Exam4Training

Which two actions should you perform?

You have 10,000 IoT devices that connect to an Azure IoT hub. The devices do not support

over-the-air (OTA) updates.

You need to decommission 1,000 devices. The solution must prevent connections and autoenrollment for the decommissioned devices.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Update the connection State device twin property on all the devices.
B. Blacklist the X.509 root certification authority (CA) certificate for the enrollment group.
C. Delete the enrollment entry for the devices.
D. Remove the identity certificate from the hardware security module (HSM) of the devices.
E. Delete the device identity from the device registry of the IoT hub.

Answer: B,C

Explanation:

B: X.509 certificates are typically arranged in a certificate chain of trust. If a certificate at any stage in a chain becomes compromised, trust is broken. The certificate must be blacklisted to prevent Device Provisioning Service from provisioning devices downstream in any chain that contains that certificate.

C: Individual enrollments apply to a single device and can use either X.509 certificates or SAS tokens (in a real or virtual TPM) as the attestation mechanism. (Devices that use SAS tokens as their attestation mechanism can be provisioned only through an individual enrollment.) To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry.

To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry.

Reference: https://docs.microsoft.com/en-us/azure/iot-dps/how-to-revoke-device-access-portal

Latest AZ-220 Dumps Valid Version with 88 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version