AI-102 Question #304: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription that contains an Azure App Service app named App1. You provision a multi-service Azure AI Services resource named CSAccount1. You need to configure App1 to access CSAccount1. The solution must minimize administrative effort. What should you use to configure App1?

Options

• Aa system-assigned managed identity and an X.509 certificate
• Bthe endpoint URI and an OAuth token
• Cthe endpoint URI and a shared access signature (SAS) token
• Dthe endpoint URI and subscription key

Explanation

To configure an Azure App Service app to access an Azure AI Services resource with minimal administrative effort, the app should be provided with the resource's endpoint URI and a subscription key.

Common mistakes.

• A. While managed identities are a secure practice, combining one with an X.509 certificate adds complexity and is not the simplest direct authentication method for an App Service to an AI service resource when a subscription key is available.
• B. OAuth tokens are primarily for user or application authentication with identity providers like Azure AD, and while possible, they are not the standard or simplest method for direct service-to-service authentication to Azure AI Services compared to subscription keys.
• C. Shared Access Signatures (SAS) tokens are generally used for granular, time-limited access to specific Azure storage resources, not as the primary authentication mechanism for a general Azure AI Services resource from an App Service.

Concept tested. Azure AI Services authentication methods

Reference. https://learn.microsoft.com/en-us/azure/ai-services/authentication

No community discussion yet for this question.