1 that is used by Azure Virtual Machines (VMs) with user-assigned managed identities.
You configure the access policies as shown in the exhibit.
You need to determine which actions an Azure VM with the given managed identity can do.
Choose all that apply:
A VM with identity1 cannot list keys in vault1. The access policy for identity1 does not give any permission to keys in vault1. You can manage secrets in vault1 with identity1.
A VM with identity2 cannot get secrets in vault1. The access policy for identity2 does not give any permission to secrets in vault1. You can manage keys in vault1 with identity2.
A VM with identity3 can update certificates in vault1. The access policy for identity3 gives permission to manage secrets and certificates in vault1.