ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 36 discussion

Actual exam question from Microsoft's AZ-305
Question #: 36
Topic #: 1
[All AZ-305 Questions]

You are developing an app that will read activity logs for an Azure subscription by using Azure Functions.

You need to recommend an authentication solution for Azure Functions. The solution must minimize administrative effort.

What should you include in the recommendation?

  • A. an enterprise application in Azure AD
  • B. system-assigned managed identities
  • C. shared access signatures (SAS)
  • D. application registration in Azure AD
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Clarkszw at Jan. 5, 2023, 1:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NotMeAnyWay
Highly Voted 1 year, 11 months ago
Selected Answer: B
B. System-assigned managed identities System-assigned managed identities provide a way for Azure Functions to authenticate to other Azure services, such as Activity Logs, without the need for storing or managing secrets. This approach minimizes administrative effort because the identity is tied directly to the Azure Functions service and is automatically managed by Azure. When the Azure Functions instance is deleted, the associated managed identity will also be removed. This simplifies the authentication process and helps improve the security posture of your app.
upvoted 23 times
...
zellck
Highly Voted 2 years ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials. System-assigned. Some Azure resources, such as virtual machines allow you to enable a managed identity directly on the resource. When you enable a system-assigned managed identity: - A service principal of a special type is created in Azure AD for the identity. The service principal is tied to the lifecycle of that Azure resource. When the Azure resource is deleted, Azure automatically deletes the service principal for you. - By design, only that Azure resource can use this identity to request tokens from Azure AD. - You authorize the managed identity to have access to one or more services. - The name of the system-assigned service principal is always the same as the name of the Azure resource it is created for.
upvoted 7 times
zellck
2 years ago
https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-one-design-managed-identities System-assigned: Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD that's tied to the lifecycle of that service instance. When the resource is deleted, Azure automatically deletes the identity. By design, only that Azure resource can use that identity to request tokens from Azure AD.
upvoted 1 times
...
...
[Removed]
Most Recent 3 months, 3 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
23169fd
8 months, 2 weeks ago
Selected Answer: B
B. system-assigned managed identities Explanation: System-assigned managed identities: Automatically managed by Azure. Simplifies authentication by eliminating the need for explicit credentials. Ensures secure and seamless access to Azure resources, such as activity logs, without additional administrative overhead.
upvoted 1 times
23169fd
8 months, 2 weeks ago
Why Not Other Options: A. Enterprise application in Azure AD: Requires more setup and management. C. Shared access signatures (SAS): Involves managing keys and tokens, increasing administrative effort. D. Application registration in Azure AD: Requires manual management of client secrets or certificates.
upvoted 2 times
...
...
Lazylinux
10 months, 1 week ago
Selected Answer: B
Given answer B is correct
upvoted 1 times
...
ZUMY
1 year, 11 months ago
B is correct
upvoted 1 times
...
Ivanvazovv
2 years ago
Azure Functions provide a Managed Identity and since the question is about Azure Functions not about the App being developed, the correct answer is B.
upvoted 3 times
...
OPT_001122
2 years, 1 month ago
Selected Answer: B
B. system-assigned managed identities reduce administrative efforts - B makes more sense
upvoted 3 times
...
janvandermerwer
2 years, 1 month ago
Selected Answer: B
B makes the most sense. https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4 https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
upvoted 3 times
...
Bummer_boy
2 years, 1 month ago
Selected Answer: B
No doubts here
upvoted 2 times
...
Imy
2 years, 1 month ago
Should be A
upvoted 1 times
...
[Removed]
2 years, 1 month ago
Correct
upvoted 1 times
...
maku067
2 years, 1 month ago
Selected Answer: B
Seems correct.
upvoted 1 times
...
Aziza_Adam
2 years, 1 month ago
A first you need to register the App
upvoted 2 times
IRISone
2 years, 1 month ago
it doesn't say what needs to be done, but what is to be recommended. It's designing. B is correct
upvoted 1 times
darthfodio
2 years, 1 month ago
Right, it also says you need to recommend an "authentication" solution.
upvoted 1 times
...
...
...
Clarkszw
2 years, 1 month ago
B, tested in the lab! :p
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago