exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 25 discussion

Actual exam question from Microsoft's AZ-305
Question #: 25
Topic #: 1
[All AZ-305 Questions]

You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
✑ Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.
✑ Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
✑ Avoid storing secrets and certificates on the virtual machines.
✑ Minimize administrative effort for managing identities.
Which type of identity should you include in the recommendation?

  • A. a system-assigned managed identity
  • B. a service principal that is configured to use a certificate
  • C. a service principal that is configured to use a client secret
  • D. a user-assigned managed identity
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
NotMeAnyWay
Highly Voted 1 year, 8 months ago
Selected Answer: D
D. a user-assigned managed identity A user-assigned managed identity is the best choice for this scenario. User-assigned managed identities are standalone Azure Active Directory (Azure AD) identities that can be assigned to one or more Azure resources, such as virtual machines. They can be used to authenticate to other Azure services like Azure Key Vault, Azure Logic Apps instances, and Azure SQL Database without the need for storing secrets and certificates on the virtual machines. By using a user-assigned managed identity, you can easily assign the same identity to multiple virtual machines, which avoids assigning new roles and permissions when you deploy additional VMs. This also minimizes administrative effort in managing identities, as the managed identity is automatically managed by Azure AD.
upvoted 26 times
Onobhas01
1 year, 2 months ago
Sweet and simple, love the explanation
upvoted 2 times
...
...
mse89
Highly Voted 2 years, 3 months ago
Selected Answer: D
Correct, answer is D User-assigned MI
upvoted 13 times
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
Selected Answer: D
D is correct
upvoted 1 times
...
rodrod
3 weeks, 3 days ago
Selected Answer: A
We can have system assigned at the scale set resource. I assume it means one user for all VMs in that scale set?
upvoted 1 times
...
23169fd
5 months, 2 weeks ago
Selected Answer: D
Why Not Other Options: A. System-Assigned Managed Identity: Created per VM and destroyed with the VM. Adding new VMs would require reassigning roles and permissions, increasing administrative effort. B. Service Principal with Certificate: Involves managing certificates, which adds complexity and administrative overhead. C. Service Principal with Client Secret: Requires storing and managing client secrets, which poses security risks and increases administrative effort.
upvoted 6 times
...
MeisAdriano
1 year, 2 months ago
Correct, you have to give auth to VM, but "system-assigned" is just for one resource and you need to gain access to multiple resources
upvoted 2 times
...
jj22222
1 year, 9 months ago
Selected Answer: D
user assigned is right
upvoted 1 times
...
lanntt
1 year, 9 months ago
D is Correct,
upvoted 1 times
...
zellck
1 year, 9 months ago
Selected Answer: D
D is the answer. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types User-assigned. You may also create a managed identity as a standalone Azure resource. - You can create a user-assigned managed identity and assign it to one or more Azure Resources. When you enable a user-assigned managed identity: - A service principal of a special type is created in Azure AD for the identity. The service principal is managed separately from the resources that use it. - User-assigned identities can be used by multiple resources. - You authorize the managed identity to have access to one or more services.
upvoted 3 times
zellck
1 year, 9 months ago
https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-one-design-managed-identities User-assigned: You can create a managed identity as a standalone Azure resource. Create a user-assigned managed identity and assign it to one or more instances of an Azure service. A user-assigned identity is managed separately from the resources that use it.
upvoted 2 times
zellck
1 year, 9 months ago
Consider choosing user-assigned managed identities. Choose user-assigned managed identities for workloads that run on multiple resources that can share a single identity. This type of identity is also good for workloads that need pre-authorization to a secure resource as part of a provisioning flow. User-assigned identities are suited for workloads with resources that are recycled frequently, but where permissions should stay consistent.
upvoted 2 times
...
...
...
jameslee
1 year, 9 months ago
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations Choosing system or user-assigned managed identities Using user-assigned identities to reduce administration
upvoted 1 times
...
OPT_001122
1 year, 10 months ago
Selected Answer: D
D. a user-assigned managed identity - correct ans
upvoted 1 times
...
jj22222
1 year, 10 months ago
Selected Answer: D
user assigned managed identity
upvoted 2 times
...
janvandermerwer
1 year, 10 months ago
Selected Answer: D
Seems to be the most logical answer.
upvoted 2 times
...
yeanlingmedal71
1 year, 11 months ago
Selected Answer: D
a workload where multiple virtual machines need to access the same resource should use User Assigned MI.
upvoted 1 times
...
mohamed1999
2 years, 1 month ago
D is correct because you need to avoid assigning new identities to RBAC, with system assigned to need to have a RBAC for each resource
upvoted 11 times
...
niravkanakhara
2 years, 2 months ago
Selected Answer: D
correct answer
upvoted 2 times
...
savavl
2 years, 2 months ago
Selected Answer: D
agree, correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...