ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 62 discussion

Actual exam question from Microsoft's AZ-104
Question #: 62
Topic #: 2
[All AZ-104 Questions]

You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Assign roles to User2 for storageacct1234.
  • B. Upload blob data to storageacct1234.
  • C. Modify the firewall of storageacct1234.
  • D. View blob data in storageacct1234.
  • E. View file shares in storageacct1234.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by Dannxx at Aug. 30, 2022, 10:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kerimnl
Highly Voted 2 years, 10 months ago
Selected Answer: BD
Correct Answer is:BD
upvoted 90 times
pmsiva
2 years, 9 months ago
For example, if you assign the Storage Blob Data Contributor role to user Mary at the level of a container named sample-container, then Mary is granted read, write, and delete access to all of the blobs in that container. However, if Mary wants to view a blob in the Azure portal, then the Storage Blob Data Contributor role by itself will not provide sufficient permissions to navigate through the portal to the blob in order to view it. The additional permissions are required to navigate through the portal and view the other resources that are visible there.
upvoted 19 times
...
...
virgilpza
Highly Voted 2 years, 10 months ago
Selected Answer: BD
correct answers: BD
upvoted 29 times
cvalladares123
2 years ago
Storage Blob Data Contributor --> Read, write, and delete Azure Storage containers and blobs Reader --> View all resources, but does not allow you to make any changes Any permission has been granted at storage account level or file shares directly, so reading access to files share is not possible
upvoted 6 times
Diedo
2 years ago
Azure file shares are deployed into storage accounts so I think it is BDE.
upvoted 6 times
Ben756
1 year, 10 months ago
E is not the answer. The Reader role only grants User1 the permission to view the properties and metadata of the storage account, not the data inside it.
upvoted 11 times
Iykeman26
10 months ago
The built-in Reader role in Azure actually does grant read access to view the contents of storage accounts, not just the metadata and properties. Specifically, a user assigned the Reader role on a storage account can: List containers and blobs Read blob contents View queue messages Read table entities Read files in file shares However, the Reader role is read-only. It does not allow creating, modifying, or deleting any data or resources within the storage account. If you want to restrict a user to only viewing metadata and properties of the storage account without accessing the actual data, you would need to use a more limited custom role or adjust permissions at a more granular level.
upvoted 2 times
rodrod
8 months, 2 weeks ago
no. what you are talking is " Storage Blob Data Reader" role not "Reader" role. "Reader" role is just about management plane (settings, properties...), not data plane (content inside the containers)
upvoted 3 times
...
...
...
...
...
...
58b2872
Most Recent 6 months, 1 week ago
Selected Answer: BD
View file shares in storageacct1234: The Storage Blob Data Contributor role applies only to blobs and not to file shares. While the Reader role grants viewing permissions for file shares, User1 cannot manage file shares because the role does not provide such capabilities. The correct answer is: B. Upload blob data to storageacct1234 D. View blob data in storageacct1234
upvoted 1 times
...
Dankho
9 months, 3 weeks ago
I concur, it's B and D. After some research I am good with this explanation: Reader Role at the Resource Group Level: This role grants the ability to view all resources within the resource group, but it does not extend to viewing the contents of blob data or file shares in a storage account. User1 can see the storage account itself and its properties (like the account name, type, and configuration), but not the individual blob or file share data. Storage Blob Data Contributor Role: This role allows User1 to perform actions related to blobs, including reading, writing, and deleting blob data specifically.
upvoted 1 times
...
Devs84
10 months, 3 weeks ago
Selected Answer: BD
It has to be B and D
upvoted 1 times
...
CheMetto
11 months, 3 weeks ago
Selected Answer: BD
Keep in mind there are 2 difference role in azure. 1 for resources, 1 for data. Even if you are owner of the subscription you can't access data, because you are managing resource, but can't access his data. In order to view and update data on a blob, you need storage blob data contributor, otherwise you can enable on Storage account level AD option, and you can access data as global admin
upvoted 1 times
...
SofiaLorean
1 year ago
I cleared the exam today. This question was in my exam. Thanks ET and everyone. Most of the questions from ET.
upvoted 2 times
...
kyakya
1 year, 1 month ago
Selected Answer: BD
read cannot read file share, because it have not any dataAction
upvoted 1 times
...
3c5adce
1 year, 2 months ago
ChatGPT4 says B&D
upvoted 1 times
...
Vladds
1 year, 2 months ago
Selected Answer: BD
It has to be B & D. The Reader role is scoped to resource group anyway
upvoted 2 times
...
Chris17
1 year, 2 months ago
Selected Answer: BD
correct answers: BD
upvoted 1 times
...
MCLC2021
1 year, 2 months ago
Selected Answer: BD
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage#storage-blob-data-contributor
upvoted 1 times
...
simplementeluca
1 year, 3 months ago
This question was in exam 22/03/2024. My response BD
upvoted 4 times
MC420
1 year, 3 months ago
Was it correct?
upvoted 1 times
...
...
Amir1909
1 year, 3 months ago
B, D and E
upvoted 1 times
...
1828b9d
1 year, 4 months ago
This question was in exam 01/03/2024
upvoted 3 times
MC420
1 year, 3 months ago
What’s the answer?
upvoted 1 times
...
...
LovelyGroovey
1 year, 4 months ago
Correct answer: B and D. Why? Here is the answer: User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
upvoted 4 times
...
LovelyGroovey
1 year, 4 months ago
User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel