Home » Microsoft » AZ-220 v.2 » Which three device attestation mechanisms can you use?
You have an Azure IoT hub that uses a Device Provision Service instance.
You plan to deploy 100 IoT devices.
You need to confirm the identity of the devices by using the Device Provision Service.
Which three device attestation mechanisms can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. X.509 certificates
B. Trusted Platform Module (TPM) 2.0
C. Trusted Platform Module (TPM) 1.2
D. Symmetric key
E. Device Identity Composition Engine (DICE)
Correct Answer: ABD
Explanation/Reference:
The Device Provisioning Service supports the following forms of attestation:
X.509 certificates based on the standard X.509 certificate authentication flow.
Trusted Platform Module (TPM) based on a nonce challenge, using the TPM 2.0 standard for keys to present a signed Shared Access Signature (SAS) token. This does not require a physical TPM on the device, but the service expects to attest using the endorsement key per the TPM spec.
Symmetric Key based on shared access signature (SAS) Security tokens, which include a hashed signature and an embedded expiration.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-service#attestation-mechanism
