From the Device Provisioning Service, you create an enrollment as shown in the exhibit.
You need to deploy a new IoT device.
What should you use as the device identity during attestation?
AZ-220 Exam QuestionsBrowse all questions from this exam
AZ-220 Exam - Question 135
Show AnswerHide Answer
Correct Answer: C
In the Device Provisioning Service, the enrollment shown uses symmetric key attestation. For symmetric key attestation, each device needs to use a derived device key along with a unique registration ID to perform the attestation. The correct method to generate the device key involves computing an HMAC-SHA256 of the device's registration ID using the symmetric key provided in the enrollment and converting the result into Base64 format. Therefore, the correct identity for the device during attestation is the HMAC-SHA256 hash of the device's registration ID.
Discussion
2 commentsAnonymousJhb
Apr 26, 2021Correct Answer. Cli steps use hmac. https://docs.microsoft.com/en-us/azure/iot-dps/concepts-symmetric-key-attestation?tabs=azure-cli
tita_tovenaar
Jun 29, 2021indeed C. TPM and X.509 do NOT use symmetric keys so they’re out, ref https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys?view=iotedge-2020-11&tabs=linux. Random characters are no option either.