SC-300 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-300 Exam - Question 258

HOTSPOT

-

You have an Azure subscription named Sub1 that contains a storage account named storage1.

You need to deploy two apps named App1 and App2 that will have the following configurations:

• App1 will be deployed as a registered app in Sub1.

• App1 will access storage1 by using Microsoft Entra authentication.

• App2 will access storage1 by using a single Microsoft Entra identity.

• App2 be hosted on two new virtual machines named VM1 and VM2.

The solution must minimize administrative effort.

Which type of identity will each app use to access storage1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Exam SC-300 Question 258
Show Answer
Correct Answer:
Exam SC-300 Question 258

Discussion

6 comments
Sign in to comment
jim85
Jun 20, 2024

Answers are correct. App1 - Service principal (Enterprise app) https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser App2 - UAMI https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/managed-identity-best-practice-recommendations

dzdz
Mar 29, 2024

App1 : System-assigned managed identity. App2 : User-assigned managed identity.

Nail
Oct 29, 2024

how is this helpful without any sort of explanation?

JohnnyChimpo
Apr 16, 2025

Service principal because Entra authentication UAMI because it needs to be assigned to VM1 and VM2 which rules our SAMI

59e8fdb
Mar 12, 2025

Not correct

JohnnyChimpo
Apr 16, 2025

Service principal because Entra authentication UAMI because it needs to be assigned to VM1 and VM2 which rules our SAMI

Panama469
Jul 5, 2024

Answers correct, agree with JIM85.

calom52
Nov 1, 2024

The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

Fijii
Mar 2, 2025

This is the correct anwsers

Fijii
Mar 2, 2025

Had a hard time understanding this, hopefully ChatGPT is right, it seems to be the correct anwser : App1 needs a service principal, a managed identity is not available for a registered app (only azure resources) and Entra Account would not minimize admin effort : App2 is hosted on VM1 and VM2. VM are azure resources, so service principal is not applicable here and Entra account would again not minimize admin effort. The solution is a managed identity. However a system-assigned identity is only tied to ONE resource, the identity must be shared, so User-Assigned it is.

Obi_Wan_Jacoby
Apr 21, 2025

Given aswers are correct. Box 1 (for App1): Service principal Box 2 (for App2): UAMI