ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-220 All Questions

View all questions & answers for the AZ-220 exam
Go to Exam

Exam AZ-220 topic 6 question 5 discussion

Actual exam question from Microsoft's AZ-220
Question #: 5
Topic #: 6
[All AZ-220 Questions]

You have an Azure IoT hub that has a hostname of contoso-hub.azure-devices.net and an MCU-based IoT device named Device1. Device1 does NOT support
Azure IoT SDKs.
You plan to connect Device1 to the IoT hub by using the Message Queuing Telemetry Transport (MQTT) protocol and to authenticate by using X.509 certificates.
You need to ensure that Device1 can authenticate to the IoT hub.
What should you do?

  • A. Create an Azure key vault and enable the encryption of data at rest for the IoT hub by using a customer-managed key.
  • B. Enable a hardware security module (HSM) on Device1.
  • C. From the Azure portal, create an IoT Hub Device Provisioning Service (DPS) instance and add a certificate enrollment for Device1.
  • D. Add the DigiCert Baltimore Root Certificate to Device1.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by tita_tovenaar at June 29, 2021, 8:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tita_tovenaar
Highly Voted 3 years, 10 months ago
Wrong! Answer is C. X.509 is supported, next to TPM and symmetric. No need to add anything - see ref https://docs.microsoft.com/en-us/azure/iot-dps/how-to-manage-enrollments. D is wrong. The Baltimore Root Certificate is at IoT Hub (Root) level, not used at device level. See e.g. https://stackoverflow.com/questions/56128504/is-it-possible-to-replace-the-baltimore-digicert-certificate
upvoted 12 times
...
lah123
Most Recent 2 years, 5 months ago
The answer is actually D. The device is an MCU (embedded) device that does not support the SDK. The baltimore cert is used by the device to validate the iot hub. This validation is done by the SDK, but when the SDK is not supported you have to do this yourself.
upvoted 1 times
...
sam198
3 years ago
Selected Answer: C
You can't add a root certificate to the device.
upvoted 3 times
...
nqthien041292
3 years ago
Selected Answer: C
Vote C
upvoted 2 times
...
liberty123
3 years, 1 month ago
Agree with C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago