- Home
- Microsoft
- Microsoft Identity and Access Administrator
- Microsoft.SC-300.v2024-08-05.q115
- Question 14
Valid SC-300 Dumps shared by ExamDiscuss.com for Helping Passing SC-300 Exam! ExamDiscuss.com now offer the newest SC-300 exam dumps, the ExamDiscuss.com SC-300 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SC-300 dumps with Test Engine here:
Access SC-300 Dumps Premium Version
(340 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 14/115
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity.
You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:
* Ensure that AKS1 uses the managed identity to access DB1.
* Follow the principle of least privilege.
Which role should you assign to the managed identity of AKS1.
You need to ensure that AKS1 can access DB1. The solution must meet the following requirements:
* Ensure that AKS1 uses the managed identity to access DB1.
* Follow the principle of least privilege.
Which role should you assign to the managed identity of AKS1.
Correct Answer: B
- Question List (115q)
- 1 commentQuestion 1: You have a Microsoft 365 E5 subscription that uses Microsoft...
- 1 commentQuestion 2: You have a Microsoft 365 E5 subscription that contains a web...
- Question 3: You have an Azure subscription that contains the following v...
- Question 4: You have an Azure Active Directory (Azure AD) tenant. You ne...
- Question 5: You need to configure app registration in Azure AD to meet t...
- Question 6: You need to implement the planned changes and technical requ...
- Question 7: You have an Azure Active Directory (Azure AD) tenant that co...
- 1 commentQuestion 8: You have a custom cloud app named App1 that is registered in...
- Question 9: You have an Azure Ad tenant that contains the users show in ...
- Question 10: Note: This question is part of a series of questions that pr...
- Question 11: You need to meet the authentication requirements for leaked ...
- Question 12: You have an Azure Active Directory (Azure AD) tenant that ha...
- Question 13: You have a Microsoft 365 tenant. The Azure Active Directory ...
- 1 commentQuestion 14: You have an Azure subscription named Sub1 that contains a re...
- Question 15: You have a Microsoft 365 tenant. You need to ensure that you...
- 1 commentQuestion 16: You have a Microsoft Entra tenant named contoso.com that con...
- Question 17: Task 2 You need to implement a process to review guest users...
- Question 18: You have an Azure Active Directory (Azure AD) tenant. You cr...
- Question 19: You have an Azure Active Directory (Azure AD) tenant named c...
- Question 20: You create a Log Analytics workspace. You need to implement ...
- Question 21: You have an Azure Active Directory (Azure AD) tenant named c...
- 1 commentQuestion 22: You need to support the planned changes and meet the technic...
- 1 commentQuestion 23: You have an Azure AD tenant that contains the users shown in...
- 1 commentQuestion 24: You need to modify the settings of the User administrator ro...
- Question 25: You have a Microsoft 365 tenant. Sometimes, users use extern...
- 1 commentQuestion 26: You have a Microsoft 365 E5 subscription. You need to create...
- Question 27: You have an Azure AD tenant named contoso.com that contains ...
- 1 commentQuestion 28: You have an Azure subscription that contains a user named Us...
- 1 commentQuestion 29: You have an Azure AD tenant. You deploy a new enterprise app...
- 1 commentQuestion 30: You have 2,500 users who are assigned Microsoft Office 365 E...
- Question 31: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 32: Your company purchases 2 new Microsoft 365 ES subscription a...
- Question 33: You have a Microsoft 365 tenant. The Azure Active Directory ...
- 1 commentQuestion 34: You have a Microsoft 365 tenant. You configure a conditional...
- 1 commentQuestion 35: You have an Azure Active Directory (Azure AD) tenant that co...
- 1 commentQuestion 36: A user named User1 receives an error message when attempting...
- Question 37: You have an Azure AD tenant that contains the users shown in...
- Question 38: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 39: Your company recently implemented Azure Active Directory (Az...
- Question 40: You have an Azure Active Directory (Azure AD) tenant named c...
- Question 41: You have the Azure resources show in the following table. (E...
- Question 42: Your company has an Azure Active Directory (Azure AD) tenant...
- Question 43: Your network contains an on-premises Active Directory domain...
- Question 44: You use Azure Monitor to analyze Azure Active Directory (Azu...
- 1 commentQuestion 45: You need to implement password restrictions to meet the auth...
- Question 46: You have an Azure AD tenant that contains a user named User1...
- Question 47: You have an Azure subscription that contains the custom role...
- Question 48: You have a Microsoft 365 tenant. The Sign-ins activity repor...
- Question 49: You have an Azure AD tenant You configure User consent setti...
- Question 50: Your network contains an on-premises Active Directory domain...
- 2 commentQuestion 51: You have an Azure AD tenant that contains the users shown in...
- Question 52: Note: This question is part of a series of questions that pr...
- 1 commentQuestion 53: You have a Microsoft 365 E5 tenant. You purchase a cloud app...
- Question 54: You have an Azure subscription that contains the key vaults ...
- Question 55: You have an Azure AD tenant that contains multiple storage a...
- Question 56: You have an Azure Active Directory (Azure AD) tenant named c...
- Question 57: Task 5 You need to assign a Windows 10/11 Enterprise E3 lice...
- Question 58: You have an Azure AD tenant that contains the users shown in...
- Question 59: You have an Azure subscription that contains an Azure SQL da...
- Question 60: You have 2,500 users who are assigned Microsoft Office 365 E...
- Question 61: You have a Microsoft Entra tenant. You need to ensure that o...
- Question 62: Task 6 You need to implement additional security checks befo...
- Question 63: Your company has two divisions named Contoso East and Contos...
- Question 64: You create a conditional access policy that blocks access wh...
- Question 65: You have an Azure AD tenant that contains a user named User1...
- Question 66: You have a Microsoft 365 tenant. You need to Identity users ...
- Question 67: You have an Azure AD tenant named Contoso that contains a te...
- Question 68: You need to meet the planned changes for the User administra...
- Question 69: Note: This question is part of a series of questions that pr...
- Question 70: You have a Microsoft 365 tenant that uses the domain named f...
- Question 71: You have a Microsoft 365 E5 subscription that contains a Mic...
- 1 commentQuestion 72: You have an Azure subscription named Sub1 that contains a us...
- 1 commentQuestion 73: You have an Azure AD tenant that contains an access package ...
- 1 commentQuestion 74: You have an Azure Active Directory (Azure AD) tenant that co...
- 1 commentQuestion 75: You have a Microsoft 365 E5 subscription that contains three...
- 1 commentQuestion 76: You need to implement the planned changes for litware.com. W...
- 1 commentQuestion 77: You have a hybrid Microsoft 365 subscription that contains t...
- Question 78: You have an Azure Active Directory (Azure AD) tenant that ha...
- Question 79: You have an Azure AD tenant that contains the users shown in...
- 1 commentQuestion 80: You have an Azure subscription that contains an Azure Automa...
- Question 81: Task 8 You need to prevent all users from using legacy authe...
- 1 commentQuestion 82: You have a Microsoft 365 tenant. You currently allow email c...
- 1 commentQuestion 83: You have a Microsoft 365 subscription that contains a user n...
- Question 84: Your on-premises network contains an Active Directory Domain...
- 1 commentQuestion 85: You have a Microsoft 365 tenant named contoso.com. Guest use...
- Question 86: You need to track application access assignments by using Id...
- 1 commentQuestion 87: Your network contains an on-premises Active Directory domain...
- Question 88: You need to create the LWGroup1 group to meet the management...
- Question 89: You configure Azure Active Directory (Azure AD) Password Pro...
- Question 90: You have a Microsoft Exchange organization that uses an SMTP...
- Question 91: You have an Azure Active Directory (Azure AD) tenant that ha...
- Question 92: You need to configure the MFA settings for users who connect...
- 1 commentQuestion 93: You plan to deploy a new Azure AD tenant. Which multifactor ...
- Question 94: You have an Azure subscription that contains a user named Us...
- Question 95: You need to resolve the issue of the guest user invitations....
- Question 96: You have a Microsoft Entra tenant that contains a terms of u...
- Question 97: You need to resolve the recent security incident issues. Wha...
- Question 98: You have a Microsoft 365 E5 subscription and an Azure subscr...
- Question 99: You have a new Microsoft 365 tenant that uses a domain name ...
- 1 commentQuestion 100: You have an Azure Active Directory (Azure AD) tenant named c...
- Question 101: You have a Microsoft 365 subscription that contains the user...
- 1 commentQuestion 102: You have an Azure subscription. You are evaluating enterpris...
- Question 103: Your company has an Azure Active Directory (Azure AD) tenant...
- Question 104: You need to configure the assignment of Azure AD licenses to...
- Question 105: You have an Azure Active Directory (Azure AD) tenant that co...
- Question 106: You have an Azure Active Directory (Azure AD) tenant that us...
- Question 107: You have a Microsoft 365 E5 subscription. You need to perfor...
- 1 commentQuestion 108: You have an Azure subscription that containes a registered a...
- 1 commentQuestion 109: You have a Microsoft 365 subscription. You plan to deploy an...
- Question 110: You have an Azure AD tenant named contoso.com that contains ...
- 1 commentQuestion 111: You need to allocate licenses to the new users from A Datum....
- Question 112: You have an Azure Active Directory (Azure AD) tenant. You ne...
- Question 113: You have a Microsoft 365 tenant. You have an Active Director...
- 1 commentQuestion 114: You have an Azure AD tenant that contains the groups shown i...
- Question 115: You have an Azure subscription named Sub1 that uses Microsof...
Recent Comments (The most recent comments are at the top.)
To ensure that AKS1 can access DB1 using its managed identity while following the principle of least privilege, the best option is:
**A. For DB1, assign the Azure Cosmos DB Account Reader Role role.**
Here's the reasoning behind this choice:
1. **Managed Identity**: The question states that AKS1 uses a managed identity, which is the recommended way for Azure resources to access other Azure resources securely without storing credentials in code.
2. **Principle of Least Privilege**: This principle dictates that we should grant only the minimum permissions necessary to perform the required tasks.
3. **Scope**: We want to provide access specifically to DB1, not to the entire resource group or subscription.
4. **Required Access**: The AKS cluster needs to read from the Cosmos DB database.
Let's examine why the other options are not optimal:
B. **Azure Cosmos DB Data Reader Role for RG1**: While this would provide the necessary access, assigning it at the resource group level is broader than necessary and violates the principle of least privilege.
C. **Reader role for RG1**: This is too broad as it provides read access to all resources in the resource group, not just the Cosmos DB database. It also may not provide the specific permissions needed to read data from Cosmos DB.
D. **Owner role for Sub1**: This is far too permissive, granting full access to all resources in the entire subscription, which severely violates the principle of least privilege.
The Azure Cosmos DB Account Reader Role provides the necessary permissions to read data from a Cosmos DB account without granting unnecessary privileges. It's scoped directly to the DB1 resource, adhering to the principle of least privilege while ensuring AKS1 can access the database using its managed identity....