Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

You need to harden an existing Azure Kubernetes Service (AKS) cluster that developers currently access by using the default local admin credentials in a kubeconfig file. Management states: all kubectl logons must use Microsoft Entra ID, authorization should rely on built-in Azure roles instead of Kubernetes RoleBindings, and the local admin account must be disabled. Which Azure CLI command meets every requirement?

  • Execute az aks update --enable-aad --enable-azure-rbac --disable-local-accounts against the cluster.

  • Enable the cluster's OIDC issuer and configure workload identity federation for the developer application.

  • Generate a kubeconfig file that authenticates with the node-pool managed identity and distribute it to developers.

  • Create a cluster-wide RoleBinding that assigns the developers to the system:masters group.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot