Microsoft Cybersecurity Architect — Question 57

You have an Azure subscription that contains a web app named App1. App1 uses a Microsoft Entra user account named SRV1 as a service account to authenticate to an Azure SQL database named DB1.

You discover that a developer accessed DB1 directly by using SRV1.

You need to recommend a secure authentication method that will prevent credential misuse outside of App1. The solution must minimize administrative effort.

What should you recommend?

Answer options

• A. a managed identity
• B. a group managed service account (gMSA)
• C. a delegated managed service account (dMSA)
• D. a federated identity credential

Correct answer: A

Explanation

The correct answer is A, a managed identity, as it allows Azure services to authenticate to other services securely without the need for credentials in the code, thus preventing misuse. Options B and C are not ideal for this scenario as they require more administrative overhead and are generally used in on-premises scenarios. Option D, a federated identity credential, is more complex and may not effectively address the issue of direct access by developers.