ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 26 discussion

Actual exam question from Microsoft's AZ-303
Question #: 26
Topic #: 2
[All AZ-303 Questions]

HOTSPOT -
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
1. Go to Settings and select Identity.
2. Select the Status to be On.
3. Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace.
If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
by Bullionaire at Jan. 11, 2021, 2:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kraviecc
Highly Voted 4 years, 6 months ago
Correct
upvoted 25 times
gssd4scoder
4 years, 2 months ago
and trivial
upvoted 5 times
...
TinusTrotylus
4 years, 5 months ago
I agree with the proposed answer....... but only because the rest of the answers don't make any sense. The managed connector for Azure Service Bus doesn't support managed identities. Support may come in the future. Currently, if you connect to a Service Bus, the SAS Token will be stored in an API Connection resources. Blog announcement of the preview capability: https://techcommunity.microsoft.com/t5/integrations-on-azure/azure-logic-apps-authenticate-with-managed-identity-for-azure-ad/ba-p/2066254 Docs: https://docs.microsoft.com/nl-nl/azure/logic-apps/create-managed-service-identity For Logic Apps on Functions (currently preview) things may be different again, since the Service Bus connectors are based on Function App bindings.
upvoted 3 times
...
...
jd94
Highly Voted 4 years, 1 month ago
6/12/2021. Passed the exam. Same answer
upvoted 5 times
...
itvinoth83
Most Recent 3 years, 4 months ago
Appeared in exam on 28-03-2022
upvoted 1 times
...
sandeepmalik
3 years, 4 months ago
In today's exam. Score 900+ Correct answer.
upvoted 1 times
...
shree178
3 years, 5 months ago
On exam today 19-2-2022.. Passed with 871.
upvoted 1 times
...
nd78
3 years, 6 months ago
on Exam today 21st Jan, 2022
upvoted 1 times
...
Nands23
3 years, 7 months ago
correct. This was on today's exam. 12/29/2021
upvoted 1 times
...
tomatosis
3 years, 7 months ago
On exam 23 Dec 2021, I chose the same
upvoted 1 times
...
Dpejic
3 years, 8 months ago
On exam today 22/11/21. r. Score 839
upvoted 2 times
...
Aaaashish
3 years, 9 months ago
correct
upvoted 1 times
...
syu31svc
3 years, 11 months ago
A Service Bus client app running inside an Azure App Service/Logic Apps application or in a virtual machine with enabled managed entities for Azure resources support does not need to handle SAS rules and keys, or any other access tokens. The client app only needs the endpoint address of the Service Bus Messaging namespace. Enable managed identity on App service. Once you've enabled this setting, a new service identity is created in your Azure Active Directory (Azure AD) and configured into the App Service host. Now, assign this service identity to a role in the required scope in your Service Bus resources. https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity Answer given is correct
upvoted 4 times
...
hamzeh69
4 years ago
Pass exam, come today in my exam 6/7/2021
upvoted 2 times
...
VMUN
4 years, 1 month ago
26-June-21, Passed the exam. Correct Answer
upvoted 3 times
...
tp42
4 years, 1 month ago
I think the wording is bad, a "Shared Access Policy" does not really exist. You have a "Shared Access Signature" or a "Stored Access Policy". A Shared Access Signature would indeed solve the access requirement and 2 questions further down they use it for that (although they still call it Shared Access Policy) https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
upvoted 1 times
tp42
4 years, 1 month ago
IAM is still correct due to the additional requirement of Azure AD authentication
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel