Exam AZ-500 topic 2 question 72 discussion

1. Managed identity 2. db_datareader and db_datawriter https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials. While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory (Azure AD) for applications to use when connecting to resources that support Azure AD authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.

You can use a Service Principal to grant an application access to Azure resources, including SQL databases. However, when granting read and write access to a SQL database, it is generally safer to use Managed Identities when the application is running on a virtual machine or an Azure service. Managed Identities are an easier and more secure way to grant access to Azure resources because they don't require you to manually manage secrets or credentials. Service Principals are typically used when you need to grant access to external applications or services that are not hosted in Azure. When it comes to internal Azure applications and services, Managed Identities are a more direct and secure option. Therefore, using a Managed Identity would be the most appropriate option to meet the criteria of not storing passwords, using the principle of least privilege, and minimizing administrative effort in the context of internal Azure resources.

Exam question 6th April 2025

The answer of question 1 should be "Service principal" as the question explicitly says Minimize administrative effort.

On exam 1/2/24

In Exam - 28/7/2023

Exam.6 case studies. 3 true/false questions. 47 multiple questions and no simulations. Alot of new questions thats not up here

Correct, Managed identity because db need to see who is the request coming from. Managed identity = identity for the app

Account Type = Managed Identity Roles = db_datareader and db_datawriter

In exam 29/01/2023 + many questions about Microsoft Sentinel

Members of the db_datawriter fixed database role can add, delete, or change data in all user tables. In most use cases this role will be combined with db_datareader membership to allow reading the data that is to be modified. https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16

Correct! Account Type = Managed Identity Roles = db_datareader and db_datawriter

Correct answers

In Exam Oct 05, 2022

# In EXAM - 01-Oct-2022

correct answers