Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 20

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

You are in the process of creating an Azure Kubernetes Service (AKS) cluster. The Azure Kubernetes Service (AKS) cluster must be able to connect to an Azure

Container Registry.

You want to make sure that Azure Kubernetes Service (AKS) cluster authenticates to the Azure Container Registry by making use of the auto-generated service principal.

Solution: You create an Azure Active Directory (Azure AD) role assignment.

Does the solution meet the goal?

    Correct Answer: B

    When setting up an Azure Kubernetes Service (AKS) cluster to authenticate with an Azure Container Registry (ACR), the correct approach involves Azure Role-Based Access Control (RBAC). Specifically, this requires assigning the AcrPull role to allow the cluster's service principal to pull images from the ACR. The proposed solution of creating an Azure Active Directory (Azure AD) role assignment is incorrect since it does not directly handle the necessary permissions for interacting with ACR. Therefore, the solution does not meet the goal.

Discussion
romaso82Option: A

correct answer

PKPKPKOption: B

i think its B as it wold need an RBAC role instead AAD role

xRiot007

The answer is B, but not because of that. The Microsoft Entra group will attach the AcrPull permission automatically, completing RBAC. The reason why the answer is No is because the authentication is done automatically, you don't have to create any roles. You just need to attach the service (AKS) to the container (ACR)

majstor86Option: B

B. NO Needs an RBAC role

zellckOption: B

B is the answer. https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry. Use Azure role-based access control (Azure RBAC) to assign specific permissions to users, service principals, or other identities that need to interact with a registry, for example to pull or push container images.

JessEsquerdoOption: A

Correct answer is A Yes, the solution meets the goal. When using Azure Container Registry (ACR) with Azure Kubernetes Service (AKS), you need to establish an authentication mechanism. You can configure the required permissions between ACR and AKS using the Azure CLI, Azure PowerShell, or Azure portal1. The AKS to ACR integration assigns the AcrPull role to the Azure Active Directory (Azure AD) managed identity associated with the agent pool in your AKS cluster1. This is essentially creating an Azure AD role assignment. So, your solution of creating an Azure AD role assignment is correct. However, please note that there’s a latency issue with Azure Active Directory groups when attaching ACR1. If you’re running automation that requires the RBAC configuration to be complete, it’s recommended to use “Bring your own kubelet identity” as a workaround. https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli

Mazhar1993Option: B

The answer is No. When an AKS cluster is created, Azure automatically generates a service principal to facilitate interactions with other Azure resources, including ACR. This auto-generated service principal can be directly used for authenticating the AKS cluster to the ACR registry. Therefore, creating an additional Azure AD role assignment is unnecessary as the auto-generated service principal already fulfills the authentication requirements. The proposed solution of creating an Azure AD role assignment adds complexity without providing any additional benefit, making it unnecessary and not meeting the goal efficiently. https://learn.microsoft.com/bs-latn-ba/azure/aks/cluster-container-registry-integration?tabs=azure-cli

sulfur

https://www.examtopics.com/discussions/microsoft/view/13685-exam-az-500-topic-3-question-16-discussion/

ltjones12Option: B

Definitely B. This is not an Azure AD Role assignment. This needs an RBAC role

SlawekyoOption: A

In Topic 3, question 16. You have the same question but to choose answer, there "Azure Active Directory (Azure AD) role assignment" is correct so answer is def A

hfk2020Option: B

The AKS to ACR integration assigns the AcrPull role to the Microsoft Entra ID managed identity associated with the agent pool in your AKS cluster.

massnonnOption: A

Yes, the solution meets the goal of ensuring that the Azure Kubernetes Service (AKS) cluster can authenticate to the Azure Container Registry using the auto-generated service principal.

fastline112003Option: B

This should be usually done with Azure RBAC: az aks update -n myAKSCluster -g myResourceGroup --attach-acr <acr-name>

Atom270Option: B

Obviously answer is B, why would anyone select A as it is related to role assigment

Jkayx94Option: B

Requires ACR-Pull which is an Azure RBAC Built in Role: https://learn.microsoft.com/bs-latn-ba/azure/role-based-access-control/built-in-roles#acrpull Answer is B

zied01Option: A

it's just a confusion between Azure AD roles and Azure RBAC but i think that to goal of this question is to make sure that the SPN should have a permission this is the goal and not the role/permission it self i think the answer is yes

BonesurferOption: A

A: https://learn.microsoft.com/en-us/azure/aks/kubernetes-service-principal?tabs=azure-cli#delegate-access-to-other-azure-resources

bernedbOption: B

Correct answer is B. Azure AD roles is not the same as Azure RBAC https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles