You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1. You n...
Microsoft AZ-305 Exam
Questions Number: 26 out of 268 Questions
9.70%
Question 26
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1. You need to recommend a solution to meet the following requirements for the virtual machines that will run App1: - Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database. - Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines. - Avoid storing secrets and certificates on the virtual machines. - Minimize administrative effort for managing identities. Which type of identity should you include in the recommendation?
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. A user-assigned managed identity: Can be shared. The same user-assigned managed identity can be associated with more than one Azure resource. Common usage: Workloads that run on multiple resources and can share a single identity. For example, a workload where multiple virtual machines need to access the same resource. Incorrect: Not A: A system-assigned managed identity can't be shared. It can only be associated with a single Azure resource. Typical usage: Workloads that are contained within a single Azure resource. Workloads for which you need independent identities. For example, an application that runs on a single virtual machine. Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
