ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 23 question 4 discussion

Actual exam question from Microsoft's AZ-203
Question #: 4
Topic #: 23
[All AZ-203 Questions]

You need to meet the LabelMaker application security requirement.
What should you do?

  • A. Create a conditional access policy and assign it to the Azure Kubernetes Service cluster.
  • B. Place the Azure Active Directory account into an Azure AD group. Create a ClusterRoleBinding and assign it to the group.
  • C. Create a RoleBinding and assign it to the Azure AD account.
  • D. Create a Microsoft Azure Active Directory service principal and assign it to the Azure Kubernetes Service (AKS) cluster.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding.
References:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
by zenth0r at June 14, 2020, 6:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SuperPetey
4 years, 1 month ago
This is a tough question because multiple answers appear supported by the MSFT documentation. B: Supported by this documentation, but it says "This article assumes that you have an existing AKS cluster enabled with Azure AD integration" -- so I think that since this will be a new AKS cluster, D is the correct answer. https://docs.microsoft.com/en-us/azure/aks/azure-ad-rbac D: supported by this (legacy) documentation, for new AKS clusters https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli Since this is a question from a legacy test, not sure this question still appears on Az-204 since they removed AKS from the content.
upvoted 1 times
...
Cornholioz
4 years, 5 months ago
Agree with the given answer and explanation. A RoleBinding may reference any Role in the same namespace. Alternatively, a RoleBinding can reference a ClusterRole and bind that ClusterRole to the namespace of the RoleBinding. If you want to bind a ClusterRole to all the namespaces in your cluster, you use a ClusterRoleBinding.
upvoted 1 times
...
zenth0r
4 years, 11 months ago
AFAIK Kubernetes RBAC has nothing in common with AAD. I would say D.
upvoted 1 times
oxaytol
4 years, 11 months ago
Disagree, it does, please check following url: https://docs.microsoft.com/es-es/azure/aks/azure-ad-integration-cli#create-rbac-binding
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel