You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate to the Azure Container Registry. What should you create?
A.
an Azure Active Directory (Azure AD) group
B.
an Azure Active Directory (Azure AD) role assignment
1. When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources.
2. This service principal can already authenticate to AAD (since it was created in AAD).
3. But it needs to be RBAC permissions on the ACR Registry to pull images.
To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
Well, what makes me confused is the word used in this question. Azure role assignment is different from Azure AD role assignment. Why does the service principal need an Azure AD role assignment?
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#service-principal
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#authentication-options
https://docs.microsoft.com/en-us/azure/container-registry/authenticate-kubernetes-options
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
1. When you create an AKS cluster, Azure also creates a service principal to support cluster operations with other Azure resources.
2. This service principal can already authenticate to AAD (since it was created in AAD by Azure).
3. But it needs to be RBAC permissions on the ACR Registry to pull images.
4. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry.
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DeepMoon
Highly Voted 4 years, 7 months agokiketxu
4 years, 6 months agogfhbox0083
Highly Voted 4 years, 10 months agoJimmy500
Most Recent 10 months, 2 weeks agoESAJRR
1 year, 7 months agoITFranz
1 year, 8 months agomajstor86
2 years, 2 months agoligu
2 years, 3 months agoEltooth
3 years, 2 months agocfsxtuv33
3 years, 3 months agoJoshing
3 years, 3 months agoTombarc
3 years, 4 months agoadamsca
3 years, 5 months agopoplovic
3 years, 8 months agoSecurityAnalyst
3 years, 8 months agoamanp
4 years, 3 months agoDeepMoon
4 years, 7 months agoshaheer1991
5 years ago