ExpertMedium1 markMultiple Choice
AZ-305 · Question 14 · Domain 1.4: Application Identities
You are designing an application hosted on an Azure Virtual Machine Scale Set (VMSS) that scales dynamically between 5 and 50 instances based on CPU load.
The application needs to authenticate to an Azure SQL Database and an Azure Key Vault. You want to use Managed Identities to avoid storing credentials in code.
Which type of managed identity should you recommend to minimize administrative overhead and ensure seamless scaling?
You are designing an application hosted on an Azure Virtual Machine Scale Set (VMSS) that scales dynamically between 5 and 50 instances based on CPU load.
The application needs to authenticate to an Azure SQL Database and an Azure Key Vault. You want to use Managed Identities to avoid storing credentials in code.
Which type of managed identity should you recommend to minimize administrative overhead and ensure seamless scaling?
Answer options:
A.
System-assigned managed identity
B.
User-assigned managed identity
C.
Microsoft Entra Service Principal with a client secret
D.
Microsoft Entra Service Principal with a certificate
How to approach this question
Consider the lifecycle of the identity. If the compute resource scales out (creates new instances), a system-assigned identity creates a new identity per instance. A user-assigned identity is shared.
Full Answer
B.User-assigned managed identity✓ Correct
A User-assigned managed identity is created as a standalone Azure resource. You can assign it permissions to the SQL Database and Key Vault once. Then, you assign this identity to the VM Scale Set. As the VMSS scales out, every new VM instance automatically uses this same identity. If you used a System-assigned identity, each VM would get a unique identity, and you would have to dynamically grant each new identity access to the database, causing massive overhead.
Common mistakes
Choosing System-assigned. People often default to system-assigned because it's easier for a single VM, but it fails in auto-scaling scenarios.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard