ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 16 discussion

Actual exam question from Microsoft's AZ-204
Question #: 16
Topic #: 4
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop Azure solutions.
You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager.
You need to obtain an Azure Resource Manager access token.
Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Dirk at Aug. 19, 2020, 8:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KeerthiKP
Highly Voted 4 years, 8 months ago
No is the right answer: Explanation : Using the Invoke-WebRequest cmdlet, make a request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager. link : https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
upvoted 31 times
clarionprogrammer
4 years, 2 months ago
Using Invoke-WebRequest vs Invoke-RestMethod doesn't matter. The point is that using a certificate is wrong for Identity Management.
upvoted 13 times
...
...
mlantonis
Highly Voted 4 years ago
Correct Answer: B - No A certificate cannnot be used to authenticate. Instead run the Invoke-RestMethod or Invoke-WebRequest cmdlet to make a request to the local managed identity for Azure resources endpoint. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
upvoted 16 times
...
Vichu_1607
Most Recent 8 months, 2 weeks ago
Selected Answer: B
B. No The solution does not meet the goal. While you can use an X.509 certificate to authenticate a service principal in Azure AD, this is not the recommended way to grant a VM access to specific resource groups in Azure Resource Manager. Instead, you should use Managed Identities for Azure resources. A managed identity is an identity registered in Azure Active Directory that is automatically managed by Azure. You can use this identity to authenticate to any service that supports Azure AD authentication, including Azure Resource Manager, without any credentials in your code.
upvoted 2 times
...
Razvan_C
1 year, 7 months ago
Is this still a valid question for the exam? I remember VMs are not in the study guide anymore.
upvoted 4 times
...
Esward
2 years, 4 months ago
Correct Answer: B - No Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. Here we need to authenticate. Here we need to make use of managed identities for the virtual machine. Role-based access control is used for authorization and not authentication. Instead run the Invoke-RestMethod or Invoke-WebRequest cmdlet to make a request to the local managed identity for Azure resources endpoint. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
upvoted 3 times
...
OPT_001122
2 years, 7 months ago
Selected Answer: B
Correct Answer: B
upvoted 1 times
...
Eltooth
3 years ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
glam
4 years, 1 month ago
B. No...
upvoted 2 times
...
Frakandel
4 years, 1 month ago
Yes, because a certificate can be used to authenticate... See also: https://devblogs.microsoft.com/premier-developer/centralized-vm-certificate-deployment-across-multiple-regions-with-arm-templates/
upvoted 2 times
TakumaK
4 years ago
Yes, your right. But can you explain this part in the question? "You need to obtain an Azure Resource Manager access token"
upvoted 2 times
130nk3r5
1 year, 6 months ago
Sure, I'd be happy to explain. An Azure Resource Manager access token is a type of security token that is used to authenticate requests to the Azure Resource Manager API. This API is used to manage resources in Azure, such as virtual machines, storage accounts, and databases. When you make a request to the Azure Resource Manager API, you need to include an access token in the Authorization header of your HTTP request. This token proves that you are who you say you are and that you have permission to perform the requested operation. You can obtain an access token by authenticating with Azure Active Directory (Azure AD). There are several ways to do this, including using a client secret, a certificate, or a managed identity. Once you have an access token, you can use it to authenticate requests to the Azure Resource Manager API. This allows you to manage resources in Azure programmatically, without needing to manually log in through the Azure portal.
upvoted 1 times
...
...
...
RahulKate
4 years, 5 months ago
Using the Invoke-WebRequest cmdlet, make a request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager.
upvoted 1 times
...
Tealon
4 years, 6 months ago
The given answer is correct.
upvoted 5 times
...
cyberbull
4 years, 8 months ago
No , is the correct Answer
upvoted 8 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel