Skip to Content

SC-300: Leveraging Service Principal and User-assigned Managed Identity for Azure Storage Access

By: Author Alex Lim

Posted on

Categories Exam

Discover how to use Service Principal and User-assigned Managed Identity for secure and efficient access to Azure Storage.

Table of Contents

Question

You have an Azure subscription named Sub1 that contains a storage account named storage1.

You need to deploy two apps named App1 and App2 that will have the following configurations:

  • App1 will be deployed as a registered app in Sub1.
  • App1 will access storage1 by using Microsoft Entra authentication.
  • App2 will access storage1 by using a single Microsoft Entra identity.
  • App2 be hosted on two new virtual machines named VM1 and VM2.

The solution must minimize administrative effort.

Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

App1:

  • User-assigned manages identity
  • Microsoft Entra group account
  • Microsoft Entra user account
  • Service principal
  • System-assigned managed identity

App2:

  • User-assigned manages identity
  • Microsoft Entra group account
  • Microsoft Entra user account
  • Service principal
  • System-assigned managed identity

Answer

App1: Service principal

App2: User-assigned manages identity

Explanation

For App1, the correct answer is Service Principal. A service principal is an identity that is used by a service or application. For integration with Azure, you should use a service principal specifically. In the context of Azure Storage, to access resources securely, you can assign the service principal an appropriate role and then delegate permissions to the service principal.

For App2, the correct answer is User-assigned Managed Identity. A user-assigned managed identity is a standalone Azure resource that can be assigned to one or more instances of an Azure service. In this case, since App2 is hosted on two virtual machines (VM1 and VM2), a user-assigned managed identity would be appropriate. This identity will be used to authenticate to any Azure service that supports Azure AD authentication, including accessing Storage1.

Microsoft SC-300 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft SC-300 exam and earn Microsoft SC-300 certification.