Table of Contents
Question
You have an Azure subscription that contains four Azure virtual machines. You need to configure the virtual machines to use a single identity. The solution must meet the following requirements:
- Ensure that the credentials for the identity are managed automatically.
- Support granting privileges to the identity.
Which type of identity should you use?
A. a system-assigned managed identity
B. a user-assigned managed identity
C. a service principal
D. a user account
Answer
A. a system-assigned managed identity
Explanation
The correct answer is A. a system-assigned managed identity.
A system-assigned managed identity is an identity that is automatically created and assigned to an Azure resource. The credentials for the identity are managed by Azure and do not need to be stored or managed by the user. System-assigned managed identities can be used to grant privileges to Azure resources, such as virtual machines.
A user-assigned managed identity is a managed identity that is created by the user and can be assigned to one or more Azure resources. The credentials for the identity are managed by the user. User-assigned managed identities can also be used to grant privileges to Azure resources.
A service principal is an identity that is used to represent an application or service in Azure. Service principals are created by the user and can be assigned to one or more Azure resources. The credentials for the identity are managed by the user. Service principals can be used to grant privileges to Azure resources, but they are not as secure as managed identities.
A user account is an account that is created by the user and is used to sign in to Azure. User accounts are not as secure as managed identities and should not be used to grant privileges to Azure resources.
In this case, the requirement is to configure the virtual machines to use a single identity and to ensure that the credentials for the identity are managed automatically. A system-assigned managed identity meets both of these requirements. Therefore, the correct answer is A.
Here are some additional details about system-assigned managed identities:
- They are created automatically when you create an Azure resource that supports them.
- They are tied to the resource that created them and are deleted when the resource is deleted.
- They have the same permissions as the resource that created them.
- They can be used to access Azure services, such as Azure Storage and Azure Key Vault.
Reference
- Managed identities for Azure resources – Microsoft Entra | Microsoft Learn
- Managed identities – Azure App Service | Microsoft Learn
- Azure AD-managed identities for Azure resources documentation – Microsoft Entra | Microsoft Learn
- Apps & service principals in Azure AD – Microsoft Entra | Microsoft Learn
- Create an Azure AD app and service principal in the portal – Microsoft Entra | Microsoft Learn
- Work with Azure service principals – Azure CLI | Microsoft Learn
- Quickstart: Create and assign a user account – Microsoft Entra | Microsoft Learn
Designing and Implementing Microsoft DevOps Solutions AZ-400 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Designing and Implementing Microsoft DevOps Solutions AZ-400 exam and earn Designing and Implementing Microsoft DevOps Solutions AZ-400 certification.