Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 2 question 2 discussion

Actual exam question from Microsoft's AZ-104
Question #: 2
Topic #: 2
[All AZ-104 Questions]

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first?

  • A. From contoso.com, modify the Organization relationships settings.
  • B. From contoso.com, create an OAuth 2.0 authorization endpoint.
  • C. Recreate AKS1.
  • D. From AKS1, create a namespace.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
AlleyC
Highly Voted 1 year, 6 months ago
Selected Answer: B
Answer is correct B Cluster administrators can configure Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol https://docs.microsoft.com/en-us/azure/aks/managed-aad
upvoted 61 times
tweedo
1 year, 4 months ago
This seems to be a correct answer in scope of listed answers, but please mind that AKS now supports direct integration with AAD, the method using OAuth 2.0 is considered legacy: https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
upvoted 26 times
...
jackdryan
9 months, 3 weeks ago
B is correct
upvoted 2 times
...
...
TDsysadmin
Highly Voted 1 year, 2 months ago
In 20/08/2022 exam
upvoted 12 times
...
jay223
Most Recent 3 weeks, 6 days ago
Selected Answer: B
Answer B is correct
upvoted 1 times
...
JonHanes
2 months, 1 week ago
This one had me confused between B and C, asking the Bing AI resulted in the following: The question does leave out some important details that would help determine the most appropriate answer. For instance, it doesn’t specify whether Azure RBAC is enabled on the AKS cluster. If Azure RBAC is not enabled, then the cluster would need to be recreated with Azure RBAC enabled (Option C). However, if Azure RBAC is already enabled and the cluster is integrated with Azure AD, then creating an OAuth 2.0 authorization endpoint could be a valid first step (Option B). The question also doesn’t specify whether the users are part of the same Azure AD tenant as the AKS cluster or if they are external users. If they are external users, additional steps might be needed to grant them access to the AKS cluster.
upvoted 1 times
...
AMEHAR
3 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
Misty39
3 months, 4 weeks ago
Selected Answer: A
but the question states, what is THE FIRST THING U DO?
upvoted 1 times
...
kamalpur
4 months, 3 weeks ago
This question is explained below https://youtu.be/RHa5E__7rYQ
upvoted 1 times
ShaileeP
3 months, 2 weeks ago
You are a bot! You put the same link in all questions. Please stop promoting your channel
upvoted 8 times
...
...
dhivyamohanbabu
5 months, 2 weeks ago
Correct Answer: b
upvoted 2 times
...
dhivyamohanbabu
5 months, 2 weeks ago
Correct answer B
upvoted 2 times
...
chihota
5 months, 3 weeks ago
Answer is A
upvoted 2 times
...
Angurajesh
6 months, 1 week ago
A. From contoso.com, modify the Organization relationships settings. By modifying the Organization relationships settings in the contoso.com Azure AD tenant, you can establish the necessary trust relationship between the tenant and AKS1. This enables users in contoso.com to authenticate and access AKS1. Once you have modified the Organization relationships settings, the administrator will be able to grant access to AKS1 to the users in contoso.com by assigning appropriate roles or permissions within AKS1.
upvoted 1 times
...
stonwall12
6 months, 2 weeks ago
The answer is B. Create an O-Auth Endpoint https://docs.microsoft.com/en-us/azure/aks/managed-aad
upvoted 2 times
...
Andre369
6 months, 3 weeks ago
Selected Answer: A
Option A is the correct choice. By modifying the Organization relationships settings in the Azure AD tenant (contoso.com), you can establish the required connection between the Azure AD tenant and the AKS cluster. This configuration allows users in contoso.com to access and manage AKS resources. Here's a high-level overview of the steps involved in this process: Sign in to the Azure portal using an account with appropriate permissions in the contoso.com Azure AD tenant. Navigate to the Azure AD tenant (contoso.com) settings. Locate the Organization relationships settings and configure the necessary settings to establish the connection between Azure AD and AKS. Follow any additional prompts or steps provided during the configuration process. Once the Organization relationships settings are properly configured, the administrator should be able to grant access to AKS1 for the users in the contoso.com Azure AD tenant.
upvoted 4 times
...
neonm
8 months ago
Correct question wouldhave been: you have waited 24 hoursand it still doesnt work what will you do?
upvoted 1 times
...
Madbo
8 months ago
B. From contoso.com, create an OAuth 2.0 authorization endpoint. To grant access to Azure Kubernetes Service to users in your Azure Active Directory tenant, you need to create an OAuth 2.0 authorization endpoint in your tenant. The endpoint will allow users in your tenant to authenticate and obtain an access token, which can be used to access the Kubernetes API server. Therefore, the first step in this scenario would be to create the OAuth 2.0 authorization endpoint in contoso.com. Option A, modifying the organization relationships settings, is not related to granting access to AKS1. Option C, recreating AKS1, is not necessary as the issue is related to user access. Option D, creating a namespace, is not related to granting access to AKS1 either.
upvoted 7 times
...
Madbo
8 months ago
In order to grant access to Azure Kubernetes Service (AKS) to users in the Azure Active Directory (Azure AD) tenant, you need to create an OAuth 2.0 authorization endpoint. This will allow users to authenticate and receive an access token that can be used to access AKS. Therefore, option B is the correct answer. Modifying organization relationship settings or creating a namespace in AKS will not enable access to contoso.com users. Recreating AKS1 may not be necessary and is not the best approach to resolving the issue.
upvoted 1 times
...
NImeshg
8 months, 1 week ago
Selected Answer: A
i think its a
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...