Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

You are designing authentication for several Azure Kubernetes Service (AKS) clusters that will be deployed in three different Azure subscriptions. The clusters will host identical micro-services that must read secrets from a central Azure Key Vault and send diagnostics to an Event Hub namespace. The solution must:

  • Eliminate hard-coded or file-based credentials in the containers.
  • Allow the same identity to be shared by workloads running in every cluster and subscription.
  • Ensure that credential rotation never requires redeploying the applications.

Which approach should you recommend?

  • Enable a system-assigned managed identity on every AKS cluster and grant each identity the required access to Key Vault and Event Hub.

  • Create an Azure AD application with a client secret and store the secret in Kubernetes Secrets mounted into the pods.

  • Configure an Azure AD application that uses a certificate stored on each cluster node and rotate the certificate annually.

  • Create one user-assigned managed identity, grant it access to Key Vault and Event Hub, and attach that identity to the node pools of all AKS clusters.

Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot