Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 2 question 62 discussion

Actual exam question from Microsoft's AZ-104
Question #: 62
Topic #: 2
[All AZ-104 Questions]

You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Assign roles to User2 for storageacct1234.
  • B. Upload blob data to storageacct1234.
  • C. Modify the firewall of storageacct1234.
  • D. View blob data in storageacct1234.
  • E. View file shares in storageacct1234.
Show Suggested Answer Hide Answer
Suggested Answer: AE ūüó≥ÔłŹ

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
kerimnl
Highly Voted 1 year, 3 months ago
Selected Answer: BD
Correct Answer is:BD
upvoted 67 times
pmsiva
1 year, 1 month ago
For example, if you assign the Storage Blob Data Contributor role to user Mary at the level of a container named sample-container, then Mary is granted read, write, and delete access to all of the blobs in that container. However, if Mary wants to view a blob in the Azure portal, then the Storage Blob Data Contributor role by itself will not provide sufficient permissions to navigate through the portal to the blob in order to view it. The additional permissions are required to navigate through the portal and view the other resources that are visible there.
upvoted 14 times
...
...
virgilpza
Highly Voted 1 year, 3 months ago
Selected Answer: BD
correct answers: BD
upvoted 23 times
cvalladares123
5 months, 1 week ago
Storage Blob Data Contributor --> Read, write, and delete Azure Storage containers and blobs Reader --> View all resources, but does not allow you to make any changes Any permission has been granted at storage account level or file shares directly, so reading access to files share is not possible
upvoted 4 times
Diedo
5 months, 1 week ago
Azure file shares are deployed into storage accounts so I think it is BDE.
upvoted 4 times
Ben756
2 months, 3 weeks ago
E is not the answer. The Reader role only grants User1 the permission to view the properties and metadata of the storage account, not the data inside it.
upvoted 3 times
...
...
...
...
MentalTree
Most Recent 2 days, 13 hours ago
AE. Explanation for A Storage Blob Data Contributor: Read, write, and delete Azure Storage containers and blobs. Because Storage Blob Data Contributor can read/write(modify/edit) Azure storage containers, roles for containers can also be changed. Explanation for E. Reader: View all resources, but does not allow you to make any changes. Because you can view all resource inside of the RG, you can see Files Shares in the storage account. File Shares are resources. You WONT see the files/data inside of the File Shares. B. Incorrect: Storage Blob Data Contributor does not let you write/upload blob data. C. Incorrect: You know why. D: Incorrect: Reader lets you see resources only, not data. Storage Blob Data Contributor lets you see/edit blobs & storage containers only, it does not let you see data.
upvoted 1 times
...
simionet
2 weeks, 6 days ago
Selected Answer: BD
right answser b an d
upvoted 1 times
...
Ahkhan
3 weeks, 6 days ago
Reader cannot view blob data. I have tested it. Reader is for accessing Azure portal. It is Storage Blob Data Contributor role that the user will be able to read blob data in the container.
upvoted 1 times
Ahkhan
3 weeks, 6 days ago
Storage Blob Data Contributor role alone cannot access Azure portal. Hence we need the combination of Reader and Storage Blob Data Contributor role.
upvoted 1 times
...
...
mattpaul
1 month, 2 weeks ago
I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]
upvoted 1 times
...
Fr3ggel
1 month, 2 weeks ago
Selected Answer: BD
Correct Answer is B and D. I just tested in my test subscription. Answer E is not correct. I don't get access to files on a files share.
upvoted 1 times
...
BillDilena
3 months, 2 weeks ago
BD... Contributor or Reader role can't assign role to other users
upvoted 2 times
...
MGJG
3 months, 3 weeks ago
Selected Answer: BD
C isn't the answer: To apply a virtual network rule to a storage account, the user must have the appropriate permissions for the subnets that are being added. A Storage Account Contributor or a user who has permission to the Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Azure resource provider operation can apply a rule by using a custom Azure role. https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 2 times
...
riccardoto
3 months, 3 weeks ago
Selected Answer: DE
It's actually BDE - not sure why this allows to select only two. if you look into RBAC documentation, the Reader Role has */read powers, and the RBAC provider for storage account has action that will allow reading file shares if you get in with the */read power. https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftstorage
upvoted 1 times
Batiste2023
1 month, 3 weeks ago
Not correct. This is the definition of the built-in Reader role (see https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader): { "assignableScopes": [ "/" ], "description": "View all resources, but does not allow you to make any changes.", "id": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7", "permissions": [ { "actions": [ "*/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "roleName": "Reader", "roleType": "BuiltInRole", "type": "Microsoft.Authorization/roleDefinitions" } As zou can see, a Reader only has */read permissions in "Actions", which pertain to metadata about the file share. To read the actual data, the role would need */read permissions in DataActions - which the built-in Reader role doesn't have.
upvoted 1 times
...
...
oopspruu
3 months, 3 weeks ago
Selected Answer: BD
Correct choices are B, D, & E. The reader role on the whole storage account means the user can Read/View all resources in the Storage Account, so both Blob Data & File Shares. The Blob Data Contributor allows adding/uploading to the blob container.
upvoted 2 times
Hybrid410
6 days, 14 hours ago
The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. "It does not provide read permissions to data in Azure Storage, but only to account management resources". https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access#:~:text=The%20Reader%20role%20is%20an,only%20to%20account%20management%20resources.
upvoted 1 times
...
...
PDPANDE
4 months ago
I see significant discussions on why not E as an option. I am also under the same impression that B,D & E are correct answers. IMHO, There is no negative marking in the tests. So, feel free to select 3 options. You get one point for each correct answer.
upvoted 1 times
Hybrid410
6 days, 14 hours ago
The Reader role is an Azure Resource Manager role that permits users to view storage account resources, but not modify them. "It does not provide read permissions to data in Azure Storage, but only to account management resources". https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access#:~:text=The%20Reader%20role%20is%20an,only%20to%20account%20management%20resources.
upvoted 1 times
...
TedM2
2 months ago
This makes no sense, otherwise one could choose all the answers to every question and ace the exam.
upvoted 1 times
...
sardonique
2 months, 3 weeks ago
you're basically saying that whenever you have that kind of questions if you flag all the possible answers you still get the points?
upvoted 2 times
...
...
Stanko1
4 months ago
Selected Answer: BD
B and D
upvoted 2 times
...
msstanci
4 months ago
Which two actions can User1 perform? User1 has Reader (inherited Resource group) and Storage BLOB Data Contributor. So responses will be Upload blob data to storageacct and View blob data in storageacct Tested. BTW true is E, but exhibit shows 2 roles and you must answers them.
upvoted 1 times
...
Teroristo
4 months, 2 weeks ago
BE Explanation: As blob data contributor, user1 can view and upload blob
upvoted 1 times
...
marioZuo
4 months, 2 weeks ago
Data contributor not blob account contributor
upvoted 1 times
...
Teroristo
4 months, 3 weeks ago
B-Upload blob data to storageacct1234 - E- View file shares in storageacct1234 Explanation: As blob data contributor, user1 can view and upload blob.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...