Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 2 question 44 discussion

Actual exam question from Microsoft's AZ-104
Question #: 44
Topic #: 2
[All AZ-104 Questions]

HOTSPOT -
You have an Azure subscription that contains a storage account named storage1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com that syncs to an on-premises Active Directory domain.
The domain contains the security principals shown in the following table.

In Azure AD, you create a user named User2.
The storage1 account contains a file share named share1 and has the following configurations.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
by ech at Sept. 27, 2021, 10:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
im82
Highly Voted 2 years, 5 months ago
Was on exam today 19.11.2021. Passed with 920 Correct answer: Y-N-Y
upvoted 100 times
janemark
1 year, 3 months ago
Is the site enough to pass the exam?
upvoted 7 times
RougePotatoe
1 year, 3 months ago
No you will fail
upvoted 18 times
PERCY23
4 months, 3 weeks ago
HAHAHA
upvoted 1 times
...
shadad
1 year, 2 months ago
LOL come on man dont scare him :D It will be enough as most people pointed to. however, its better to read and learn.
upvoted 22 times
GBAU
1 year, 2 months ago
If you understand the answers to the questions you will probably pass but if you just try to memorise them you won't.
upvoted 24 times
shadad
1 year, 1 month ago
You are right.
upvoted 5 times
...
...
...
...
karthikwarrior
10 months ago
Yes absolutely!!
upvoted 3 times
...
Aquintero
9 months ago
todos los examenes que he realizado los he pasado, estudiando el Microsoft learn y aqui con examtopics. pero seria mucho mejor que crees un ambiente de pruebas y coloques en practica en lo que tengas dudas
upvoted 8 times
...
...
Rastova
4 months, 1 week ago
who asked
upvoted 4 times
...
azuresam
2 years ago
Does this site questions enough to get cleared in the exam
upvoted 14 times
GenjamBhai
1 year, 11 months ago
Y-N-N https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#restrictions Azure AD DS and on-premises AD DS authentication do not support authentication against computer accounts. You can consider using a service logon account instead. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal#share-level-permissions-for-specific-azure-ad-users-or-groups If you intend to use a specific Azure AD user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Azure AD. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#azure-ad-ds Second, all users that exist in Azure AD can be authenticated and authorized. The user can be cloud only or hybrid. The sync from Azure AD to Azure AD DS is managed by the platform without requiring any user configuration. However, the client must be domain joined to Azure AD DS, it cannot be Azure AD joined or registered.
upvoted 26 times
IAGirl
1 year, 11 months ago
So is Y-N-Y
upvoted 2 times
IAGirl
1 year, 11 months ago
answer must be: Y-N-N
upvoted 6 times
SDiwan
2 months, 2 weeks ago
Y-N-Y, the question mentions that Azure AD is synced with on-prem AD.
upvoted 1 times
...
Load full discussion...
...
...
Gpsn
3 months, 4 weeks ago
Agree with Y-N-N. The last 'N' because Azure AD DS and Azure Files still work with Hybrid entities only and NOT with Cloud Only entities. The latest I could find is here: https://techcommunity.microsoft.com/t5/azure-storage-blog/general-availability-azure-active-directory-kerberos-with-azure/ba-p/3612111
upvoted 2 times
...
Load full discussion...
...
obaali1990
1 year, 1 month ago
Sure, all depends on you
upvoted 3 times
...
...
sunflower1
1 year, 4 months ago
Is this set of questions enough to pass the exam???
upvoted 2 times
RougePotatoe
1 year, 3 months ago
No you will fail
upvoted 9 times
Qhispikay
1 year, 2 months ago
emotional damage
upvoted 50 times
...
...
...
...
ech
Highly Voted 2 years, 6 months ago
Yo cannot give share-level priviledges to a computer object. Ans is correct.
upvoted 46 times
ExamWolf
5 months ago
You can if you add the computer object to a group first :)
upvoted 1 times
...
nir977
2 years, 4 months ago
Y-N-N because user2 is cloud-only user created in AAD and does not have netbios and other chars defined in storage
upvoted 25 times
allyQ
1 year, 2 months ago
I have created an AAD user ( not snyched from the WinDC) and can give it the Storage file data SMB Elev. Contributor role.
upvoted 8 times
...
ubiquituz
4 months, 2 weeks ago
this is the correct answer....only hybrid identities (on-prem synched to ms entra can be assigned share-level rbac roles. cloud only (ms entra/AAD users) can not be assigned... as well as computer accounts too, however computer can use the default share level permission https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
upvoted 2 times
...
...
...
tashakori
Most Recent 1 month ago
Yes No No
upvoted 1 times
...
Amir1909
1 month, 3 weeks ago
Yes No No
upvoted 1 times
...
vsvaid
3 months ago
Y -N -N, Hybrid user will work Computer and cloud users will not work
upvoted 1 times
...
31c21da
3 months, 1 week ago
The key to whether you can assign user2 depends on whether user2 is a cloud-only identity. Initially, yes, as the user is created in Azure AD. However, the question also mentions an Azure AD 'contoso.com' syncs to an on-premises AD. Once user2 is synced, they become a hybrid identity. So, the crucial point here is what the question is aiming to test. If the question is testing whether a user created in Azure AD is initially a cloud-only identity, the answer will be 'N'. If it is testing whether the user will be synced, the answer is 'Y'. Since we don't know the intent of the question, we cannot definitively say whether the answer is N or Y...
upvoted 5 times
ggogel
2 months, 4 weeks ago
This is not how this works. You can't sync users from AAD to AD. Users need to be created in AD to become a hybrid identity. If they a re created in AAD they are considered cloud-only. So the user is completely unknown to the AD and therefor can't access that share.
upvoted 2 times
...
...
GoldBear
4 months, 1 week ago
Does this question represent the level of knowledge that you need to memorize to perform the role of System Admin? Seems to have to much details to remember, on the job you would run test on these items to verify if it meets the requirement.
upvoted 1 times
...
mattpaul
6 months ago
I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]
upvoted 2 times
...
897dd59
7 months ago
should be Y-N-Y 1/ you cannot assign for object: computer 2/ user2 is a cloud user => can fully managed on cloud
upvoted 1 times
...
AMEHAR
7 months, 3 weeks ago
Y -N -N
upvoted 3 times
...
GoldenDisciple2
7 months, 3 weeks ago
Microsoft clearly states the user must have a hybrid identity therefor the 3rd one is a NO. "If you intend to use a specific Azure AD user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Azure AD." https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal#:~:text=If%20you%20intend%20to%20use%20a%20specific%20Azure%20AD%20user%20or%20group%20to%20access%20Azure%20file%20share%20resources%2C%20that%20identity%20must%20be%20a%20hybrid%20identity%20that%20exists%20in%20both%20on%2Dpremises%20AD%20DS%20and%20Azure%20AD.
upvoted 3 times
...
Oryx360
8 months ago
Isn't so stupid to ask questions like this? I think it is the Indian guys who setup these questions they think it is too smart to test like this. It is so full of shit.
upvoted 8 times
DimsumDestroyer
7 months, 4 weeks ago
Come on man, don't say things like that.
upvoted 9 times
sardonique
7 months, 1 week ago
he probably wanted to say that the questions are badly formulated and context is far from clear
upvoted 4 times
mmissaoui97
6 months, 4 weeks ago
no , since we can read english , he said the indian guys ... :)
upvoted 5 times
maki999
3 months, 2 weeks ago
I agree, how can administrator allow this to show I really don't understand
upvoted 1 times
...
...
...
...
...
tabauruguay
10 months, 3 weeks ago
The problem is the question. It asks if you can assign the role to share1. It doesn't say if the user can authenticate from on-premise. You can assign the role to share1 just fine, you will not be able to login from on-premise because that user won't be sync'd. However, for the question itself the answer is "Y".
upvoted 3 times
...
Andy_S
10 months, 3 weeks ago
Y-N-N In JSON we can see parameter "directoryServiceOptions" has a value "AD" which means File Share is enabled for authentication to users having SESSION TICKET (Kerbeross) issued by LOCAL Domain Controller. It means that this file share can be accessed from computers JOINED to AD (OnPrem) and by Users created in OnPrem AD AND Synced to AAD (for RBAC).
upvoted 4 times
Andy_S
10 months, 3 weeks ago
Ref: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/2021-04-01/storageaccounts?pivots=deployment-language-bicep https://www.linkedin.com/pulse/configuring-active-directory-authentication-over-smb-azure-skerritt/
upvoted 3 times
...
...
RandomNickname
11 months, 1 week ago
Y,N,N As per link: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal 1: Hybrid users are supported 2:Because computer accounts don't have an identity in Azure AD, you can't configure Azure role-based access control (RBAC) for them. However, computer accounts can access a file share by using a default share-level permission. 3: Authentication and authorization against identities that only exist in Azure AD, such as Azure Managed Identities (MSIs), aren't supported
upvoted 5 times
RandomNickname
11 months, 1 week ago
For 3rd question, changing it to Y. It is a cloud user, however it is synced to on prem and visible there, so should be able to add since it doesn't "only exist in Azure AD" as per link
upvoted 1 times
...
...
Vanilla007
11 months, 2 weeks ago
Third option should be Y right? Because even tough user 2 is cloud user, file share is in AZ storage account so he must be able to access if given access??
upvoted 3 times
...
etanvandan7
11 months, 2 weeks ago
If you intend to use a specific Azure AD user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Azure AD. For example, say you have a user in your AD that is [email protected] and you have synced to Azure AD as [email protected] using Azure AD Connect sync or Azure AD Connect cloud sync. For this user to access Azure Files, you must assign the share-level permissions to [email protected]. The same concept applies to groups and service principals. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal hence user2 is cloud only not present in the forest directory ie user2 should be in either AD DS and Azure AD tenant (HYBRID) or onPREM AD and Azure AD tenant (HYBRID) Y-N-N shd be the answer
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel