Home › Azure AZ-305 › cloudcomputing › az305identitygov › Which Azure feature should an architect recommen…
Which Azure feature should an architect recommend to give an Azure VM or App Service an identity that can access Key Vault and other Azure APIs WITHOUT storing credentials in code?
AManaged Identity (system-assigned or user-assigned) attached to the resource
BHardcoded credentials in App Settings
CDisabling auth on Key Vault
DSharing the global admin's password with the service
Answer & Solution
Correct answer: A. Managed Identity (system-assigned or user-assigned) attached to the resource
Managed Identity is Azure's no-credential-in-code identity pattern (per AZ-305 §1 auth). The other options are textbook insecurity.
Related questions
Which Azure governance service should an architect recommend to track and report regulatorWhich Microsoft Entra feature should an architect recommend so external partners (e.g. conWhich Azure feature should an architect recommend so that the same Microsoft Entra workforWhich Microsoft Entra ID feature should an architect recommend for adaptive risk-based autWhich Azure governance hierarchy should an architect recommend so that a single Azure PoliWhich Azure governance feature should an architect recommend to enforce constraints acrossWhich Azure service should an architect recommend to centrally store and rotate secrets, cWhich Microsoft Entra ID feature should an architect recommend to give engineers JIT, appr