- 6 views
Exam
Answer needs confirmation
Preamble
You have an Azure virtual machine named VM1 that runs Windows Server.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
Question
You need to ensure that you can use the Azure Policy guest configuration feature to manage VM1.
What should you do?
Proposed answer
- A. Add the PowerShell Desired State Configuration (DSC) extension to VM1.
- B. Configure VM1 to use a user-assigned managed identity.
- C. Configure VM1 to use a system-assigned managed identity.
- D. Add the Custom Script Extension to VM1.
Suggested answer
C. Configure VM1 to use a system-assigned managed identity.
GoforIT21
Highly Voted 2 years, 4 months ago
Selected Answer: C
"For the machine to authenticate to the Guest Configuration service, the machine must have a System-Assigned Managed Identity." (see the given reference, https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/guest-configuration)
upvoted 10 times
Contactfornitish
Highly Voted 2 years, 2 months ago
Still valid, in exam on 23rd Aug'22
upvoted 6 times
mhmyz
Most Recent 2 months, 2 weeks ago
I tested Configuration Management for Azure VM,I could select system managed ID or User managed ID. So the answers are B and C.
upvoted 1 times
SIAMIANJI
6 months, 3 weeks ago
Selected Answer: C
To use the Azure Policy guest configuration feature to manage VM1, you need to ensure that VM1 is configured to use a system-assigned managed identity. Therefore, the correct answer is: C. Configure VM1 to use a system-assigned managed identity.
upvoted 2 times
afridi43
1 year, 2 months ago
Selected Answer: C
Managed Identity: By configuring VM1 to use a system-assigned managed identity, you provide it with an identity within Azure Active Directory (Azure AD). This identity can be used for authentication when interacting with Azure services. Azure Policy: Azure Policy can leverage managed identities to interact with VMs and enforce guest configurations. When a system-assigned managed identity is enabled on a VM, it simplifies the authentication process, and Azure Policy can use this identity to assess and enforce configurations on the VM. So, by configuring VM1 to use a system-assigned managed identity, you enable Azure Policy Guest Configuration to manage and enforce policies on VM1 effectively.
upvoted 2 times
syu31svc
1 year, 8 months ago
Selected Answer: C
C for correct and provided link supports it
upvoted 1 times
empee1977
1 year, 9 months ago
Selected Answer: C
A system-assigned managed identity for an Azure virtual machine enables the virtual machine to use Azure services that support Azure AD authentication, without having to store the credentials in the application code. In order to use the Azure Policy guest configuration feature to manage VM1, you need to configure the virtual machine to use a system-assigned managed identity. Once the system-assigned managed identity is enabled, you can assign the necessary permissions to the managed identity and use Azure Policy guest configuration to manage the virtual machine's configuration.
upvoted 3 times
PEsty93
1 year, 9 months ago
Microsoft are mean. They know we're learning about Desired State Configuration (DSC) as part of the objectives so they throw in it as an answer even though it is not at all relevant.
upvoted 4 times
King_Laps
2 years, 3 months ago
the correct answer is C
upvoted 5 times
prepper666
2 years, 6 months ago
Answer is SYSTEM MANAGED IDENTITY The identity is used to authenticate the machine as it reads and writes to the guest configuration service. The extension isn't required for Arc-enabled servers because it's included in the Arc Connected Machine agent.
upvoted 5 times