Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-103 topic 4 question 40 discussion

Actual exam question from Microsoft's AZ-103
Question #: 40
Topic #: 4
[All AZ-103 Questions]

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?

  • A. From the Azure portal, modify the Access control (IAM) settings of RG1.
  • B. From the Azure portal, modify the Policies settings of RG1.
  • C. From the Azure portal, modify the Access control (IAM) settings of VM1.
  • D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
Show Suggested Answer Hide Answer
Suggested Answer: D ūüó≥ÔłŹ
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) solves this problem. The feature provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.
References:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
ACSC
Highly Voted 3 years, 6 months ago
The answer D is correct. Before you modify access control you must enable a system assigned managed identity on VM1
upvoted 12 times
...
raj10207
Highly Voted 3 years, 5 months ago
Came in Exam , Exam given on 06.07.2020
upvoted 8 times
User3000
3 years, 4 months ago
Can you please confirm if we have still have the Labs in the exam ?
upvoted 1 times
robert5874
3 years, 4 months ago
I don't believe so, based on 2 exams in the last week.
upvoted 1 times
...
asingh94
3 years, 3 months ago
No labs
upvoted 2 times
...
...
...
photon99
Most Recent 1 month, 3 weeks ago
I misread the question. I thought the System assigned identity was already in place. If this was the case then we must asisgn the RBAC permission on the SAMI else it wont be able to deploy the VM hence the asnwer would have : A. From the Azure portal, modify the Access control (IAM) settings of RG1.
upvoted 1 times
...
roanbaga
3 years, 2 months ago
VM1 is a virtua network.
upvoted 1 times
...
HillJoseph
3 years, 3 months ago
We all need a big D energy
upvoted 6 times
...
Xtian_ar
3 years, 3 months ago
typo: virtual network named VM1?
upvoted 1 times
JohnnyBGood
3 years, 3 months ago
good catch..
upvoted 1 times
...
...
Ralgh
3 years, 4 months ago
It should be D, when you assign a system managed role assignment it prompts for a scope type here change to RG and can choose the role for the VM
upvoted 2 times
...
AzExam2020
3 years, 5 months ago
D is the correct answer.
upvoted 1 times
...
YPR
3 years, 5 months ago
keyword is "services inside the vm" So answer is D.
upvoted 3 times
...
JhonyTrujillo
3 years, 5 months ago
D is the correct answer. First, we need to grant this VM’s system-assigned managed identity. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
upvoted 4 times
Hanuman
3 years, 5 months ago
correct
upvoted 1 times
...
praveen97
3 years, 5 months ago
Agree. We need to enable System assigned Identify in VM.
upvoted 1 times
...
...
WynterTsai
3 years, 6 months ago
Vote for D. A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
upvoted 4 times
...
maku067
3 years, 6 months ago
D https://docs.microsoft.com/en-US/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm
upvoted 3 times
...
nfett
3 years, 6 months ago
A is the correct answer. you can allow the VM access to the RG form there.
upvoted 1 times
...
joseluismantilla
3 years, 6 months ago
A is the answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...