Exam AZ-303 topic 2 question 28 discussion

It looks right

In the link below, it is clear that there are only two ways of authorisation to Azure service bus : Active directory or SAS. When Active directory is not supported by the App service in the given situation, there is only other way is SAS. https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-authentication-and-authorization

B. Add a shared access policy to the queue. "Shared access authorization policies" The rights provided by the policy rule can be a combination of: Send – Gives the right to send messages to the entity Listen – Gives the right to listen or receive to the entity Manage – Gives the right to manage the topology of the namespace, including creation and deletion of entities https://docs.microsoft.com/en-us/azure/event-hubs/authorize-access-shared-access-signature#shared-access-authorization-policies

Question appeared On AZ-303 exam on 08/12/2021 - 49 questions, 4Q - Fabrikan case study

https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-authentication-and-authorization Configure Access control (IAM) for the Service Bus - Since App1 does not support Azure AD, we cannot use managed identities. So, configuring access control is not required. Modify the locks of the queue - Locks are used to prevent accidental deletion or modification of Azure resources. Configure Access control (IAM) for the queue - Since App1 does not support Azure AD, we cannot use managed identities. So, configuring access control is not required. B is the answer; shared access policy

I had this question in the exam that i took on July 14th 2021

In the link below, it is clear that there are only two ways of authorisation to Azure service bus : Active directory or SAS. When Active directory is not supported by the App service in the given situation, there is only other way is SAS.

A shared policy that can only send messages

it would be D if AD is supported Not A (narrowest scope ) but the correct answer in the given scenario is - B

Sorry B is not correct .....SAS is different from a shared access policy which does not apply here. The answer is A (there is a RBAC role called Azure Service Bus Data Sender which can be assigned to an Application) - All the details are here: https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application

for given scenario answer is correct based on following description preferred choice is Azure AD which is not available as per question Azure Service Bus supports authorizing access to a Service Bus namespace and its entities using Azure Active Directory (Azure AD). Authorizing users or applications using OAuth 2.0 token returned by Azure AD provides superior security and ease of use over shared access signatures (SAS). With Azure AD, there is no need to store the tokens in your code and risk potential security vulnerabilities. Microsoft recommends using Azure AD with your Azure Service Bus applications when possible.

shared access will be the correct answer.

https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas he rights conferred by the policy rule can be a combination of: 'Send' - Confers the right to send messages to the entity 'Listen' - Confers the right to listen (relay) or receive (queue, subscriptions) and all related message handling 'Manage' - Confers the right to manage the topology of the namespace, including creating and deleting entities

B, IAM is not supported by the App1 according the question description