Exam AZ-304 topic 2 question 29 discussion

Given answer is correct

given answer is correct. You can use resource tokens to get access to the data in Azure Cosmos DB. And you can provide role-based access control to the users defined in Azure AD. Azure Cosmos DB uses two types of keys to authenticate users and provide access to its data and resources. Primary keys Used for administrative resources: database accounts, databases, users, and permissions Resource tokens Used for application resources: containers, documents, attachments, stored procedures, triggers, and UDFs. as here we read access to the Cosmos DB databases so we need use a hash resource token specifically constructed for the user, resource(database), and permission(read). assign Cosmos DB Account Reader Role to user through Access control (IAM) RBAC https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data#:~:text=Open%20the%20Azure%20portal%2C%20and,user%2C%20group%2C%20or%20application

Verified. Even , some URL explanations are outdated.

On AZ-305 exam - 5.7.22

C seems correct

Correct answer

A shared access signature (SAS) is a URI that grants restricted access rights to Azure Storage resources -> This makes A wrong B is completely irrelevant so it's wrong as well Azure Information Protection (AIP) is a cloud-based solution that enables organizations to classify and protect documents and emails by applying labels. -> D is wrong as well It can only be C as the answer

correct

On Exam 05/01/2021

The answer is correct

C. a resource token and an Access control (IAM) role assignment

C is correct

Answer should be correct based on this : https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data#:~:text=Open%20the%20Azure%20portal%2C%20and,user%2C%20group%2C%20or%20application.

Correct answer