exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 2 question 62 discussion

Actual exam question from Microsoft's AZ-104
Question #: 62
Topic #: 2
[All AZ-104 Questions]

You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.

Which two actions can User1 perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Assign roles to User2 for storageacct1234.
  • B. Upload blob data to storageacct1234.
  • C. Modify the firewall of storageacct1234.
  • D. View blob data in storageacct1234.
  • E. View file shares in storageacct1234.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
kerimnl
Highly Voted 2 years, 2 months ago
Selected Answer: BD
Correct Answer is:BD
upvoted 88 times
pmsiva
2 years, 1 month ago
For example, if you assign the Storage Blob Data Contributor role to user Mary at the level of a container named sample-container, then Mary is granted read, write, and delete access to all of the blobs in that container. However, if Mary wants to view a blob in the Azure portal, then the Storage Blob Data Contributor role by itself will not provide sufficient permissions to navigate through the portal to the blob in order to view it. The additional permissions are required to navigate through the portal and view the other resources that are visible there.
upvoted 18 times
...
...
virgilpza
Highly Voted 2 years, 2 months ago
Selected Answer: BD
correct answers: BD
upvoted 29 times
cvalladares123
1 year, 5 months ago
Storage Blob Data Contributor --> Read, write, and delete Azure Storage containers and blobs Reader --> View all resources, but does not allow you to make any changes Any permission has been granted at storage account level or file shares directly, so reading access to files share is not possible
upvoted 6 times
Diedo
1 year, 5 months ago
Azure file shares are deployed into storage accounts so I think it is BDE.
upvoted 6 times
Ben756
1 year, 2 months ago
E is not the answer. The Reader role only grants User1 the permission to view the properties and metadata of the storage account, not the data inside it.
upvoted 9 times
Iykeman26
2 months, 3 weeks ago
The built-in Reader role in Azure actually does grant read access to view the contents of storage accounts, not just the metadata and properties. Specifically, a user assigned the Reader role on a storage account can: List containers and blobs Read blob contents View queue messages Read table entities Read files in file shares However, the Reader role is read-only. It does not allow creating, modifying, or deleting any data or resources within the storage account. If you want to restrict a user to only viewing metadata and properties of the storage account without accessing the actual data, you would need to use a more limited custom role or adjust permissions at a more granular level.
upvoted 2 times
rodrod
1 month ago
no. what you are talking is " Storage Blob Data Reader" role not "Reader" role. "Reader" role is just about management plane (settings, properties...), not data plane (content inside the containers)
upvoted 3 times
...
...
...
...
...
...
Dankho
Most Recent 2 months, 1 week ago
I concur, it's B and D. After some research I am good with this explanation: Reader Role at the Resource Group Level: This role grants the ability to view all resources within the resource group, but it does not extend to viewing the contents of blob data or file shares in a storage account. User1 can see the storage account itself and its properties (like the account name, type, and configuration), but not the individual blob or file share data. Storage Blob Data Contributor Role: This role allows User1 to perform actions related to blobs, including reading, writing, and deleting blob data specifically.
upvoted 1 times
...
SeMo0o0o0o
3 months ago
Selected Answer: BD
WRONG B & D are correct
upvoted 1 times
...
Devs84
3 months, 1 week ago
Selected Answer: BD
It has to be B and D
upvoted 1 times
...
CheMetto
4 months, 1 week ago
Selected Answer: BD
Keep in mind there are 2 difference role in azure. 1 for resources, 1 for data. Even if you are owner of the subscription you can't access data, because you are managing resource, but can't access his data. In order to view and update data on a blob, you need storage blob data contributor, otherwise you can enable on Storage account level AD option, and you can access data as global admin
upvoted 1 times
...
SofiaLorean
5 months ago
I cleared the exam today. This question was in my exam. Thanks ET and everyone. Most of the questions from ET.
upvoted 2 times
...
kyakya
6 months, 2 weeks ago
Selected Answer: BD
read cannot read file share, because it have not any dataAction
upvoted 1 times
...
3c5adce
6 months, 3 weeks ago
ChatGPT4 says B&D
upvoted 1 times
...
Vladds
6 months, 3 weeks ago
Selected Answer: BD
It has to be B & D. The Reader role is scoped to resource group anyway
upvoted 2 times
...
Chris17
6 months, 3 weeks ago
Selected Answer: BD
correct answers: BD
upvoted 1 times
...
MCLC2021
7 months ago
Selected Answer: BD
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage#storage-blob-data-contributor
upvoted 1 times
...
simplementeluca
8 months, 1 week ago
This question was in exam 22/03/2024. My response BD
upvoted 4 times
MC420
8 months ago
Was it correct?
upvoted 1 times
...
...
Amir1909
8 months, 2 weeks ago
B, D and E
upvoted 1 times
...
1828b9d
9 months ago
This question was in exam 01/03/2024
upvoted 3 times
MC420
8 months ago
What’s the answer?
upvoted 1 times
...
...
LovelyGroovey
9 months, 1 week ago
Correct answer: B and D. Why? Here is the answer: User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
upvoted 4 times
...
LovelyGroovey
9 months, 1 week ago
User1 can perform the following two actions based on their assigned roles: Upload blob data to storageacct1234: User1 has been assigned the “Storage Blob Data Contributor” role for the storage account named storageacct1234. This role allows them to upload data to blob containers within that storage account. View blob data in storageacct1234: Additionally, User1 has the “Reader” role at the Resource group (inherited) scope. While this role doesn’t provide read permissions to data in Azure Storage, it does allow User1 to view storage account resources, including blob containers. Therefore, User1 can view blob data within the storageacct1234 storage account.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...