ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 31 discussion

Actual exam question from Microsoft's AZ-204
Question #: 31
Topic #: 4
[All AZ-204 Questions]

You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an
Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).
The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.
You need to secure the Azure Logic app.
What should you do?

  • A. Create a user-assigned managed identity and assign role-based access controls.
  • B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
  • C. Create an Azure Key Vault and issue a client certificate.
  • D. Create a system-assigned managed identity and issue a client certificate.
  • E. Create an Azure AD custom role and assign role-based access controls.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by aradice at June 30, 2021, 7:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aradice
Highly Voted 3 years, 9 months ago
correct "Azure AD resources must remain if the Azure Logic app is deleted."
upvoted 47 times
TonyMel
2 years, 1 month ago
correct, in 2023Mar24, score: 904/1000.
upvoted 7 times
...
...
debanjan10
Highly Voted 3 years, 6 months ago
User-assigned keys are individual components. Even if the logic apps are deleted, the keys remain. But in case of system-assigned keys, those are auto generated and are deleted when the Azure resources themselves are deleted.
upvoted 23 times
...
Vichu_1607
Most Recent 5 months, 4 weeks ago
Selected Answer: A
A. Create a user-assigned managed identity and assign role-based access controls. To securely access the Azure Blob storage account from the Azure Logic app while ensuring that Azure AD resources remain if the Azure Logic app is deleted, you should use a user-assigned managed identity. This approach allows you to manage the identity independently of the Logic app's lifecycle.
upvoted 2 times
...
Ciupaz
1 year, 3 months ago
Selected Answer: A
Azure AD resources must remain if the Azure Logic app is deleted -> User Managed Identity
upvoted 1 times
...
FeriAZ
1 year, 3 months ago
A. Create a user-assigned managed identity and assign role-based access controls. This approach ensures that the Azure Logic App can securely access the Azure Blob Storage with the appropriate permissions, and the managed identity remains operational and intact, independent of the Logic App's lifecycle.
upvoted 1 times
...
bgbgvfvf
1 year, 4 months ago
correct answer
upvoted 1 times
...
applepie
1 year, 8 months ago
got this question today, answer A - 7/30/2023, score 895/1000
upvoted 5 times
...
databasejamdown
1 year, 11 months ago
Selected Answer: A
User assigned will persist after resource is removed
upvoted 5 times
...
RaghavMGupta
2 years ago
Why are other options wrong?
upvoted 1 times
...
Sulzirsha
2 years, 1 month ago
Was on exam feb21
upvoted 1 times
...
rotimislaw
2 years, 3 months ago
Why not E. Create Azure AD custom role?
upvoted 1 times
Christian_garcia_martin
9 months ago
Becouse a custom role only cover Authorization part , option A cover authorization and authentication to protect the login app
upvoted 1 times
...
...
r3verse
2 years, 4 months ago
"You need to secure the Azure Logic app.", lol, but we aren't securing the logic app, we are providing a mechanism for the logic app to securely access other resources. (a key not a lock). The logic app itself can still be accessed anonymously.
upvoted 4 times
...
EmnaDa
2 years, 4 months ago
correct "Azure AD resources must remain if the Azure Logic app is deleted."
upvoted 1 times
...
sam5678
2 years, 6 months ago
correct
upvoted 1 times
...
iamstudying
3 years, 1 month ago
Selected Answer: A
A, buddies. Agree with @dejanban10
upvoted 2 times
...
meoukg
3 years, 1 month ago
Got it on 03/2022, I chose A. Create a user-assigned managed identity and assign role-based access controls.
upvoted 3 times
...
mattvasc
3 years, 1 month ago
Selected Answer: A
In here https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview We can found: "Common use cases: Workloads where resources are recycled frequently, but permissions should stay consistent."
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago