Microsoft Cybersecurity Architect — Question 48

You have an Azure subscription and an Azure DevOps organization.

You need to recommend a solution for connecting Azure DevOps pipelines to the resources in the subscription by using Azure Resource Manager (ARM) service connections. The solution must align with Microsoft Cloud Adoption Framework for Azure best practices, including the principle of least privilege.

What should you include in the recommendation?

Answer options

• A. service principals and secrets
• B. workload identity federation and service principals
• C. workload identity federation and user-assigned managed identities
• D. workload identity federation and system-assigned managed identities

Correct answer: B

Explanation

The correct answer is B because workload identity federation allows for secure identity management while using service principals to authenticate Azure DevOps with minimal privileges. The other options are not aligned with the least privilege principle or do not utilize the best practices outlined in the Microsoft Cloud Adoption Framework.