You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.
Which resources can use Managed1 as their identity?
Answer D is correct I think. see link
"In short, yes you can use user assigned managed identities in more than one Azure region. The longer answer is that while user assigned managed identities are created as regional resources the associated service principal (SP) created in Microsoft Entra ID is available globally"
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq
Storage accounts can't use Managed Identities (https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-status). Correct answer is C
after checking Microsoft co-pilot, it said Managed identities in Azure allow resources like virtual machines, web apps, and function apps to authenticate to other Azure services, including storage accounts, without needing to manage credentials.
C is correct
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-status
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq
Dude, that second link says that "In short, yes you can use user assigned managed identities in more than one Azure region"
So that means 'D' is correct.
A storage account is not an actor, that is, it doesn't initiate any connection to another cloud service. Rather it is passive and allows access from other services. The storage account would have a RBAC role allowing other managed identities to accces it, but there is no need for a storage account to have its own managed identity.
Read it again: "You must have a user-assigned managed identity already configured and associated with your search service, and the identity must have a role-assignment on Azure Storage." Storage needs to add the managed identity into an RBAC role, it doesn't need the identity itself.
This is from ChatGPT.
To determine which resources can use the Managed1 user-assigned managed identity, we need to consider that a user-assigned managed identity can only be assigned to resources in the same Azure region where it was created.
Managed1 is in the East US region, so it can only be assigned to resources that are also in the East US region.
Looking at the table:
VM1 is in the West US region, so it cannot use Managed1.
storage1 is in the East US region, so it can use Managed1.
WebApp1 is in the East US region, so it can use Managed1.
Therefore, the correct answer is:
B. storage1 and WebApp1 only.
Storage accounts can't use Managed Identities (https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-status)
The question is tricky and not about Region or Subscription but that services included in the scenario
B is correct Answer: The resources that can use Managed1 are those also in the East US region. Therefore, storage1 and WebApp1 in East US can use Managed1 as their identity
D is the answer, user assigned managed identity can be used in other regions: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq
D. VM1, storage1, and WebApp1
Copilot says: User-assigned managed identities can be used by multiple resources in Azure, and they are not restricted to a specific region. Therefore, **Managed1** can be used by **VM1**, **Storage1**, and **WebApp1** as their identity, regardless of the region they are in. The correct answer is: D. VM1, storage1, and WebApp1
How the hell are people supposed to get this question right in an proctored semi closed book exam, if us here, with access to Internet/Google/ChatGPT/CoPilot, can't even find the right answer :-D
Yes, Azure Storage accounts can use managed identities. Managed identities for Azure resources provide an automatically managed identity for applications and Azure resources to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview see the video starting from M 10 storage account also can.
Explain how to add a user assigned managed identity:
https://microsoftlearning.github.io/Secure-storage-for-Azure-Files-and-Azure-Blob-Storage/Instructions/Labs/LAB_04_storage_web_app.html
Answer D is correct I think. see link
"In short, yes you can use user assigned managed identities in more than one Azure region. The longer answer is that while user assigned managed identities are created as regional resources the associated service principal (SP) created in Microsoft Entra ID is available globally"
https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq
So, the resources that can use Managed1 as their identity are:
VM1
WebApp1 (Azure App Service app)
note :
1- the Storage account dont have managed identity
2- managed identity assigned to all region
Therefore, the correct answer is B. storage1 and WebApp1 only.
Managed1 is a user-assigned managed identity, it can only be assigned to resources in the same region. So, Managed1 can only be assigned to resources within the East US region.
Therefore its C
The user-assigned managed identity, Managed1, is located in the East US Azure region. Therefore, it can be used by resources that are in the same region. From the table, we know that both the storage account (storage1) and the Azure App Service app (WebApp1) are located in the East US region. The virtual machine (VM1), however, is located in the West US region.
So, the resources that can use Managed1 as their identity are:
storage1 (Storage account)
WebApp1 (Azure App Service app)
Therefore, the correct answer is B. storage1 and WebApp1 only.
Quoting MS Learn: "In short, yes you can use user assigned managed identities in more than one Azure region. The longer answer is that while user assigned managed identities are created as regional resources the associated service principal (SP) created in Microsoft Entra ID is available globally."
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
wheeldj
Highly Voted 10 months, 2 weeks agoAleFerrillo
9 months, 1 week agohml_2024
4 months, 4 weeks agoAlcpt
8 months, 2 weeks agoNICKTON81
Highly Voted 9 months, 4 weeks agoPanama469
7 months ago_marc
Most Recent 1 day, 3 hours agoOskarma
3 weeks, 1 day agotest123123
1 month ago_marc
1 day, 3 hours agoc3e0fc1
2 months agohml_2024
5 months, 1 week agoTony416
5 months, 1 week agojarattdavis
7 months agojim85
7 months, 4 weeks agoNotanAdmin
8 months, 4 weeks agobpaccount
9 months, 3 weeks agoNotanAdmin
8 months, 4 weeks agoklayytech
9 months, 3 weeks agospatrick
10 months, 2 weeks agowheeldj
10 months, 2 weeks agoklayytech
10 months, 2 weeks agoNielll
10 months, 2 weeks agoNielll
10 months, 2 weeks agoarmid
2 days, 18 hours ago