ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.4: Application IdentitiesDomain 1Application IdentitiesManaged IdentityVMSS

AZ-305 · Question 14 · Domain 1.4: Application Identities

You are designing an application architecture that uses an Azure Virtual Machine Scale Set (VMSS) with 10 instances. The application needs to authenticate to Azure Key Vault to retrieve database connection strings.

To adhere to security best practices, you want to use Managed Identities. You need to ensure that if the VMSS scales out to 20 instances, the new instances immediately have access to the Key Vault without any manual role assignments or script executions.

Which type of identity should you recommend?

Answer options:

A.

A System-assigned managed identity

B.

A User-assigned managed identity

C.

An Azure AD Service Principal with a client secret

D.

An Azure AD Service Principal with a certificate

How to approach this question

Evaluate System-assigned vs User-assigned managed identities for scalable or multi-resource architectures.

Full Answer

B.A User-assigned managed identity✓ Correct
A User-assigned managed identity
A User-assigned managed identity is a standalone Azure resource. You can grant it access to Key Vault once. When you attach it to a VM Scale Set, all current and future instances share that identity. While a System-assigned identity on a VMSS also applies to all instances, User-assigned is the architectural best practice for workloads that might be redeployed or share access across multiple different Azure resources, as its lifecycle is independent of the compute resource.

Common mistakes

Choosing System-assigned. While technically functional for a single VMSS, User-assigned is the architectural best practice for scalable, repeatable deployments.
13All questions15

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 3

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees across 30 countries. They cur...MediumQ02Fabrikam Inc. is a Managed Service Provider (MSP) managing Azure environments for 50 different en...HardQ03A financial institution generates 5 TB of telemetry and audit logs daily across its Azure environ...MediumQ04A retail company has recently migrated several workloads to Azure. The IT Director wants a centra...EasyQ05A healthcare organization with 10,000 employees uses on-premises Active Directory. They are migra...Hard
View all 55 questions →