ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 68 discussion

Actual exam question from Microsoft's AZ-204
Question #: 68
Topic #: 4
[All AZ-204 Questions]

HOTSPOT
-

You develop a containerized application. The application must be deployed to an existing Azure Kubernetes Service (AKS) cluster from an Azure Container Registry (ACR) instance. You use the Azure command-line interface (Azure CLI) to deploy the application image to AKS.

Images must be pulled from the registry. You must be able to view all registries within the current Azure subscription. Authentication must be managed by Microsoft Entra ID and removed when the registry is deleted. The solution must use the principle of least privilege.

You need to configure authentication to the registry.

Which authentication configuration should you use? To answer, select the appropriate configuration values in the answer area,

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by FeriAZ at Jan. 23, 2024, 9:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KevinZeng
Highly Voted 7 months, 3 weeks ago
Authentication: System-assigned managed identity Role: Reader Only the 'Reader' role has access to 'Access Resource Manager' which is required to get a list of registries. This is aligned with "You must be able to view all registries within the current Azure subscription.". Reference: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#pull-image
upvoted 6 times
examtopicsLogin123
5 months, 3 weeks ago
Agree Sometimes "System-assigned managed identity" is not available, but with AKS it seems to be ok https://learn.microsoft.com/en-us/azure/aks/use-managed-identity
upvoted 1 times
...
...
zixys
Highly Voted 9 months, 2 weeks ago
System-assigned managed identity Reader: The Reader has permissions to view the registry and pull images.
upvoted 5 times
b69794f
9 months, 1 week ago
Correct https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli
upvoted 1 times
...
...
didi2087
Most Recent 9 months, 3 weeks ago
Registry Azure RBAC Role: should be reader . to meet the requirements "Images must be pulled from the registry." "You must be able to view all registries within the current Azure subscription." Check the table :Role/Permission https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#pull-image
upvoted 3 times
...
FeriAZ
10 months, 3 weeks ago
correct. Registry Authentication Method: A System-assigned Managed Identity. It's tied to the AKS service and automatically managed by Azure, aligning with the requirement for authentication to be managed by Microsoft Entra ID and removed when the registry is deleted. It adheres to the principle of least privilege as it's specific to the AKS resource. Registry Azure RBAC Role: The AcrPull role is the most fitting. It provides just enough permission to pull images from ACR, aligning with the principle of least privilege and meeting the requirement of the deployment process.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel