Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 4 Discussion
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using
continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the
service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud
Adoption Framework for Azure.
What should you recommend?
Actually, option C might not be the best because using an Azure AD user with PIM adds unnecessary complexity and risk—user accounts can still be compromised, and managing passwords or MFA is a pain for automation. Option B (gMSA) is more for on-prem Windows services and doesn’t integrate well with Azure DevOps pipelines. Option A storing passwords in Key Vault is better but still involves handling secrets. Managed identities (D) eliminate secrets entirely, which fits best with DevSecOps principles by reducing attack surface and simplifying credential management. So D still feels like the clean
Option D for secure, passwordless access without manual credential management.
Going with D, managed identity. It fits best for secure and seamless Azure resource access.