Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam DP-420 topic 1 question 1 discussion

Actual exam question from Microsoft's DP-420
Question #: 1
Topic #: 1
[All DP-420 Questions]

HOTSPOT -
You have an Azure Cosmos DB Core (SQL) API account named account1 that has the disableKeyBasedMetadataWriteAccess property enabled.
You are developing an app named App1 that will be used by a user named DevUser1 to create containers in account1. DevUser1 has a non-privileged user account in the Azure Active Directory (Azure AD) tenant.
You need to ensure that DevUser1 can use App1 to create containers in account1.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Resource tokens -
Resource tokens provide access to the application resources within a database. Resource tokens:
Provide access to specific containers, partition keys, documents, attachments, stored procedures, triggers, and UDFs.
Box 2: Azure Resource Manager API
You can use Azure Resource Manager to help deploy and manage your Azure Cosmos DB accounts, databases, and containers.
Incorrect Answers:
The Microsoft Graph API is a RESTful web API that enables you to access Microsoft Cloud service resources.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data https://docs.microsoft.com/en-us/rest/api/resources/
by lakime at April 27, 2022, 7:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
lakime
Highly Voted 2 years ago
I think it will be "Role-based access control" as Resouce Token doesn't cooperate with AD, regarding second part - ARM is correct
upvoted 21 times
...
nkav
Highly Voted 1 year, 10 months ago
RBAC is the answer.
upvoted 6 times
...
rakun
Most Recent 2 weeks ago
first is RBAC: Azure Cosmos DB RBAC is the ideal access control method in situations where: - You want to use Microsoft Entra identities to authenticate your requests. https://learn.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data?tabs=using-primary-key
upvoted 1 times
...
3a0b61c
2 months ago
RBAC/ARM https://learn.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs#disable-key-based-metadata-write-access ・After you set this property, changes to any resource can happen from a user with the proper Azure role and credentials. ・After the disableKeyBasedMetadataWriteAccess is turned on, if the SDK based clients run create or update operations, an error "Operation 'POST' on resource 'ContainerNameorDatabaseName' is not allowed through Azure Cosmos DB endpoint is returned. You have to turn on access to such operations for your account, or perform the create/update operations through Azure Resource Manager, Azure CLI or Azure PowerShell.
upvoted 1 times
...
HetalMehta24
6 months, 2 weeks ago
RBAC SQL API
upvoted 1 times
...
XiangRongChang
10 months, 2 weeks ago
For me is Azure Resource Manager API. When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked. Alternatively, you can use Azure portal, Azure CLI, Azure PowerShell, or Azure Resource Manager template deployments to perform these operations.
upvoted 1 times
xRiot007
4 months, 2 weeks ago
"When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked." - unless the user has an AD account (he does) with proper access rights (Cosmos DB Contributor) - this is not specified.
upvoted 1 times
...
...
azuredemo2022three
11 months, 2 weeks ago
Correct Answer Should be. Grant permission to create containers by using: Role-based access control (RBAC) Create containers by using: SQL (Core) API
upvoted 5 times
...
essdeecee
1 year, 8 months ago
More likely to be SQL (Core) API. Permission for Cosmos is required whereas Azure Resource Manager would need portal permissions. https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.cosmos.database.createcontainerifnotexistsasync?view=azure-dotnet https://github.com/MicrosoftLearning/dp-420-cosmos-db-dev/blob/main/instructions/06-sdk-crud.md#:~:text=Asynchronously%20invoke%20the%20CreateContainerIfNotExistsAsync,CreateContainerIfNotExistsAsync(%22products%22%2C%20%22/categoryId%22%2C%20400)%3B
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel