Exam AZ-301 topic 2 question 41 discussion

The question about authorization methods, not what identity to use, is already mentioned in the question: The application will use Managed Service Identity (MSI) Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC (Azure Cosmos DB uses hash-based message authentication code (HMAC) for authorization) https://docs.microsoft.com/en-us/azure/cosmos-db/database-security#how-does-azure-cosmos-db-secure-my-database

Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC the question is asking about authorization method for the three resources... Note that " Managed Service Identity (MSI)" is used for authentication then authorization is granted and attached to the MSI through the suitable way of the Azure resource like RBAC or HMAC https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security#:~:text=To%20access%20a%20key%20vault,a%20Key%20Vault%20access%20policy. https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview https://docs.microsoft.com/en-us/azure/cosmos-db/database-security https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

This question is certainly about authorization hence the answer should be:("Which authorization methods should you recommend?") Key Vault - RBAC Azure SQL - RBAC Cosmos DB - RBAC

Answer is correct. We group all of these resources or applications as a user-defined managed ID and then grant access policy on the Key vault. RBAC is different this is the complete uniqueness of manage identity.

given asnwer is correct as all 3 are part of i can use managed identities when targe is Key vault ,Azure SQL,Cosmos DB You can use the Managed Service Identity of the virtual machine to securely access the Azure Key vault service You can use the Managed Service Identity of the virtual machine to securely access the Azure SQL database service You can use the Managed Service Identity of the virtual machine to securely access the Azure Cosmos DB service https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

If Authorization, I will say that the correct answers are: Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC If the question is about authentication: Key Vault -> MSI Azure SQL -> MSI Cosmos DB -> MSI

RBAC<RBAC<HMAC

Since the question asks about Authorization not Authentication so Ans should be - - RBAC - RBAC - HMAC If ques was about Authentication then it would be MSI for all 3. Pay attention on wordings of ques, this is important in MS Exams.

given answer is correct

Agree with Orcruin...If Authorization, I will say that the correct answers are: Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC If the question is about authentication: Key Vault -> MSI Azure SQL -> MSI Cosmos DB -> MSI

If Authorization, I will say that the correct answers are: Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC If the question is about authentication: Key Vault -> MSI Azure SQL -> MSI Cosmos DB -> MSI

KeyVault -> RBAC (https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault) Azure SQL -> RBAC (https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview) Cosmos DB -> HMAC (https://docs.microsoft.com/en-us/azure/cosmos-db/database-security)

Correct answer is - RBAC, RBAC, HMAC

The authentication/Authorization won't change the answer check first paragraph in this link https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-msi "Managed identities for Azure resources can authorize access to blob and queue data using Azure AD credentials from applications running in Azure virtual machines (VMs), function apps, virtual machine scale sets, and other services" Here it says that MSI authorize. On the hand, if using MSO is not providing authorization as well then what is the point of having it? MS introduced it to remove the Authentication/Authorization workload off the developers. So my answer is: MSI MSI HMAC

We have to identify which solution is the correct one: MSI, MSI, MSI vs RBAC, RBAC, HMAC. People say in the exam, it will be asked for the Authentication methods, so MSI makes sense as it forces us to use it in the introduction (makes sense the current answer). However, if it asks for the Authorization methods will go for RBAC, RBAC, HMAC?

Correct Answer is: Key Vault -> RBAC Azure SQL -> RBAC Cosmos DB -> HMAC

May be the answer is correct if question is about Authentication as informed by the user Gkilla https://www.examtopics.com/exams/microsoft/az-301/