ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 74 discussion

Actual exam question from Microsoft's AZ-204
Question #: 74
Topic #: 4
[All AZ-204 Questions]

HOTSPOT
-

A company has an Azure storage static website with a custom domain name.

The company informs you that unauthorized users from a different country/region are accessing the website. The company provides the following requirements for the static website:

• Unauthorized users must not be able to access the website.
• Users must be able to access the website using the HTTPS protocol.

You need to implement the changes to the static website.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by c75314a at Oct. 21, 2024, 9:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
c75314a
Highly Voted 6 months, 2 weeks ago
Not "Configure the AllowBlobPublicAccess property for the storage account to False" https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#set-the-storage-accounts-allowblobpublicaccess-property Not "Configure the storage account to use Microsoft Entra ID authentication" https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#do-static-websites-support-microsoft-entra-id Not "Configure the public access level of the web container to Blob" https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#impact-of-setting-the-access-level-on-the-web-container So i would say "Configure a firewall rule on the storage account" "Enable Azure Content Delivery Network on the storage account" is correct: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#mapping-a-custom-domain-to-a-static-website-url
upvoted 10 times
examtopicsLogin123
4 months, 2 weeks ago
Thanks for the links! "Enable Azure Content Delivery Network on the storage account" - this option says nothing about HTTPS. With this option you can setup HTTPS if you want. "Configure the storage account to require secure transfer" - this option means only HTTPS requests would work. And the question contains the word "Require". I think this is the correct one. Quotes from the last link: "To enable HTTPS, you'll have to use Azure CDN ..." "If the storage account is configured to require secure transfer over HTTPS, then users must use the HTTPS endpoint."
upvoted 1 times
examtopicsLogin123
4 months, 2 weeks ago
Now I think this is the correct answer: "Enable Azure Content Delivery Network on the storage account" Because there is a nuance with custom domains. It seems the "Secure transfer required" option doesn't work for HTTPS and custom domains: "Because Azure Storage doesn't support HTTPS for custom domain names, this option isn't applied when you're using a custom domain name." https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer
upvoted 1 times
...
...
...
gfanco
Most Recent 2 weeks, 6 days ago
SOLUTION 1: "Configure a firewall rule on the storage account" -> Prevents attacks from external IPs, or public links that are being misused. However, an attacker inside the allowed network can still attempt to access it. "Configure the storage account to use Microsoft Entra ID authentication" -> Authentication is not enough, Authorization (RBAC) via Microsoft Login ID is also required. "Configure the AllowBlobPublicAccess property for the storage account to False" -> The best choice, because prevents anonymous access to the blobs, regardless of the container's public access level. SOLUTION 2: "Configure the SA to require secure transfer" - Ensures that all communication with the storage account is encrypted using HTTPS, preventing sensitive data from being intercepted in transit. Requires all requests to be made over HTTPS, rejecting any HTTP requests.
upvoted 1 times
gfanco
2 weeks, 6 days ago
My bad, SOLUTION 2 is "Enable Azure Content Delivery Network on the storage account" "Secure transfer required" has a limitation for custom domain names: "Because Azure Storage doesn't support HTTPS for custom domain names, this option isn't applied when you're using a custom domain name." https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer Suggested Answer are CORRECT !!!
upvoted 1 times
...
...
Thameur01
3 weeks, 5 days ago
Prevent access from unauthorized users ==> Configure a firewall rule on the storage account Require HTTPS access to the website ==> Configure the storage account to require secure transfer
upvoted 1 times
...
Iaminall
4 weeks, 1 day ago
Configure firewall rules on the storage account (to restrict unauthorized users by location) Configure the storage account to enable secure transfer (to enforce HTTPS)
upvoted 1 times
...
Mattt
6 months, 1 week ago
- Configure a firewall rule on the storage account - Configure the storage account to require secure transfer
upvoted 4 times
Iaminall
1 month ago
It's about authorization, I think the 1st one must be with Entra ID m.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago