Choose the best description of what a service principal does in Azure.
Think about how applications authenticate to Azure services without user interaction.
A service principal is like a user identity for an application. It allows the app to access Azure resources securely without needing a real user.
To create a service principal, which Azure resource is required to exist first?
Service principals are linked to identities registered in Azure AD.
A service principal is created from an Azure AD application registration. The app registration defines the identity, and the service principal is the instance used for access.
Choose the best practice for assigning permissions to a service principal to minimize security risks.
Think about the principle of least privilege.
Assigning only the minimum required permissions reduces the risk if the service principal is compromised. Avoid broad roles like Owner unless absolutely necessary.
What is the expected behavior when the secret (password or certificate) of a service principal expires?
Consider what happens when credentials are no longer valid.
When a service principal's secret expires, authentication requests using that secret will fail. The secret must be renewed or replaced to restore access.
Given the commands below, what will be the output of the final command?
az ad sp create-for-rbac --name myAppSP --skip-assignment
az role assignment list --assignee <appId_of_myAppSP> --query [].roleDefinitionNameConsider what the --skip-assignment flag does when creating the service principal.
The --skip-assignment flag creates the service principal without any role assignments. Therefore, listing roles for the SP returns an empty list.