AZ-400 · Question #585
AZ-400 Question #585: Real Exam Question with Answer & Explanation
The correct answer is D: user-assigned managed identities. To authenticate a self-hosted GitHub Actions runner with Azure, you'll typically use either a managed identity or a service principal with OpenID Connect (OIDC). Managed identities are generally preferred for simplicity and security, especially with Azure Virtual Machines. Altern
Question
You have an Azure subscription that contains 20 virtual machines. You plan to deploy an Azure infrastructure by using Bicep files. The files will be deployed by using self-hosted GitHub runners on the virtual machines. You need to ensure that the GitHub runners can authenticate to Azure. The solution must minimize administrative effort. What should you use?
Options
- Aservice principals
- Bsystem-assigned managed identities
- Cpersonal access tokens (PATs)
- Duser-assigned managed identities
Explanation
To authenticate a self-hosted GitHub Actions runner with Azure, you'll typically use either a managed identity or a service principal with OpenID Connect (OIDC). Managed identities are generally preferred for simplicity and security, especially with Azure Virtual Machines. Alternatively, you can use a service principal and configure it with a federated identity credential, which can be helpful in more complex scenarios. System-assigned managed identities are tied to a specific Azure resource and are deleted when the resource is deleted, while user-assigned managed identities are separate Azure resources that can be assigned to multiple resources. In this scenario we need only a single user-assigned managed identity. https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-manage- user-assigned-managed-identities https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure-identity
Community Discussion
No community discussion yet for this question.