Domain 1.4: Design identities and access for applications

You are designing an architecture for a multi-tier application. The application runs on a cluster of 10 Azure Virtual Machines that are part of a Virtual Machine Scale Set (VMSS). The application needs to securely retrieve database connection strings from Azure Key Vault. The VMs are frequently scaled in and out based on demand. You need to design an identity solution for the VMs to authenticate to Key Vault that minimizes administrative overhead and prevents credential leakage. Which identity solution should you recommend?

A third-party SaaS application needs to read user profiles from your Microsoft Entra ID tenant using the Microsoft Graph API. The application is hosted outside of Azure (on AWS). You need to design the authentication and authorization solution for this application. The solution must follow security best practices and avoid the use of shared passwords. Which TWO actions should you perform? (Select TWO)

You are designing an application architecture where an Azure App Service web app needs to securely access an Azure SQL Database and an Azure Storage Account. Security policies require that no credentials, connection strings, or secrets be stored in the application code or configuration files. The identity used for access must be automatically managed by Azure and tied to the lifecycle of the App Service. Which identity solution should you recommend?

You are migrating a legacy third-party application to an Azure Virtual Machine. The application requires an API key to access an external vendor's service. The application cannot be modified to use Azure SDKs or Managed Identities directly. You need to securely store the API key in Azure Key Vault and deliver it to the application securely. Which TWO components should you include in your design? (Select TWO)