ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 6 discussion

Actual exam question from Microsoft's AZ-303
Question #: 6
Topic #: 5
[All AZ-303 Questions]

You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?

  • A. From the Azure portal, modify the Access control (IAM) settings of RG1.
  • B. From the Azure portal, modify the Policies settings of RG1.
  • C. From the Azure portal, modify the Access control (IAM) settings of VM1.
  • D. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Through a create process, Azure creates an identity in the Azure AD tenant that's trusted by the subscription in use. After the identity is created, the identity can be assigned to one or more Azure service instances.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
by G_Z at Jan. 12, 2021, 6:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
King2
Highly Voted 4 years, 3 months ago
Correct answer: D First you have to give identity to VM1. • Navigate to the desired Virtual Machine and select Identity. • Under System assigned, Status, select On and then click Save Then you can modify the access control settings of RG1. (Option A)
upvoted 31 times
ruslan_bespalov_netconomy
4 years, 2 months ago
So to answer correctly you need to know that VMs don't have system assigned identity turned on by default. If they were turned on then the answer would be A
upvoted 10 times
tbjmaxa
3 years, 1 month ago
what are the other types of resources has it enabled by default?
upvoted 1 times
...
...
...
QiangQiang
Highly Voted 4 years ago
The answer should be A. there is no such thing as "modify the value of the Managed Service Identity option for VM1". Basing on the question, the VM Id should already be there.
upvoted 15 times
Annu52
2 years, 9 months ago
you are actually modifying system assigned managed Identity status from Off to ON.
upvoted 1 times
...
gizda2
3 years, 7 months ago
Nowhere in the question is mentioned that M.I. is turned on.
upvoted 2 times
...
zsedo
3 years, 7 months ago
Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI). https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview I will go with D. Maybe the question is outdated.
upvoted 1 times
...
...
AWSGuru01
Most Recent 3 years, 2 months ago
Answer: D is correct before grant RG1 services access to VM1 need to create VM1 managed Identity.
upvoted 1 times
...
tomatosis
3 years, 4 months ago
On exam 23 Dec 2021, I chose D
upvoted 1 times
...
donathon
3 years, 5 months ago
D. There are two ways, systems and managed identity. Both needs to be manually enabled first. In this case, only 1 answer indicate this fact.
upvoted 1 times
...
Nelmar
3 years, 6 months ago
Correct answer: D
upvoted 1 times
...
syu31svc
3 years, 8 months ago
Using managed identities for Azure resources, your code can get access tokens to authenticate to resources that support Azure AD authentication. The Azure Resource Manager supports Azure AD authentication. First, you need to grant this VM’s system-assigned managed identity access to a resource in Resource Manager https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview Answer is D
upvoted 1 times
...
tteesstt
3 years, 8 months ago
Vague wording, but I think with D it's meant System/User assigned identity. I'm going with D.
upvoted 1 times
...
teehex
3 years, 9 months ago
I don't know what "Modify the value of ..." means. But you can go to IAM in RG or Identiy in VM to assign permission for the managed identity (there is a button called Azure role assignments) there.
upvoted 2 times
...
AAPaul
3 years, 9 months ago
Please let me know how the launch goes and any customer feedback and/or quotes
upvoted 1 times
...
BoxGhost
3 years, 9 months ago
I'd go for A as well. The wording on D describes assigning the identity when creating the VM: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#system-assigned-managed-identity Since the VM already exists and the question implies the identity already exists. A makes more sense.
upvoted 1 times
...
SamAsh
3 years, 11 months ago
Answer A... 'Grant your VM access to a resource group in Resource Manager' https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
upvoted 2 times
...
SriRamS
4 years, 2 months ago
After D, the next step is A; ie, to modify the IAM of RG1 for VM1.
upvoted 2 times
...
Blimpy
4 years, 3 months ago
D is correct and next step is C ( A & B is not right) D reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-during-creation-of-a-vm C reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm#grant-your-vm-access-to-a-resource-group-in-resource-manager
upvoted 3 times
Nfloquet
4 years, 3 months ago
Sorry but for your C reference, it's clearly stated that you go to the resource group IAM panel, not the VM one. So it would be A and not C
upvoted 4 times
xaccan
4 years, 3 months ago
Answer is D 1000% without doubt
upvoted 7 times
...
...
...
G_Z
4 years, 3 months ago
Both A and D correct!
upvoted 4 times
pentium75
3 years, 9 months ago
But question is 'what to do FIRST'. If you need to grant access to the VM's managed identify, you have to enable that managed identify first, thus D before A.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago