Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 3 question 39 discussion

Actual exam question from Microsoft's AZ-104
Question #: 39
Topic #: 3
[All AZ-104 Questions]

HOTSPOT -
You have an Azure subscription that contains an Azure Storage account named storageaccount1.
You export storageaccount1 as an Azure Resource Manager template. The template contains the following sections.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?tabs=json

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
MrMacro
Highly Voted 2 years, 3 months ago
Box 1- Yes. VirtualNetworkRules & IpRules are blank, with the default action Allow. Box 2- Yes. Individual blobs can be set to the archive tier - ref.https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview Bob 3. No. To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments: A data access role, such as Storage Blob Data Contributor The Azure Resource Manager Reader role Ref.https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal
upvoted 120 times
Mozbius_
2 years, 1 month ago
Box 2 is VERY TRICKY- Answer appears to be NO The ARM Template storage is of type StorageV2. It is true that BLOB LifeCycles exist for "StorageV2 (which supports blobs), Premium Page Blob, Premium Block Blob". That being said the link you provided is only subtly inferring that the "ARCHIVE" tiers can be enabled only at hardcore Blobs storages NOT "StorageV2". "While the Hot and Cool tiers can be enabled at the storage account level or at the blob level, the Archive tier can only be enabled at the blob level. All three storage access tiers can exist in the same storage account and the default tier for a blob is inherited from the account level setting." Reference: https://cloud.netapp.com/blog/storage-tiers-in-azure-blob-storage-find-the-best-for-your-data#:~:text=%20How%20to%20Switch%20Between%20Storage%20Tiers%20in,account%2C%20browse%20to%20the%20Storage%20account-%3EBlob...%20More%20
upvoted 7 times
Mozbius_
2 years, 1 month ago
I take it back!!! In Azure I have created a Standard V2 based storage account and when I go to upload a Blob in a container "Hot", "Cool" and "Archive" are access tiers can be selected. So based on that test it appears that it is not possible to change the a Standard V2 based "storage account" tier to "Archive" (because life cycles apply only to Blobs and not to Files, Tables or Queues) but it is possible to indeed set the access tier to individual blobs within a StandardV2 storage account (which I must say makes a lot of sense).
upvoted 39 times
Mozbius_
2 years, 1 month ago
Box 2 is YES (moderator please delete my initial response to prevent further confusion. Thanks).
upvoted 57 times
...
...
KingHalik
4 months, 1 week ago
I agree: "Only storage accounts that are configured for LRS, GRS, or RA-GRS support moving blobs to the archive tier. The archive tier isn't supported for ZRS, GZRS, or RA-GZRS accounts. For more information about redundancy configurations for Azure Storage, see Azure Storage redundancy." https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview
upvoted 2 times
...
...
...
beem84
Highly Voted 2 years, 3 months ago
1: Yes. Defaultaction is allow. IP is allowed. 2: Yes. Storagev2 allows tiering. 3: No. File share access requires SAS.
upvoted 71 times
...
tashakori
Most Recent 1 week ago
Given answer is right
upvoted 1 times
...
1828b9d
3 weeks, 6 days ago
This question was in exam 01/03/2024
upvoted 2 times
...
sjsaran
6 months ago
Only Azure Services option is enabled, it can be enabled only in the selected network option (option 2 in the network blade), and if there is no IP added that mean no access from any public network, so the answer to the question 1 might be NO
upvoted 1 times
...
redD
7 months ago
Box 1 - No, because the optional parameter "publicNetworkAccess" NOT specified! Ref Allow or disallow public network access to STORAGE ACCOUNT. Value is optional but if passed in, must be 'Enabled' or 'Disabled' https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts?pivots=deployment-language-arm-template#property-values-1
upvoted 1 times
...
eduardokm
8 months ago
Box 2 - Yes - https://learn.microsoft.com/en-us/rest/api/storageservices/set-blob-tier?tabs=azure-ad
upvoted 1 times
...
danrodcard
8 months ago
Box1- Yes -DefailtAction = "Allow" Box2-No - if the storage account's access tier is set to "Hot," you cannot directly set individual blobs within that storage account to the "Archive" access tier. box3- ?? Keytype ="Account"
upvoted 1 times
GPerez73
7 months, 3 weeks ago
Agree with Box1 and Box2 (archive is greyed out). I'm not sure about box3, but file share let you to set up AAD access. So I would say yes YNY for me
upvoted 2 times
...
...
Richard1205
9 months ago
Box1: Y NetworkACLs are blank. Default Action Allow Box2: Y Individual blobs can be set to the archive tier https://learn.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview?tabs=azure-portal Watch : The following table summarizes how tier changes are billed. Box3: N In the List no allowSharedKeyAccess type ,the allowSharedKeyAccess default is True Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.
upvoted 3 times
...
AzZnLuVaBoI
1 year ago
On the Exam 3/29/23.
upvoted 10 times
...
nidhogg
1 year ago
yyY learn.microsoft.com/en-us/azure/storage/blobs/authorize-data-operations-portal "The classic subscription administrator roles Service Administrator and Co-Administrator include the equivalent of the Azure Resource Manager owner role. The Owner role includes all actions, including the Microsoft.Storage/storageAccounts/listkeys/action, so a user with one of these administrative roles can also access blob data with the account key.
upvoted 1 times
...
nidhogg
1 year ago
Global admin AzAD role is given the service admin role at subcription level, thus it could access anything on a Storage Account. I guess that it'd be Y - Y - Y https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
upvoted 2 times
fits08pistils
9 months, 1 week ago
This is not true, also it's not mentioned anywhere in the URL you provided, so the answer is still YYN
upvoted 2 times
...
...
samzurcher
1 year, 5 months ago
Box 1 - probably No. You can not access content of the storage account unless you set Public Access on the Blob-Level i think.
upvoted 1 times
OliwerCiecwierz
1 year, 4 months ago
Don't think
upvoted 4 times
...
...
laszeklsz
1 year, 5 months ago
I'd like to point out that networkAcls : bypass doesn't mean it allows public ips to connect to storage account. From documentation : "Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging,Metrics,AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics." publicNetworkAccess : True would imply that. Since it is skipped, the default value True is applied.
upvoted 2 times
...
NaoVaz
1 year, 6 months ago
1) A server that has a public IP address of 131.107.103.1 0 can access storageaccount1: "Yes" 2) Individuals blobs in storageaccount1 can be set to use the archive tier: "Yes" 3) Global administrators in Azure Active Directory (Azure AD) can access a file share hosted in storageaccount1 by using their Azure AD credentials: "No" Explanation: 1) No IP access restrictions are specified in the json. 2) The Storage Account is of kind general-purpose v2, so access tiers are supported. 3) Azure AD Roles like Global Administrator dont provided access to resources. For that RBAC Roles need to be aplied to the users.
upvoted 15 times
...
EmnCours
1 year, 6 months ago
1: Yes. Defaultaction is allow. IP is allowed. 2: Yes. Storagev2 allows tiering. 3: No. File share access requires SAS.
upvoted 4 times
ggogel
3 months, 3 weeks ago
The answers are correct, but the explanation for 3 is not. File shares allow access using the Azure AD account as long you have AD DS (on-prem with Azure AD Sync or AAD DS).
upvoted 1 times
...
...
Armina
1 year, 11 months ago
Answer is correct Explanations: The storage account allows access with a Shared Access Signature (SAS) and no IP rules are configured. Each host can access storageaccount1 over the Internet if it provides a valid Shared Access Signature (SAS). The storage account is a StorageV2 account. These account types support access levels, including the archive level. The storage account is not integrated into an Active Directory Domain Services domain and therefore does not support identity-based access. The ARM template does not contain the azureFilesIdentityBasedAuthentication property or the activeDirectoryProperties property. The following Microsoft Docs article contains more information on the topic: Box 1- Yes. VirtualNetworkRules & IpRules are blank, with the default action Allow. Box 2- Yes. Individual blobs can be set to the archive tier - ref.https://docs.microsoft.com/en-us/azure/storage/blobs/access-tiers-overview Bob 3. No. To access blob data in the Azure portal with Azure AD credentials, a user must have the following role assignments:
upvoted 9 times
duomianhu
1 year, 11 months ago
Thanks for the detailed explanation
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...