Basic Concept: This question tests identity and authentication for Azure SQL and SQL Server workloads, including when to use contained users, directory identities, certificate validation, or authentication profiles.
Why C is Correct: A managed identity gives an Azure resource an identity in Microsoft Entra ID so it can access services such as Key Vault without embedding credentials in code. The scenario asks for: You need to create a SQL Server Agent job that will rebuild indexes of the databases hosted on VM1. That makes a system-assigned managed identity in Microsoft Entra ID the option that satisfies the required Azure SQL layer and operational outcome.
Why A is Wrong: Elastic Jobs automate T-SQL execution across many Azure SQL databases, especially for multi-tenant or shard-style deployments. It protects or manages a different security layer, so the required database access or protection behavior would still be incomplete.
Why B is Wrong: a local Windows account is a security-related control, but its value depends on whether the requirement is identity, encryption, auditing, network isolation, or data exposure reduction. It is not the right enforcement point for this case; the scenario needs the control that governs the data or identity path being tested.
Why D is Wrong: A managed identity gives an Azure resource an identity in Microsoft Entra ID so it can access services such as Key Vault without embedding credentials in code. It protects or manages a different security layer, so the required database access or protection behavior would still be incomplete.
Submit