Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam SC-100 topic 1 question 3 discussion

Actual exam question from Microsoft's SC-100
Question #: 3
Topic #: 1
[All SC-100 Questions]

Your company is moving a big data solution to Azure.
The company plans to use the following storage workloads:
✑ Azure Storage blob containers
✑ Azure Data Lake Storage Gen2

Azure Storage file shares -

✑ Azure Disk Storage
Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Azure Storage file shares
  • B. Azure Disk Storage
  • C. Azure Storage blob containers
  • D. Azure Data Lake Storage Gen2
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
C: Azure Storage supports using Azure Active Directory (Azure AD) to authorize requests to blob data. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.
You can scope access to Azure blob resources at the following levels, beginning with the narrowest scope:
* An individual container. At this scope, a role assignment applies to all of the blobs in the container, as well as container properties and metadata.
* The storage account.
* The resource group.
* The subscription.
* A management group.
D: You can securely access data in an Azure Data Lake Storage Gen2 (ADLS Gen2) account using OAuth 2.0 with an Azure Active Directory (Azure AD) application service principal for authentication. Using a service principal for authentication provides two options for accessing data in your storage account:
A mount point to a specific file or path

Direct access to data -
Incorrect:
Not A: To enable AD DS authentication over SMB for Azure file shares, you need to register your storage account with AD DS and then set the required domain properties on the storage account. To register your storage account with AD DS, create an account representing it in your AD DS.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory https://docs.microsoft.com/en-us/azure/databricks/data/data-sources/azure/adls-gen2/azure-datalake-gen2-sp-access
by PlumpyTumbler at Aug. 30, 2022, 2:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
WRITER00347
Highly Voted 1 year ago
The two storage workloads that support authentication by using Azure Active Directory (Azure AD) are: A. Azure Storage file shares D. Azure Data Lake Storage Gen2 Explanation: Azure Storage file shares and Azure Data Lake Storage Gen2 both support authentication using Azure AD. Azure Disk Storage and Azure Storage blob containers do not currently support Azure AD authentication.
upvoted 7 times
...
syedaquib77
Highly Voted 1 year ago
Selected Answer: CD
Azure Files supports identity-based authentication for Windows file shares over SMB using three methods. On-premises AD DS authentication: Azure AD DS authentication: Azure AD Kerberos for hybrid identities: Which means the answer C & D is correct.
upvoted 5 times
...
HCL
Most Recent 5 days, 11 hours ago
Selected Answer: CD
Files support Azure AD Domain Services and not Azure AD
upvoted 1 times
...
SJHCI
3 weeks, 2 days ago
Selected Answer: AD
The correct answers are Azure Storage File Shares and Azure Data Lake Storage Gen2. Azure Disk Storage and Azure Storage Blob Containers don't support Azure AD authentication.
upvoted 1 times
...
sehlohomoletsane
2 months, 3 weeks ago
Selected Answer: AD
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable
upvoted 1 times
...
Murtuza
3 months, 3 weeks ago
Selected Answer: CD
C and D are the correct choice
upvoted 1 times
...
deposros
1 year ago
i think c and d should be assumed to be correct
upvoted 3 times
...
fchahin
1 year ago
C and D is the correct answer, I agree
upvoted 1 times
...
loverboz
1 year, 1 month ago
Selected Answer: AD
he two storage workloads that support authentication by using Azure Active Directory (Azure AD) in the given scenario are: A. Azure Storage file shares D. Azure Data Lake Storage Gen2 Both Azure Storage file shares and Azure Data Lake Storage Gen2 support authentication through Azure AD. Azure Storage blob containers and Azure Disk Storage do not natively support authentication through Azure AD. However, Azure Disk Storage can be integrated with Azure AD using Managed Service Identity (MSI) to authenticate to other Azure services that support Azure AD. Therefore, the correct answers are Azure Storage file shares and Azure Data Lake Storage Gen2.
upvoted 3 times
...
OCHT
1 year, 1 month ago
Selected Answer: AD
To summarize, the correct answers to the original question are A) Azure Storage file shares and D) Azure Data Lake Storage Gen2. Both Azure Storage file shares and Azure Data Lake Storage Gen2 support authentication using Azure Active Directory (Azure AD). Azure Storage blob containers also support authentication using Azure AD, as pointed out in one of your previous messages. Therefore, the correct answers could be A) Azure Storage file shares and C) Azure Storage blob containers, or A) Azure Storage file shares and D) Azure Data Lake Storage Gen2. The statement "To enable AD DS authentication over SMB for Azure file shares, you need to register your storage account with AD DS" is incorrect. To enable Azure Active Directory Domain Services (AD DS) authentication over SMB for Azure file shares, you need to create an AD DS domain, and then join your Azure file shares to the AD DS domain. After you have completed these steps, you can use Azure AD DS to manage and authenticate users and groups for access to the Azure file shares.
upvoted 2 times
Holii
10 months ago
Azure AD DS =/= Azure AD. It's impossible to sync a computer account directly to an Azure AD identity (without the placement of an AD DS or Azure AD DS to recognize the machine). Therefore, Azure Storage file shares cannot be authenticated strictly through Azure AD.
upvoted 4 times
...
...
AJ2021
1 year, 1 month ago
Selected Answer: CD
Correct
upvoted 1 times
...
TJ001
1 year, 4 months ago
C and D correct Files support Azure AD Domain Services and not Azure AD
upvoted 2 times
...
techtest848
1 year, 5 months ago
Can someone please explain to me why A is not a correct answer in this case??
upvoted 2 times
techtest848
1 year, 5 months ago
Found out why - https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview Agree with Answer C & D
upvoted 4 times
...
...
tester18128075
1 year, 7 months ago
c and d are correct
upvoted 3 times
...
HardcodedCloud
1 year, 7 months ago
Selected Answer: CD
Correct
upvoted 2 times
...
yf
1 year, 7 months ago
Selected Answer: CD
correct
upvoted 2 times
...
d3an
1 year, 7 months ago
Selected Answer: CD
Correct answer
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel