ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-220 All Questions

View all questions & answers for the AZ-220 exam
Go to Exam

Exam AZ-220 topic 6 question 6 discussion

Actual exam question from Microsoft's AZ-220
Question #: 6
Topic #: 6
[All AZ-220 Questions]

HOTSPOT -
You are planning a proof of concept (POC) that will use an Azure IoT hub.
You have two self-signed client authentication certificates named Cert1 and Cert2. Cert1 has a basic constraint that contains Subject Type=CA. Cert2 has a basic constraint that contains Subject Type=End Entity.
You need to identify which certificates to use.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Cert2 only -
Cert2: The leaf certificate, or end-entity certificate, identifies the certificate holder. It has the root certificate in its certificate chain as well as zero or more intermediate certificates. The leaf certificate is not used to sign any other certificates. It uniquely identifies the device to the provisioning service and is sometimes referred to as the device certificate.

Box 2: Cert1 only -
Cert1: A root certificate is a self-signed X.509 certificate representing a certificate authority (CA). It is the terminus, or trust anchor, of the certificate chain. Root certificates can be self-issued by an organization or purchased from a root certificate authority.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-x509-attestation
by SanjuB at March 12, 2021, 6:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
computer19810
Highly Voted 4 years, 3 months ago
Correct Answer should be Cert 2 Only Cert 1 Only
upvoted 15 times
...
SanjuB
Highly Voted 4 years, 3 months ago
Correct Answer should be Cert 2 Only Cert 1 Only
upvoted 10 times
...
Badoic
Most Recent 2 years, 1 month ago
1. For authenticating the device to the IoT Hub, it is used the device certificate/leaf certificate *(here Cert2) that contains also the Device ID. “The device certificate (also called a leaf certificate) must have the subject name set to the device ID (CN=deviceId) that was used when registering the IoT device in Azure IoT Hub. This setting is required for authentication.” https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-x509ca-overview#register-the-x509-ca-certificate-to-iot-hub 2. The certificate uploaded on the IoT Hub is the CA certificate, here Cert 1. “Register your X.509 CA certificate to IoT Hub, which uses it to authenticate your devices during registration and connection. Registering the X.509 CA certificate is a two-step process that includes uploading the certificate file and then establishing proof of possession.” https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-x509ca-overview#register-the-x509-ca-certificate-to-iot-hub
upvoted 2 times
...
hotwheelsinsf
2 years, 3 months ago
I don't understand it. They add another 100 questions and yet can't take the time to correct clearly identified issues with current questions
upvoted 1 times
...
sam198
3 years, 3 months ago
1-Cert2 2-Neither certificate, validating the self-sign certificate is another certificate that generated from the CA and not the contain the same CN
upvoted 1 times
...
liberty123
3 years, 3 months ago
Cert 2 Only Cert 1 Only
upvoted 1 times
...
exam67
4 years ago
Correct. In particular you cannot use a CA certificate as an identity for your device because both X.509 CA authentication and X.509 self-signed authentication requires the device-id of the device to match the common name (CN) in the certificate
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel