Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-100 Exam - Topic 1 Question 55 Discussion

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.What should you recommend?
D) a managed identity in Azure
A) an Azure AD user account that has a password stored in Azure Key Vault
B) a group managed service account (gMSA)
C) an Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)

Microsoft SC-100 Exam - Topic 1 Question 55 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 55
Topic #: 1
[All SC-100 Questions]

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.

You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.

What should you recommend?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Colette at Sep 17, 2024, 04:03 AM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Hassie
6 months ago
Surprised that people still doubt managed identities; they simplify everything!
upvoted 0 times
...
Ethan
6 months ago
I’ve always used Azure AD user accounts, but maybe I should reconsider.
upvoted 0 times
...
Gracia
7 months ago
Wait, isn't using a gMSA more secure in some cases?
upvoted 0 times
...
Madalyn
7 months ago
Totally agree, managed identities are the way to go!
upvoted 0 times
...
Merilyn
7 months ago
I think option D is the best choice for security.
upvoted 0 times
...
Ammie
7 months ago
I think gMSA might be more relevant for on-premises scenarios, but I’m not clear on how it fits into Azure DevOps. We should double-check that.
upvoted 0 times
...
Annabelle
8 months ago
I feel like I read that using Azure Key Vault for storing credentials is a best practice, but I'm not confident if that applies to this scenario.
upvoted 0 times
...
Lawrence
8 months ago
I'm not entirely sure, but I think using Azure AD user accounts with PIM could add an extra layer of security. We practiced a similar question about role assignments.
upvoted 0 times
...
Stephane
8 months ago
I remember discussing the importance of using managed identities for Azure resources in our last study group. It seems like a secure option for CI/CD pipelines.
upvoted 0 times
...
Desire
8 months ago
A managed identity is definitely the way to go here. It provides the necessary security and automation for a CI/CD pipeline, and it's the recommended approach from Microsoft.
upvoted 0 times
...
Edgar
8 months ago
The Azure AD user account with a password in Key Vault seems like a reasonable option, but I'm not sure if that fully addresses the DevSecOps requirements. I'll need to double-check the guidance.
upvoted 0 times
...
Edison
8 months ago
Okay, I think I've got a good handle on this. I'll recommend a managed identity in Azure, as that aligns with the DevSecOps guidance and avoids the risks of using a user account or service account.
upvoted 0 times
...
France
8 months ago
Hmm, I'm a bit confused about the differences between the identity types mentioned. I'll need to review the details to make sure I understand the pros and cons of each.
upvoted 0 times
...
Detra
8 months ago
This looks like a tricky question. I'll need to carefully consider the DevSecOps best practices and the different identity options.
upvoted 0 times
...
Ettie
2 years ago
Hold up, are we choosing identities or planning a heist? This is getting more exciting than a mission impossible movie!
upvoted 0 times
Quentin
2 years ago
D) a managed identity in Azure
upvoted 0 times
...
Portia
2 years ago
C) an Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)
upvoted 0 times
...
Lavera
2 years ago
B) a group managed service account (gMSA)
upvoted 0 times
...
Filiberto
2 years ago
A) an Azure AD user account that has a password stored in Azure Key Vault
upvoted 0 times
...
...
Candra
2 years ago
Ooh, option C sounds fun! Gotta love that extra layer of security. Although, I'd rather not have to manage all those pesky role assignments. Managed identity it is!
upvoted 0 times
...
Gretchen
2 years ago
PIM? Now that's some fancy stuff! But I'd rather not deal with the extra complexity. Give me that managed identity, nice and simple.
upvoted 0 times
Mattie
2 years ago
Managed identities are definitely the easier option to work with.
upvoted 0 times
...
Merri
2 years ago
Yeah, I prefer to keep things simple too. Managed identities are the way to go.
upvoted 0 times
...
Sage
2 years ago
I agree, managed identities are much simpler to use.
upvoted 0 times
...
...
Talia
2 years ago
I'm not sure, but I think a managed identity in Azure could also be a good option for deployment credentials.
upvoted 0 times
...
Royce
2 years ago
I'm not too keen on storing passwords in Key Vault. That feels a bit outdated, don't you think? Let's go with the gMSA approach, keeps things nice and tidy.
upvoted 0 times
Reena
2 years ago
I'm not too keen on storing passwords in Key Vault. That feels a bit outdated, don't you think? Let's go with the gMSA approach, keeps things nice and tidy.
upvoted 0 times
...
Antonio
2 years ago
D) a managed identity in Azure
upvoted 0 times
...
Fannie
2 years ago
C) an Azure AD user account that has role assignments in Azure AD Privileged Identity Management {PIM)
upvoted 0 times
...
Craig
2 years ago
B) a group managed service account (gMSA)
upvoted 0 times
...
Amber
2 years ago
A) an Azure AD user account that has a password stored in Azure Key Vault
upvoted 0 times
...
...
Stephaine
2 years ago
I agree with Chauncey, using Azure AD PIM will help us follow DevSecOps best practices.
upvoted 0 times
...
Chauncey
2 years ago
I think we should use an Azure AD user account with role assignments in Azure AD PIM for better security.
upvoted 0 times
...
Julio
2 years ago
Hmm, I think option D is the way to go. Managed identities are the easiest to manage and the most secure option. Gotta love that DevSecOps magic!
upvoted 0 times
Wynell
2 years ago
Samira: Absolutely, it's important to follow best practices for security in our Azure DevOps solution.
upvoted 0 times
...
Lennie
2 years ago
Managed identities make it easier to manage credentials securely.
upvoted 0 times
...
Samira
2 years ago
Definitely, managed identities are the way to go for DevSecOps.
upvoted 0 times
...
Francoise
2 years ago
I agree, option D with a managed identity is the best choice for security.
upvoted 0 times
...
Gwenn
2 years ago
User2
upvoted 0 times
...
Jimmie
2 years ago
User1
upvoted 0 times
...
...

Save Cancel