ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AI-100 All Questions

View all questions & answers for the AI-100 exam
Go to Exam

Exam AI-100 topic 5 question 7 discussion

Actual exam question from Microsoft's AI-100
Question #: 7
Topic #: 5
[All AI-100 Questions]

You are developing a Microsoft Bot Framework application. The application consumes structured NoSQL data that must be stored in the cloud.
You implement Azure Blob storage for the application. You want access to the blob store to be controlled by using a role.
You implement Shared Key authorization on the storage account.
Does this action accomplish your objective?

  • A. Yes, it does
  • B. No, it does not
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
A client using Shared Key passes a header with every request that is signed using the storage account access key rather than a role.
Use Azure Active Directory (Azure AD) instead.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-auth
by Messatsu at July 22, 2021, 1:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rveney
2 years ago
B. No, it does not. Shared Key authorization is not suitable for controlling access to the blob store based on roles. Shared Key authorization provides a storage account access key, which can be used to authenticate and access the blob store. However, it does not support role-based access control (RBAC) or fine-grained access control. To control access to the blob store based on roles, you should use Azure Blob storage with Azure Active Directory (Azure AD) integration. Azure AD enables you to define roles and assign them to users or groups, allowing you to manage access control at a more granular level. With Azure AD integration, you can use RBAC to control who can perform specific actions on the blob store, such as read, write, or delete. By combining Azure Blob storage with Azure AD integration and RBAC, you can achieve the objective of controlling access to the blob store based on roles.
upvoted 1 times
...
Messatsu
3 years, 11 months ago
Yes, it does : " For account, container, or blob authorization use Shared Access Signature Keys ." Source : https://docs.microsoft.com/en-us/azure/architecture/data-guide/technology-choices/data-storage
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel