This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
You're building a custom deployment agent that runs on an Azure virtual machine that you control. Which of these authentication techniques should the agent use to authenticate and work with Azure resources?
User account
Service principal
Managed identity
You need to create a service principal for a pipeline that deploys your infrastructure to three environments - development, test, and production. Each environment is in a dedicated resource group in three different subscriptions. What should you do?
Create a single service principal and grant it access to the tenant root management group.
Create a single service principal and grant it access to each of the resource groups in the three subscriptions.
Create three service principals, one per environment, and grant each access to a single resource group in the relevant subscription.
You create a service principal with a key, and you set the key to expire 30 days in the future. What happens after that time?
Nothing - the key will automatically renew.
Your client can no longer authenticate.
Your client can authenticate, but it receives a warning that the key has expired.
You're creating a service principal to run a pipeline. The pipeline deploys a Bicep template that creates a single storage account. Which of the following options has the least privileged access that you need for your pipeline?
Role definition: Contributor Scope: Subscription
Role definition: Contributor Scope: Resource group
Role definition: Owner Scope: Resource group
You must answer all questions before checking your work.
Was this page helpful?