ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 67 discussion

Actual exam question from Microsoft's AZ-204
Question #: 67
Topic #: 4
[All AZ-204 Questions]

HOTSPOT
-

You are developing an Azure Function App named App1. You also plan to use cross-origin requests (CORS).

You have the following requirements:

• App1 functions must securely access an Azure Blob Storage account.
• Access to the Azure Blob Storage account must not require the provisioning or rotation of secrets.
• JavaScript code running in a browser on an external host must not be allowed to interact with the function.

You need to implement App1.

Which configuration should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by SachinV at Nov. 14, 2023, 3:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
examtopicsLogin123
7 months, 3 weeks ago
"*" is a valid value for the --allowed-origins parameter, to allow all origins https://learn.microsoft.com/en-us/cli/azure/functionapp/cors?view=azure-cli-latest#az-functionapp-cors-add-required-parameters Also CORS can be enabled or disabled https://learn.microsoft.com/en-us/azure/container-apps/cors?tabs=arm&pivots=azure-portal#enable-and-configure-cors https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-configure-cross-origin-resource-sharing#enable-cors-support-from-azure-portal Last two options in "Disallow access from another domain" both look correct to me ...
upvoted 1 times
...
SSR999
1 year, 4 months ago
is this question is part of any case study
upvoted 3 times
...
130nk3r5
1 year, 5 months ago
Answer is correct.
upvoted 3 times
130nk3r5
1 year, 5 months ago
System Managed Identity: System managed identities are tied to your Azure service and are automatically cleaned up when the resource is deleted. They are easier to use if your application only needs to authenticate to services that support Azure AD authentication. Configure CORS allowed origins to none: To disallow JavaScript code running in a browser on an external host from interacting with the function, you should not include that host in your CORS policy. Configuring CORS allowed origins to none will prevent any domain from accessing your function app.
upvoted 7 times
...
...
Weam
1 year, 6 months ago
Correct answer is : System managed Identity Configure allowed origins to disable according to this link: https://learn.microsoft.com/en-us/cli/azure/functionapp/cors?view=azure-cli-latest#az-functionapp-cors-credentials
upvoted 4 times
Jnao
11 months, 3 weeks ago
In link you provided, there is cors credentials not cors origin, and also there is no disable parameter, but Enable (true/false). I also didn't find anything about cors origin none/disabled, only to not include it in header. Only stackoverflow link: https://stackoverflow.com/questions/69986992/is-it-possible-to-set-access-control-allow-origin-to-none So nearest answer is to set it to none (maybe meaning to not set it).
upvoted 1 times
...
...
SachinV
1 year, 6 months ago
As the requirement says “Plan to Use CORS”, the correct response should be “Configure cors allowed origins *”. However, lil got confused on the 2nd question label asking “Disallow access from another domain”. If we don’t set CORS, then by default, CORS is disabled for other domains.
upvoted 2 times
overhill
6 months, 4 weeks ago
I think the difference is, using CORS requests vs Accepting CORS requests
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel