Microsoft Azure Data Engineer Associate - DP-203

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: a managed identity

When an Azure Data Lake Storage Gen2 account is secured by a virtual network (VNet), the recommended authentication method for Azure Synapse Analytics dedicated SQL pool is **managed identity**. ## Why Managed Identity is the Correct Choice: 1. **VNet Security Requirement**: When storage accounts are protected by virtual networks, traditional authentication methods like shared keys or shared access signatures (SAS) may not work reliably because they don't inherently support VNet-based access restrictions. 2. **Trusted Service Integration**: Managed identities allow Azure Synapse Analytics to authenticate to other Azure services (like ADLS Gen2) without storing credentials in code. The Synapse workspace's system-assigned managed identity can be granted explicit permissions to access the storage account. 3. **Security Best Practice**: Managed identities provide a more secure authentication mechanism compared to shared keys or SAS tokens, as they eliminate the need to manage and rotate credentials manually. 4. **Microsoft Documentation Alignment**: According to Azure documentation, when storage accounts are secured with VNet rules, you must configure access using the workspace's managed identity and grant it the 'Storage Blob Data Contributor' role on the storage account. ## Why Other Options Are Less Suitable: - **Azure AD User (A)**: While Azure AD authentication is supported, it requires additional configuration and may not work seamlessly when the storage account is VNet-protected without additional network considerations. - **Shared Key (B)**: Shared keys provide full access to the storage account and don't integrate well with VNet security. They also pose security risks as they grant broad permissions. - **Shared Access Signature (C)**: SAS tokens can work but have limitations with VNet-protected storage and require regular rotation, making them less ideal for persistent data source connections in Synapse Analytics. Managed identity provides the most secure, maintainable, and VNet-compatible authentication method for this scenario.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: a managed identity

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

You have an Azure Data Lake Storage Gen2 account named `adls2` that is secured by a virtual network. You are designing a dedicated SQL pool in Azure Synapse Analytics that will use `adls2` as a data source. What method should you use to authenticate to `adls2`?

Exam-Like

Last updated: March 9, 2026 at 14:03

an Azure Active Directory (Azure AD) user

a shared key

a shared access signature (SAS)

a managed identity

Microsoft Azure Data Engineer Associate - DP-203

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

You have an Azure Data Lake Storage Gen2 account named adls2 that is secured by a virtual network. You are designing a dedicated SQL pool in Azure Synapse Analytics that will use adls2 as a data source. What method should you use to authenticate to adls2?

Comments (0)

You have an Azure Data Lake Storage Gen2 account named `adls2` that is secured by a virtual network. You are designing a dedicated SQL pool in Azure Synapse Analytics that will use `adls2` as a data source. What method should you use to authenticate to `adls2`?