ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-203 All Questions

View all questions & answers for the DP-203 exam
Go to Exam

Exam DP-203 topic 3 question 40 discussion

Actual exam question from Microsoft's DP-203
Question #: 40
Topic #: 3
[All DP-203 Questions]

You have a tenant in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. The tenant contains a group named Group1.

You have an Azure subscription that contains the resources shown in the following table.



You need to ensure that members of Group1 can read CSV files from storage1 by using the OPENROWSET function. The solution must meet the following requirements:

• The members of Group1 must use credential1 to access storage1.
• The principle of least privilege must be followed.

Which permission should you grant to Group1?

  • A. EXECUTE
  • B. CONTROL
  • C. REFERENCES
  • D. SELECT
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by vernillen at Nov. 14, 2023, 7:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sachmett
Highly Voted 1 year, 5 months ago
Selected Answer: C
"Caller must have REFERENCES permission on credential to use it to authenticate to storage." https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-openrowset
upvoted 14 times
...
vernillen
Highly Voted 1 year, 6 months ago
Selected Answer: D
When you're using the OPENROWSET function to read data from the storage account, you're actually performing a read operation, not an execute operation. The credential is used implicitly by Azure Synapse to authenticate the session with the storage account and does not require the EXECUTE permission for the user or group accessing it. Instead, you grant permissions that are appropriate for data access. In this case, the SELECT permission is the correct one to use because it allows the members of Group1 to read or select the data.
upvoted 7 times
...
renan_ineu
Most Recent 8 months, 3 weeks ago
Selected Answer: C
Although SELECT may be required *IF* the groups need to query the external table, the question says "ensure that members of Group1 can read CSV" [using the credential]. Because of this, the group must have REFERENCES permission to reference the credential in the OPENROWSET setting. Remember that in the real world, a group can create a table for another group to access. Note: control would give access, but breaks the "least privilege" principle.
upvoted 1 times
...
j888
1 year, 4 months ago
Yes both require execute and reference. I am starting to feel this is a trick question. I think I will choose 'execute' due to the fact of the following wording 'The principle of least privilege must be followed.
upvoted 1 times
...
be8a152
1 year, 4 months ago
REFERENCES
upvoted 1 times
...
Lewiasskick
1 year, 4 months ago
Selected Answer: C
the table give it out, reference https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-storage-files-overview?tabs=impersonation
upvoted 2 times
...
vernillen
1 year, 5 months ago
Selected Answer: C
Database users who access external storage must have permission to use credentials. To use the credential, a user must have the REFERENCES permission on a specific credential. To grant the REFERENCES permission on a server-level credential for a login, use the following T-SQL query in the master database: GRANT REFERENCES ON CREDENTIAL::[server-level_credential] TO [login_name]; To grant a REFERENCES permission on a database-scoped credential for a database user, use the following T-SQL query in the user database: GRANT REFERENCES ON DATABASE SCOPED CREDENTIAL::[database-scoped_credential] TO [user_name];
upvoted 1 times
vernillen
1 year, 5 months ago
To be fair, I know I answered with both answers, but the context isn't at all that clear. So depending on the context it could be D or C really.
upvoted 2 times
...
...
[Removed]
1 year, 5 months ago
Selected Answer: C
Caller must have REFERENCES permission on credential to use it to authenticate to storage.
upvoted 3 times
...
BitacTeam
1 year, 5 months ago
I am new this topic, however to read from a file you should grant Execute on the above level. so Storage1 should grant Execute on file level should be read.
upvoted 1 times
7082935
10 months, 1 week ago
That would only be true if the user is accessing the storage file directly. They are accessing this through Synapse Workspace, which already has credential1 as authentication mechanism. So they really need to "REFERENCE" the ability to use credential1 as access control.
upvoted 1 times
...
...
kam1122
1 year, 6 months ago
Selected Answer: D
D , SELECT
upvoted 2 times
hunno_basha
1 year, 1 month ago
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-tables-external-tables?tabs=hadoop It is clearly mentioned in Security Section
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel