AZ-204 · Question #595
AZ-204 Question #595: Real Exam Question with Answer & Explanation
A system-assigned managed identity is the correct choice because it is tied directly to the lifecycle of VM1 - when VM1 is deleted, the identity is automatically deprovisioned, satisfying the key requirement. The access token must be retrieved from the Azure Instance Metadata Ser
Question
Drag and Drop Question You have an Azure Virtual Machine (VM) named VM1 running Windows Server 2022 and an Azure Key Vault instance named kv1. You are developing a .NET application named App1 that you plan to deploy to VM1. You have the following requirements: - App1 will require access to kv1. - The identity used by App1 to access kv1 must be automatically deprovisioned when VM1 is deleted. You need to identify the procedure that will meet the requirements. Which three actions should you include in the procedure? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:
Explanation
A system-assigned managed identity is the correct choice because it is tied directly to the lifecycle of VM1 - when VM1 is deleted, the identity is automatically deprovisioned, satisfying the key requirement. The access token must be retrieved from the Azure Instance Metadata Service (IMDS) endpoint (http://169.254.169.254/metadata/identity/oauth2/token), which is the correct mechanism for managed identities running inside an Azure VM. Finally, the Key Vault access policy on kv1 must be modified to grant the system-assigned managed identity the necessary permissions to access secrets, keys, or certificates.
Topics
Community Discussion
No community discussion yet for this question.