Answer is correct B Cluster administrators can configure Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Azure AD authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol https://docs.microsoft.com/en-us/azure/aks/managed-aad

In 20/08/2022 exam

Answer B is correct

This one had me confused between B and C, asking the Bing AI resulted in the following: The question does leave out some important details that would help determine the most appropriate answer. For instance, it doesn’t specify whether Azure RBAC is enabled on the AKS cluster. If Azure RBAC is not enabled, then the cluster would need to be recreated with Azure RBAC enabled (Option C). However, if Azure RBAC is already enabled and the cluster is integrated with Azure AD, then creating an OAuth 2.0 authorization endpoint could be a valid first step (Option B). The question also doesn’t specify whether the users are part of the same Azure AD tenant as the AKS cluster or if they are external users. If they are external users, additional steps might be needed to grant them access to the AKS cluster.

B is correct

but the question states, what is THE FIRST THING U DO?

This question is explained below https://youtu.be/RHa5E__7rYQ

Correct Answer: b

Correct answer B

Answer is A

A. From contoso.com, modify the Organization relationships settings. By modifying the Organization relationships settings in the contoso.com Azure AD tenant, you can establish the necessary trust relationship between the tenant and AKS1. This enables users in contoso.com to authenticate and access AKS1. Once you have modified the Organization relationships settings, the administrator will be able to grant access to AKS1 to the users in contoso.com by assigning appropriate roles or permissions within AKS1.

The answer is B. Create an O-Auth Endpoint https://docs.microsoft.com/en-us/azure/aks/managed-aad

Option A is the correct choice. By modifying the Organization relationships settings in the Azure AD tenant (contoso.com), you can establish the required connection between the Azure AD tenant and the AKS cluster. This configuration allows users in contoso.com to access and manage AKS resources. Here's a high-level overview of the steps involved in this process: Sign in to the Azure portal using an account with appropriate permissions in the contoso.com Azure AD tenant. Navigate to the Azure AD tenant (contoso.com) settings. Locate the Organization relationships settings and configure the necessary settings to establish the connection between Azure AD and AKS. Follow any additional prompts or steps provided during the configuration process. Once the Organization relationships settings are properly configured, the administrator should be able to grant access to AKS1 for the users in the contoso.com Azure AD tenant.

Correct question wouldhave been: you have waited 24 hoursand it still doesnt work what will you do?

B. From contoso.com, create an OAuth 2.0 authorization endpoint. To grant access to Azure Kubernetes Service to users in your Azure Active Directory tenant, you need to create an OAuth 2.0 authorization endpoint in your tenant. The endpoint will allow users in your tenant to authenticate and obtain an access token, which can be used to access the Kubernetes API server. Therefore, the first step in this scenario would be to create the OAuth 2.0 authorization endpoint in contoso.com. Option A, modifying the organization relationships settings, is not related to granting access to AKS1. Option C, recreating AKS1, is not necessary as the issue is related to user access. Option D, creating a namespace, is not related to granting access to AKS1 either.

In order to grant access to Azure Kubernetes Service (AKS) to users in the Azure Active Directory (Azure AD) tenant, you need to create an OAuth 2.0 authorization endpoint. This will allow users to authenticate and receive an access token that can be used to access AKS. Therefore, option B is the correct answer. Modifying organization relationship settings or creating a namespace in AKS will not enable access to contoso.com users. Recreating AKS1 may not be necessary and is not the best approach to resolving the issue.

i think its a