Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Practice this question and more.

When creating an Azure Kubernetes Service (AKS) cluster, what is necessary for it to connect to an Azure Container Registry using the auto-generated service principal?

You need to create an Azure Active Directory (Azure AD) role assignment.
You need to create a new Azure Storage account.
You need to enable multi-factor authentication.
You need to configure virtual network service endpoints.

The correct answer is: You need to create an Azure Active Directory (Azure AD) role assignment.

When establishing a connection between an Azure Kubernetes Service (AKS) cluster and Azure Container Registry (ACR), the essential step involves creating an Azure Active Directory (Azure AD) role assignment. This is crucial because AKS needs the appropriate permissions to pull container images from ACR. By assigning the "Reader" and "AcrPull" roles of Azure AD to the service principal that AKS uses, you ensure that the AKS cluster can authenticate against ACR and retrieve the necessary images for deploying workloads. The other options do not directly address the authentication or permission requirements between AKS and ACR. For example, creating a new Azure Storage account is unrelated to the specific process of granting access for AKS to pull images. Similarly, enabling multi-factor authentication, while a good security practice, does not pertain to service principal permissions and access to ACR. Configuring virtual network service endpoints may improve connectivity and security but doesn't address the fundamental requirement of the service principal's role assignment necessary for accessing ACR.