ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 83 discussion

Actual exam question from Microsoft's AZ-204
Question #: 83
Topic #: 4
[All AZ-204 Questions]

DRAG DROP
-

You have an Azure Virtual Machine (VM) named VM1 running Windows Server 2022 and an Azure Key Vault instance named kv1.

You are developing a .NET application named App1 that you plan to deploy to VM1.

You have the following requirements:

• App1 will require access to kv1.
• The identity used by App1 to access kv1 must be automatically deprovisioned when VM1 is deleted.

You need to identify the procedure that will meet the requirements.

Which three actions should you include in the procedure? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by BrownieP at Feb. 3, 2025, 10:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gfanco
3 weeks, 3 days ago
1. Create a system-assigned managed identity This ensures the identity is tied to the VM and deleted with it. 2. Modify access policy on kv1 Before App1 can read or write secrets, you must add an Access Policy to kv1, assigning the VM principal the permissions (e.g. get, list). https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal 3. Retrieve access token via IMDS App1 makes an HTTP call to the local metadata endpoint (http://169.254.169.254/metadata/identity/oauth2/token?resource=https://{vault-name}.vault.azure.net&api-version=...) to get an access token for the Key Vault resource. https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token
upvoted 1 times
...
dac15e0
3 months ago
I think the anwser is: Create a system-assigned managed identity for the VM. Modify the access policy on kv1. Retrieve an access token from the Azure Instance Metadata Service (IMDS) endpoint.
upvoted 4 times
...
BrownieP
3 months, 1 week ago
the given answer is correct.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago