ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.4: Design identities and access for applicationsDomain 1Application IdentityService PrincipalApp Registration

AZ-305 · Question 15 · Domain 1.4: Design identities and access for applications

A third-party SaaS application needs to read user profiles from your Microsoft Entra ID tenant using the Microsoft Graph API. The application is hosted outside of Azure (on AWS).

You need to design the authentication and authorization solution for this application. The solution must follow security best practices and avoid the use of shared passwords.

Which TWO actions should you perform? (Select TWO)

Answer options:

A.

Register an application in Microsoft Entra ID to create a Service Principal.

B.

Configure certificate-based authentication for the application.

C.

Enable a System-assigned managed identity for the application.

D.

Generate a client secret with a 10-year expiration.

E.

Configure Azure AD Application Proxy.

How to approach this question

Determine how an external app authenticates to Entra ID (App Registration/Service Principal) and the most secure credential type (Certificates).

Full Answer

Because the application is hosted outside of Azure (on AWS), you cannot use Azure Managed Identities. Instead, you must manually register the application in Microsoft Entra ID, which creates a Service Principal. To authenticate securely without using passwords (client secrets), you should configure certificate-based authentication. The external application will sign its token requests using the private key of the certificate.

Common mistakes

Selecting Managed Identity, forgetting that Managed Identities are an Azure-specific feature (unless using Azure Arc, which isn't mentioned here).
14All questions16

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 managem...MediumQ02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000. The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ05A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance req...Hard
View all 55 questions →