Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-300 Exam - Topic 2 Question 116 Discussion

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:* Ensure that AKS1 uses the managed identity to access DB1.* Follow the principle of least privilege.Which role should you assign to the managed identity of AKS1.
A) For R61, assign the Azure Cosmos DB Data Reader Role role.
B) For Sub1. assign the Owner role.
C) For RG1, assign the Reader role.
D) For DB1, assign the Azure Cosmos DB Account Reader Role role.

Microsoft SC-300 Exam - Topic 2 Question 116 Discussion

Actual exam question for Microsoft's SC-300 exam
Question #: 116
Topic #: 2
[All SC-300 Questions]

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.

You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:

* Ensure that AKS1 uses the managed identity to access DB1.

* Follow the principle of least privilege.

Which role should you assign to the managed identity of AKS1.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Estrella at Jul 07, 2025, 10:00 AM

Limited Time Offer

25%

Off

Get Premium SC-300 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Felix
6 months ago
Option D seems like a good choice too, but not as specific as A.
upvoted 0 times
...
Marlon
6 months ago
I think option B is overkill, Owner role is too much access.
upvoted 0 times
...
Jules
6 months ago
Surprised that people would consider the Owner role, that's risky!
upvoted 0 times
...
Jeanice
6 months ago
Option C just gives read access to the resource group, not DB1.
upvoted 0 times
...
Gaynell
7 months ago
Definitely go with option A, the Data Reader Role is perfect for this!
upvoted 0 times
...
Omega
7 months ago
I recall that the Reader role is more about viewing resources, so I doubt that would allow AKS1 to access DB1 properly.
upvoted 0 times
...
Major
7 months ago
I practiced a similar question, and I think the Azure Cosmos DB Account Reader role could be relevant, but I’m not confident it’s the best fit here.
upvoted 0 times
...
Kaycee
7 months ago
I'm not entirely sure, but I feel like assigning the Owner role is too broad and doesn't follow the least privilege principle.
upvoted 0 times
...
Scarlet
7 months ago
I remember studying the roles in Azure Cosmos DB, and I think the Data Reader role might be the right choice for AKS1 to access DB1.
upvoted 0 times
...
Jeanice
8 months ago
I'm not sure about this one. The question mentions the "principle of least privilege," so I'm wondering if assigning the Owner role to the subscription might be overkill. I'll need to double-check the role definitions to make sure I'm choosing the most appropriate one.
upvoted 0 times
...
Junita
8 months ago
Okay, I think I've got this. Since the question states that AKS1 needs to access DB1, the correct answer is to assign the Azure Cosmos DB Data Reader role to the AKS1 managed identity. This will give it the necessary permissions to read from the Cosmos DB database.
upvoted 0 times
...
Leatha
8 months ago
Hmm, I'm a bit confused about the different roles available for Cosmos DB. I'll need to review the documentation to make sure I understand the differences between the Data Reader and Account Reader roles.
upvoted 0 times
...
Willodean
8 months ago
This looks like a straightforward question about Azure Cosmos DB and AKS permissions. I think the key is to follow the principle of least privilege, so I'll focus on assigning the minimum required role to the AKS managed identity.
upvoted 0 times
...
Gerardo
10 months ago
I'm not sure, but I think assigning the Reader role at the RG1 level could also work.
upvoted 0 times
...
Arlean
10 months ago
Option D would give the managed identity too much access. We only need it to read from the DB1 database, not the entire Cosmos DB account.
upvoted 0 times
Teri
9 months ago
Option D would give the managed identity too much access. We only need it to read from the DB1 database, not the entire Cosmos DB account.
upvoted 0 times
...
Altha
9 months ago
A) For R61, assign the Azure Cosmos DB Data Reader Role role.
upvoted 0 times
...
...
Maryln
11 months ago
Haha, assigning the Owner role to the entire subscription? That's overkill! Option B is definitely not the right choice.
upvoted 0 times
Giovanna
10 months ago
C) For RG1, assign the Reader role.
upvoted 0 times
...
Virgie
10 months ago
A) For R61, assign the Azure Cosmos DB Data Reader Role role.
upvoted 0 times
...
...
Vincenza
11 months ago
I disagree, I believe the correct answer is D) For DB1, assign the Azure Cosmos DB Account Reader Role role.
upvoted 0 times
...
Crista
11 months ago
I agree with Mabel. Option A is the way to go here. Giving the managed identity the least amount of permissions required is the best approach.
upvoted 0 times
Cyndy
10 months ago
Definitely, assigning the Azure Cosmos DB Data Reader Role role to the managed identity of AKS1 is the right way to go.
upvoted 0 times
...
Kimbery
10 months ago
I agree, giving the managed identity only the necessary permissions is important.
upvoted 0 times
...
Fletcher
10 months ago
I think option A is the best choice. It follows the principle of least privilege.
upvoted 0 times
...
...
Eric
11 months ago
I think the answer is A) For R61, assign the Azure Cosmos DB Data Reader Role role.
upvoted 0 times
...
Mabel
11 months ago
Option A seems the most logical choice. Assigning the Azure Cosmos DB Data Reader Role to the managed identity of AKS1 would allow it to access the DB1 database while following the principle of least privilege.
upvoted 0 times
My
11 months ago
Definitely, option A meets the requirements and follows the principle of least privilege.
upvoted 0 times
...
Vi
11 months ago
Assigning the Azure Cosmos DB Data Reader Role to the managed identity of AKS1 is the way to go.
upvoted 0 times
...
Ben
11 months ago
I agree, option A is the best choice for ensuring AKS1 can access DB1.
upvoted 0 times
...
...

Save Cancel