ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 3 discussion

Actual exam question from Microsoft's AZ-304
Question #: 3
Topic #: 2
[All AZ-304 Questions]

You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?

  • A. an Azure AD enterprise application
  • B. Azure Information Protection
  • C. an Azure AD Domain Services (Azure AD DS) instance
  • D. an Azure Front Door instance
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Azure Filesג€‰supports identity-based authentication over Server Message Block (SMB) throughג€‰two types of Domain Services: on-premises Active Directory Domain
Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable
by nlr at Oct. 1, 2020, 6:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nlr
Highly Voted 4 years, 8 months ago
Given answer is correct
upvoted 49 times
sanketshah
4 years, 5 months ago
given answer is correct.
upvoted 3 times
...
...
leo_az300
Highly Voted 3 years, 8 months ago
Answer is correct, There are 2 levels of permissions to assign to users, one is on file-share level, and another is on directory level Configure share-level permissions for Azure Files Once either Azure AD DS or on-premises AD DS authentication is enabled, you can use Azure built-in roles or configure custom roles for Azure AD identities and assign access rights to any file shares in your storage accounts. The assigned permission allows the granted identity to get access to the share only, nothing else, not even the root directory. You still need to separately configure directory or file-level permissions for Azure file shares. Configure directory or file-level permissions for Azure Files Azure file shares enforce standard Windows file permissions at both the directory and file level, including the root directory. Configuration of directory or file-level permissions is supported over both SMB and REST. Mount the target file share from your VM and configure permissions using Windows File Explorer, Windows icacls, or the Set-ACL command.
upvoted 19 times
rdemontis
3 years, 6 months ago
thanks for explanation
upvoted 2 times
...
...
hertino
Most Recent 3 years, 2 months ago
In AZ-305 exam, 9 april 22
upvoted 10 times
...
plmmsg
3 years, 3 months ago
Selected Answer: C
C. an Azure AD Domain Services (Azure AD DS) instance
upvoted 1 times
...
17Master
3 years, 3 months ago
correct answer is C. Azure AD DS over SMB
upvoted 2 times
...
Dawn7
3 years, 4 months ago
Selected Answer: C
I will go with C
upvoted 1 times
...
Dpejic
3 years, 5 months ago
On exam 24.12.2021
upvoted 3 times
...
sharepoint_Azure_pp
3 years, 7 months ago
Answer is correct or can say i choose the same. was there in 17th October 2021 cleared with 900
upvoted 4 times
...
syu31svc
3 years, 8 months ago
Key word is "files" https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#how-it-works Azure file shares leverages Kerberos protocol for authenticating with either on-premises AD DS or Azure AD DS Answer is C
upvoted 3 times
...
souvik123
3 years, 9 months ago
C. an Azure AD Domain Services (Azure AD DS) instance
upvoted 1 times
...
RagazzoAlex
3 years, 11 months ago
Other options do not make sense
upvoted 4 times
...
heamgu
3 years, 11 months ago
C. an Azure AD Domain Services (Azure AD DS) instance
upvoted 3 times
...
demonite
4 years ago
Correct answer https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#how-it-works
upvoted 2 times
...
Vipsao
4 years, 2 months ago
The answer is correct
upvoted 2 times
...
Manishsaini
4 years, 3 months ago
given answer is correct
upvoted 3 times
...
glam
4 years, 4 months ago
C. an Azure AD Domain Services (Azure AD DS) instance
upvoted 4 times
...
Jinder
4 years, 4 months ago
Can someone please explain where you get a clue to use Azure AD DS. Question statement never talked about hybrid/on-prem users and groups. Thanks
upvoted 3 times
fred00r
4 years, 4 months ago
I think the key here is: "Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS)" - https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal So AZ DS is set.
upvoted 9 times
Jinder
4 years, 4 months ago
Thanks. That makes sense.
upvoted 5 times
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel