From the Device Provisioning Service, you create an enrollment as shown in the exhibit. You need to deploy a new IoT device. What should you use as the device identity during attestation?
A.
a self-signed X.509 certificate
B.
the random string of alphanumeric characters
C.
the HMAC-SHA256 hash of the device's registration ID
D.
the endorsement key of the device's Trusted Platform Module (TPM)
Suggested Answer:C🗳️
Each device uses its derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an HMAC-SHA256 of the unique registration ID for the device and convert the result into Base64 format. Reference: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys
indeed C.
TPM and X.509 do NOT use symmetric keys so they’re out, ref https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys?view=iotedge-2020-11&tabs=linux.
Random characters are no option either.
Correct Answer.
Cli steps use hmac.
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-symmetric-key-attestation?tabs=azure-cli
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.AZ-220 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tita_tovenaar
3 years, 11 months agoAnonymousJhb
4 years, 1 month ago