exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 2 question 55 discussion

Actual exam question from Microsoft's AZ-104
Question #: 55
Topic #: 2
[All AZ-104 Questions]

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first?

  • A. Enable Active Directory Domain Service (AD DS) authentication for storage1.
  • B. Grant share-level permissions by using File Explorer.
  • C. Mount share1 by using File Explorer.
  • D. Create a private endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
NaoVaz
Highly Voted 2 years, 2 months ago
Selected Answer: A
A) " Enable Active Directory Domain Service (AD DS) authentication for storage1. " Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal#overview-of-the-workflow
upvoted 21 times
Asta2001
1 year, 11 months ago
>A) " Enable Active Directory Domain Service The link you provided says: "Enable AZURE Active Directory Domain Service..." Does it matter?
upvoted 2 times
ggogel
1 year ago
No, because it is now called "Microsoft Entra Domain Services".
upvoted 5 times
...
...
...
Athul07
Highly Voted 1 year, 6 months ago
A. Enable Active Directory Domain Service (AD DS) authentication for storage1. To grant the Group1 the Storage File Data SMB Share Elevated Contributor role for share1, you need to enable Active Directory Domain Service (AD DS) authentication for the storage account. By enabling AD DS authentication, you allow Azure AD security groups to be used for granting access control to file shares in the storage account. This enables you to assign roles, such as the Storage File Data SMB Share Elevated Contributor role, to the security group Group1 for the specific file share share1. Once AD DS authentication is enabled and the security group is assigned the appropriate role, Group1 will have the necessary permissions to access and manage the file share. Therefore, enabling Active Directory Domain Service (AD DS) authentication for storage1 is the first step you should take to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
upvoted 17 times
...
Amir1909
Most Recent 8 months, 2 weeks ago
A is correct
upvoted 1 times
...
Mehedi007
1 year, 4 months ago
Selected Answer: A
Answer: Enable Active Directory Domain Service (AD DS) authentication for storage1. "1. Enable Azure AD DS authentication over SMB for your storage account to register the storage account with the associated Azure AD DS deployment. 2. Assign share-level permissions to an Azure AD identity (a user, group, or service principal)." https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal#overview-of-the-workflow https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal#assign-share-level-permissions
upvoted 2 times
...
zellck
1 year, 10 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal#assign-share-level-permissions Most users should assign share-level permissions to specific Azure AD users or groups, and then configure Windows ACLs for granular access control at the directory and file level. However, alternatively you can set a default share-level permission to allow contributor, elevated contributor, or reader access to all authenticated identities. We have introduced three Azure built-in roles for granting share-level permissions to users and groups: - Storage File Data SMB Share Elevated Contributor allows read, write, delete, and modify Windows ACLs in Azure file shares over SMB.
upvoted 3 times
zellck
1 year, 10 months ago
Before you can assign the Storage File Data SMB Share Elevated Contributor role to Group1, you need to enable AD DS authentication for storage1, which allows you to use Azure AD security groups to manage access to the file share. Once you have enabled AD DS authentication, you can then assign the appropriate role to the security group.
upvoted 2 times
...
...
AndreaStack
1 year, 10 months ago
A) . Enable Active Directory Domain Service (AD DS) authentication for storage1. Reference: learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable
upvoted 2 times
...
Mat_m0381
2 years, 2 months ago
A is Correct
upvoted 3 times
...
libran
2 years, 3 months ago
Selected Answer: A
A is the right answer
upvoted 3 times
...
EmnCours
2 years, 3 months ago
Selected Answer: A
Note: The Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB.
upvoted 2 times
...
RichardBill
2 years, 3 months ago
Correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...