AZ-500 Exam - Question 114

Question

HOTSPOT -You have an Azure subscription that contains an Azure SQL database named SQL1. You plan to deploy a web app named App1. You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:✑ Provide App1 with access to SQL1 without storing a password. ✑ Use the principle of least privilege. ✑ Minimize administrative effort. Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:.

Examice · Accepted Answer

Reference:https://docs. microsoft. com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cdotnet.

zellck · Answer

1. Managed identity
2. db_datareader and db_datawriter

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials.

While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory (Azure AD) for applications to use when connecting to resources that support Azure AD authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.

Troublemaker · Answer

In Exam - 28/7/2023

flafernan · Answer

You can use a Service Principal to grant an application access to Azure resources, including SQL databases. However, when granting read and write access to a SQL database, it is generally safer to use Managed Identities when the application is running on a virtual machine or an Azure service. Managed Identities are an easier and more secure way to grant access to Azure resources because they don't require you to manually manage secrets or credentials.

Service Principals are typically used when you need to grant access to external applications or services that are not hosted in Azure. When it comes to internal Azure applications and services, Managed Identities are a more direct and secure option. Therefore, using a Managed Identity would be the most appropriate option to meet the criteria of not storing passwords, using the principle of least privilege, and minimizing administrative effort in the context of internal Azure resources.

brooklyn510 · Answer

On exam 1/2/24

sofieejo · Answer

In exam 29/01/2023 + many questions about Microsoft Sentinel

Mic8888 · Answer

correct answers

Amit3 · Answer

# In EXAM - 01-Oct-2022

Siblark · Answer

In Exam Oct 05, 2022

F117A_Stealth · Answer

Correct!
Account Type = Managed Identity
Roles = db_datareader and db_datawriter

majstor86 · Answer

Account Type = Managed Identity
Roles = db_datareader and db_datawriter

Johnvic · Answer

Exam.6 case studies. 3 true/false questions. 47 multiple questions and no simulations. Alot of new questions thats not up here

Kelly8023 · Answer

Correct answers

AzureJobsTillRetire · Answer

Members of the db_datawriter fixed database role can add, delete, or change data in all user tables. In most use cases this role will be combined with db_datareader membership to allow reading the data that is to be modified.
https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16

icebw22 · Answer

Correct, Managed identity because db need to see who is the request coming from.  
Managed identity = identity for the app

subrat10 · Answer

The answer of question 1 should be "Service principal" as the question explicitly says Minimize administrative effort.

AZ-500 Exam - Question 114

Discussion