SC-300 · Question #316
SC-300 Question #316: Real Exam Question with Answer & Explanation
The correct answer is B: user-assigned managed identities and Azure Key Vault. Azure Key Vault for the 3rd party API creds, and a user assigned managed identity for the MULTIPLE VMs to access "Azure resources by using Entra authentication".
Question
You have an Azure subscription that contains a storage account named storage1. You plan to deploy an app named App1 that will be hosted on multiple virtual machines. The virtual machines will authenticate to a third-party API by using secrets. You need to recommend an authentication solution for the virtual machines. The solution must meet the following requirements: - Securely store secrets. - Ensure that credentials do NOT need to be stored in the App1 code. - Ensure that the virtual machines can access Azure resources by using Microsoft Entra authentication - Minimize administrative effort. What should you include in the recommendation?
Options
- Auser accounts and Storage Service Encryption
- Buser-assigned managed identities and Azure Key Vault
- Cuser accounts and Azure Key Vault
- Dsystem assigned managed identities and Storage Service Encryption
Explanation
Azure Key Vault for the 3rd party API creds, and a user assigned managed identity for the MULTIPLE VMs to access "Azure resources by using Entra authentication".
Community Discussion
No community discussion yet for this question.