Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You manage an Azure virtual machine scale set (VMSS) that must read data from an Azure Storage account by using Azure role-based access control (Azure RBAC). The VMSS will be deleted and recreated during automated test cycles, but you need the identity that has the Storage Data Reader role assignment to persist across these cycles without having to recreate the role assignment each time. Which approach should you take?

  • Enable a system-assigned managed identity on the VMSS and grant that identity the Storage Blob Data Reader role.

  • Create a user-assigned managed identity, grant it the Storage Blob Data Reader role on the storage account, and associate the identity with the VMSS.

  • Generate a service principal with a client secret, store the secret on the VMSS, and assign the Storage Blob Data Reader role to the service principal.

  • Use the storage account access keys and store them in the VMSS as environment variables.

Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot