AZ-500 · Question #120
AZ-500 Question #120: Real Exam Question with Answer & Explanation
The correct answer is B: image2 only. Option B is correct because content trust in Azure Container Registry only applies to images pushed after content trust is enabled - image2 was pushed after enabling content trust and is therefore digitally signed and trusted. Image1 was already in the registry before content tru
Question
You have an Azure Container Registry named ContReg1 that contains a container image named image1. You enable content trust for ContReg1. After content trust is enabled, you push two images to ContReg1 as shown in the following table. Which images are trusted images?
Options
- Aimage1 and image2 only
- Bimage2 only
- Cimage1, image2, and image3
Explanation
Option B is correct because content trust in Azure Container Registry only applies to images pushed after content trust is enabled - image2 was pushed after enabling content trust and is therefore digitally signed and trusted. Image1 was already in the registry before content trust was enabled, meaning it was never signed and therefore is not a trusted image, which eliminates options A and C. Image3 (pushed after image2) was pushed without signing (as indicated in the table), so it also lacks the required digital signature to be considered trusted, further ruling out option C.
Memory Tip: Think of content trust like a notary - only documents signed by the notary after you hired them are officially verified. Pre-existing images and unsigned pushes are never "notarized," regardless of when they were pushed. When studying, remember: Signed + After Enablement = Trusted.
Topics
Community Discussion
No community discussion yet for this question.