Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam

Exam AZ-204 topic 1 question 10 discussion

Actual exam question from Microsoft's AZ-204
Question #: 10
Topic #: 1
[All AZ-204 Questions]

You are developing an e-Commerce Web App.
You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active
Directory (AAD).
What should you do on the e-Commerce Web App?

  • A. Run the az keyvault secret command.
  • B. Enable Azure AD Connect.
  • C. Enable Managed Service Identity (MSI).
  • D. Create an Azure AD service principal.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
forgetfulalligator
Highly Voted 3 weeks, 4 days ago
Selected Answer: C
Managed Service Identity (MSI) is a feature in Azure that allows you to securely authenticate an Azure service to other Azure services without having to manage credentials. By enabling MSI on the Azure App Service hosting the e-Commerce Web App, you can create a trust relationship between the App Service and Azure Key Vault. This allows the e-Commerce Web App to authenticate with Azure Active Directory (AAD) and securely retrieve secrets from the Key Vault.
upvoted 6 times
...
junkz
Most Recent 3 weeks, 4 days ago
since the statement sais "secured by using Azure App Service authentication and Azure Active Directory (AAD)." it stand to reason the nswer would be D. when configuring app service authentication with Microsoft identity provider, an app registration is required. which, under the hood, creates an app service principal (the ObjectID from the app registration, not to be confused with the applicationID of the app registration). so although the wording of the D option is missfortunate, it's still true.
upvoted 1 times
...
SirMarv
1 year, 3 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
uffuchsi
1 year, 8 months ago
C - Enable Managed Service Identity
upvoted 1 times
...
alexein74
1 year, 8 months ago
D. Create an Azure AD service principal. To secure sign-ins to the e-Commerce Web App by using Azure App Service authentication and Azure Active Directory (AAD), you should create an Azure AD service principal. A service principal is a security identity that you can use to authenticate and authorize your app to access Azure resources. Once you have created the service principal, you can use it to authenticate to Azure Key Vault and access the secrets that you store there. B. Enable Azure AD Connect is a method to Synchronize on-premises directories and enable single sign-on and it's not related to this question. A. Run the az keyvault secret command is a command line to manage secrets in keyvault, it's not related to the question. C. Enable Managed Service Identity (MSI) is a feature that enables an app to authenticate to Azure services using its managed identity, which is automatically managed by Azure. This feature can be used to authenticate to Azure Key Vault and access the secrets that you store there, but it's not necessary to use it in this scenario.
upvoted 3 times
Mattt
1 year, 6 months ago
Option D is incorrect because creating an Azure AD service principal is used to allow applications to authenticate and access resources in Azure, but it is not required to secure sign-ins to an e-Commerce Web App with Azure App Service authentication and Azure AD using Azure Key Vault.
upvoted 1 times
...
...
OPT_001122
1 year, 10 months ago
Selected Answer: C
C. Enable Managed Service Identity (MSI).
upvoted 2 times
KingChuang
1 year, 10 months ago
While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials. Ref:https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
upvoted 1 times
...
...
ericci
1 year, 11 months ago
Selected Answer: A
I think the right answer is A: https://learn.microsoft.com/en-us/azure/data-factory/v1/data-factory-on-premises-mongodb-connector
upvoted 1 times
...
sca88
2 years ago
C is better than D, because thanks to ManageIdentity, your code can forget to store keys, so is better solution than Service Principal
upvoted 2 times
...
PhilLI
2 years, 9 months ago
Selected Answer: C
"Azure AD service principals" are created for Apps registered in Azure AD. Whereas WebApps, VMs, hubs etc all can get a Managed Identity.
upvoted 4 times
...
xahah22222
2 years, 11 months ago
I dont know. C&D seem to be the same thing. I would take the create principle option as I am not even sure if you can enable or disable MSI on a top level.
upvoted 1 times
...
Sukon_Desknot
3 years, 1 month ago
This is a bit tricky checkout https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...