HOTSPOT
-
You have an Azure subscription that contains the resources shown in the following table.
The subscription contains the virtual machines shown in the following table.
Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box1:Managed1, Managed2, VM1, and VM2 only I agree that VM3 shouldn't count here since its identity is actually 'Managed1' Box2: VM1, VM2, VM3, VM4 This article confirms that managed identities can be used across geos: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identities-faq
In Box 1, your comment makes sense, but in Azure it allows you do exactly that.
Ignore my previous comment. What I tested was assigning both User and System Identity to a VM. That works. VM3 only has User assigned Identity and will not show up. So I agree with Sneekygeeks answer. VM3 would only show IF it also had System-assigned managed Identity, which it does not.
In the Question #40 - Topic 2 (https://www.examtopics.com/discussions/microsoft/view/95539-exam-sc-300-topic-2-question-40-discussion/) it is stated that you cannot assign a role to a virtual machine, so: Box 1: Managed1 only Box 2: VM1, VM2, VM3, and VM4
In a lab setup, you can assign owner Permissions to an RG from M1/M2/Vm1/Vm2 You do not see Vm3 because M1 is already assigned and does not appear twice in the drop down list. You can assign one or more user managed IDs to a VM across regions. So Vm1/2/3/4.
Box 1 Managed1,Managed2,VM1,VM2 and VM3 only Box 2 VM1,VM2,VM3 and VM4
Can you explain how you arrived at this?
guessing vaaws logic is: Box 1: any identity (not vm4) box 2: any vm in any region while the answer given by ET seems to be: box 1: only identities in eastUS, where the RG lives box 2: only VMs in westus where Managed2 lives
Identities are not related to region and a VM can have both a User and System assigned managed Identity.
Box1: Managed1, Managed2, VM1, and VM2 only VM3 uses Managed1 so we use the Identity (Managed1) instead of the resource (VM3) VM4 doesn't have an Identity Box2: all VMs You can assign (User Assigned) Managed Identities to VMs that already have System Assigned Managed Identities You can test this in a lab like I did.
Tested this with my Azure subscription. IMHO the Box1 answer should be: Managed1, Managed2, VM1, and VM2 only. My reasoning: Since VM3’s identity is Managed1 and not VM3, you will not see VM3 in the owner role list. Virtual machine itself is not an identity. System-assigned managed identity is tied to one resource, and uses the name of the resource, so in this case VM1's and VM2's manged identities are named VM1 & VM2. User-assigned managed identity can be tied to multiple resources, so you will have to name it yourself. In this case the VM3's identity is Managed1. VM4 does not have identity at all, so you will not see it in owner role list. Please test the this in your tenant or lab and correct me if I'm wrong.
Tested in lab. Box1 Managed1,Managed2,VM1,VM2 and VM3 only System-assigned identitys is not region restricted, User-assigned is not aswell. When you add the VM1 with a system assigned identitys on as an owner on the RG. You can see in the RG RBAC permissions that the VM is added and it is created like an enterprise application. Box2 All VMs. Since user/system isn't restricted.
Hmm, so I guess this will be have to be a lucky shot at the exam as nobody agrees.
Come now guys, instead of guessing, for block 1: deploy 2 vms in 2 rgs, in 2 different regions and then enable their SAMI's and try link as owners to a single rg. You will find that you can link the SAMI's from the 2 different regions to the same rg as owners. Hence VM1 & VM2 are correct. VM3 is using the functional UAMI1, so that will work. Only vm4 wont work as it has not UAMI nor SAMI identity. Hence , UAMI1, UAMI2, VM1 & VM2 & VM3 (using UAMI1) will work. ONLY VM4 will not work. This is simple architect work. for block 2, UAMIs are global and are not limited by region. So everything is game. V1 - V4
for the question regarding assigning the Owner role for RG1 (which is in East US), only Managed1 (which is also in East US) can be considered. Managed2 cannot be assigned the Owner role for RG1 as it is in West US.Regarding which virtual machines can be assigned to Managed2, since Managed2 is located in West US, it can only be assigned to VM2 and VM4, both of which are also in West US.Therefore, the correct answers are:Identities with Owner role: Managed1 only. Virtual machines assigned to Managed2: VM2 and VM4 only.