Microsoft Identity and Access Administrator — Question 66

You have an Azure subscription that contains a storage account named storage1.

You plan to deploy an app named App1 that will be hosted on multiple virtual machines. The virtual machines will authenticate to a third-party API by using secrets.

You need to recommend an authentication solution for the virtual machines. The solution must meet the following requirements:

• Securely store secrets.
• Ensure that credentials do NOT need to be stored in the App1 code.
• Ensure that the virtual machines can access Azure resources by using Microsoft Entra authentication
• Minimize administrative effort.

What should you include in the recommendation?

Answer options

• A. user accounts and Storage Service Encryption
• B. user-assigned managed identities and Azure Key Vault
• C. user accounts and Azure Key Vault
• D. system assigned managed identities and Storage Service Encryption

Correct answer: B

Explanation

The correct answer is B, as user-assigned managed identities allow the virtual machines to authenticate securely with Azure resources without embedding credentials in App1's code, and Azure Key Vault provides a secure way to store secrets. Options A and C involve user accounts, which do not meet the requirement of minimizing administrative effort and securely storing secrets. Option D uses system assigned managed identities, which does not align with the need for user-assigned identities in this scenario.