ExpertMedium1 markMultiple Choice
AZ-305 · Question 14 · Domain 1.4: Application Identities
You are designing an application architecture where an application running on an Azure Virtual Machine needs to retrieve database connection strings securely from Azure Key Vault.
The security team mandates that no credentials or secrets used to authenticate to the Key Vault can be stored in the VM's code or configuration files. The identity used must be tied to the lifecycle of the VM.
Which identity solution should you use?
You are designing an application architecture where an application running on an Azure Virtual Machine needs to retrieve database connection strings securely from Azure Key Vault.
The security team mandates that no credentials or secrets used to authenticate to the Key Vault can be stored in the VM's code or configuration files. The identity used must be tied to the lifecycle of the VM.
Which identity solution should you use?
Answer options:
A.
User-assigned Managed Identity
B.
System-assigned Managed Identity
C.
Service Principal with a client secret
D.
Service Principal with a certificate
How to approach this question
Differentiate between System-assigned (tied to resource lifecycle) and User-assigned (independent lifecycle) managed identities.
Full Answer
B.System-assigned Managed Identity✓ Correct
Managed identities eliminate the need for developers to manage credentials. A System-assigned managed identity is tied directly to the Azure resource (in this case, the VM). When the VM is deleted, the identity is automatically cleaned up. A User-assigned managed identity is created as a standalone Azure resource and has its own lifecycle, meaning it persists even if the VM is deleted.
Common mistakes
Confusing system-assigned and user-assigned identities. Remember: System = 1:1 relationship with resource lifecycle. User = 1:Many relationship, independent lifecycle.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2
55 questions · hints · full answers · grading
More questions from this exam
Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel.
The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...Hard