ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 2 question 14 discussion

Actual exam question from Microsoft's AZ-301
Question #: 14
Topic #: 2
[All AZ-301 Questions]

HOTSPOT -
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
✑ Ensure that the applications can authenticate only when running on the 10 virtual machines.
✑ Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by kewl at Dec. 5, 2019, 2:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kewl
Highly Voted 5 years, 6 months ago
Box 1 should be user assigned managed identity as the requirement states 'ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity'. If we use a system assigned managed identity, it would create different ad identities for each VM
upvoted 56 times
onlyfunmails
5 years, 5 months ago
As minimize admin efforts, should be System-assigned managed identity. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview The lifecycle of a system-assigned identity is directly tied to the Azure service instance that it's enabled on. If the instance is deleted, Azure automatically cleans up the credentials and the identity in Azure AD.
upvoted 6 times
pinchocr
5 years, 2 months ago
System-assigned managed identity: Workloads that are contained within a single Azure resource Workloads for which you need independent identities. For example, an application that runs on a single virtual machine User-assigned managed identity: Workloads that run on multiple resources and which can share a single identity. Workloads that need pre-authorization to a secure resource as part of a provisioning flow. Workloads where resources are recycled frequently, but permissions should stay consistent. For example, a workload where multiple virtual machines need to access the same resource It´s clear, Box1: User-assigned managed identity
upvoted 32 times
tartar
4 years, 9 months ago
- Create a user Assigned Managed Identities for Azure resources - An Azure Instance Metadata Service Identity
upvoted 6 times
...
...
...
mpknz
5 years, 4 months ago
questions says only when running on the 10 machines. if used user assigned then it could be used on other machines hence answer should be to allow access for the 10 system assigned virtual machine identities
upvoted 3 times
...
dtvAzh
5 years, 2 months ago
kewl is correct, please refer the below url in comparison table below the diagram, 3rd Row. And also refer the section How a user-assigned managed identity works with an Azure VM, point 5. , https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview.
upvoted 5 times
...
SaurabhAzure
5 years, 4 months ago
I agree It should be "user assigned managed identity"
upvoted 5 times
...
...
Moon
Highly Voted 5 years, 4 months ago
Answer correct. 1. System assigned 2. Metadata Service ID
upvoted 14 times
...
glam
Most Recent 4 years, 4 months ago
1 - Create a user Assigned Managed Identities for Azure resources 2 - An Azure Instance Metadata Service Identity
upvoted 3 times
...
sanketshah
4 years, 5 months ago
Box 1 : 1 Box 2: 3 correct answer
upvoted 1 times
sejalo
4 years, 4 months ago
wrong, Box 1 : 2 Box 2: 3
upvoted 1 times
...
...
multcloud
4 years, 9 months ago
- System Assigned Managed Identity (As System Assigned allows for it to tagged to instance automatically, currently instance in question is just VM, hence it will minimize administration effort and follow lifecycle management process of VM, i.e. when VMs are deleted managed identity also get deleted) - Azure Instance Metadata Service Identity
upvoted 1 times
nesith
4 years, 6 months ago
how you going to make sure that the authentication request is not coming from one of the 10 servers? each server gets a unique id when you use SAMI
upvoted 1 times
...
...
Anju17
4 years, 9 months ago
System-Assigned Managed Identity vs. User-Assigned Identity They are the same in the way they work. The only difference is that if you enable System-Assigned Managed Identity for an Azure resource, the Managed Identity gets automatically created and assigned to that Azure resource, and will also get deleted when you delete the resource. User-Assigned Managed Identity is created manually and likewise manually assigned to an Azure resource. The lifecycle of a User-Assigned Managed Identity is NOT tied to the lifecycle of the Azure resource to which it is assigned. That means it the Azure resource gets deleted, the User-Assigned Managed Identity will not be deleted from Azure.
upvoted 4 times
...
Hisagenda
4 years, 9 months ago
A system assigned managed identity can be enabled on the VM or one or more user assigned managed identities can be assigned to the VM. Tokens for managed identities can then be requested from Instance Metadata Service. These tokens can be used to authenticate with other Azure services such as Azure Key Vault. System assigned Metadata service
upvoted 1 times
...
Duyons
4 years, 9 months ago
Box1: Create a user-asssigned Managed Identities for Azure Resources (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) Box 2: An Azure Instance Metadata Service Identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview)
upvoted 1 times
...
tmurfet
4 years, 9 months ago
1. "user assigned managed identity" -- has to be the same id for all VMs so cannot be system assigned. 2. Outh2 is authorization "not" authentication -- authenticate using Azure Instance Metadata Service (IMDS) which is accessible only from within the VM. Ref. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#how-does-the-managed-identities-for-azure-resources-work
upvoted 2 times
...
KCjoe
4 years, 10 months ago
It is in my exam, there was only 3 options for box 3, and last one is Metadata Service ID Oauth Ednpoint, which is the correct answer.
upvoted 3 times
...
duytran216
4 years, 10 months ago
Answer is: User and IDMS. To minimize admin operations, user assigned act like a group of VMs. So we can easily rule them.
upvoted 1 times
...
[Removed]
4 years, 11 months ago
1. User Assigned Managed Identities 2. Azure Instance Metadata Service Identity Quote from: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service#managed-identity-via-metadata-service A system assigned managed identity can be enabled on the VM or one or more user assigned managed identities can be assigned to the VM. Tokens for managed identities can then be requested from Instance Metadata Service. These tokens can be used to authenticate with other Azure services such as Azure Key Vault.
upvoted 5 times
...
gboyega
4 years, 11 months ago
Given Answer is Correct
upvoted 3 times
Faizy
4 years, 10 months ago
NO, its wrong. Check the contrast between User Assigned and System Assigned Managed Identities clearly at https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
upvoted 1 times
...
...
gboyega
4 years, 11 months ago
Given Answer is Correct
upvoted 2 times
...
Neetiniti
4 years, 11 months ago
Box1: User-assigned managed identity- Can be shared-The same user-assigned managed identity can be associated with more than one Azure resource. Workloads that run on multiple resources and which can share a single identity. Box-2 Azure Instance Metadata Service Identity- Your code that's running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
upvoted 2 times
...
learnazure63
4 years, 12 months ago
box-1 user assigned managed identity box-2 Azure Instance Metadata Service (IMDS) identity endpoint user assigned managed identity can be used with multiple VMs. see https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/msi-tutorial-linux-vm-access-arm
upvoted 1 times
...
Prash85
4 years, 12 months ago
Applications can authenticate and minimize admin effort... using the same Azure Active Directory (Azure AD) identity not necessarily mean users.. This should be System-assigned managed identity.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel