Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-104 topic 2 question 55 discussion

Actual exam question from Microsoft's AZ-104
Question #: 55
Topic #: 2
[All AZ-104 Questions]

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first?

  • A. Enable Active Directory Domain Service (AD DS) authentication for storage1.
  • B. Grant share-level permissions by using File Explorer.
  • C. Mount share1 by using File Explorer.
  • D. Create a private endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Before you enable Azure AD over SMB for Azure file shares, make sure you have completed the following prerequisites:
1. Select or create an Azure AD tenant.
2. To support authentication with Azure AD credentials, you must enable Azure AD Domain Services for your Azure AD tenant.
Etc.
Note: The Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable
by RichardBill at Aug. 30, 2022, 3:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
NaoVaz
Highly Voted 1 year, 7 months ago
Selected Answer: A
A) " Enable Active Directory Domain Service (AD DS) authentication for storage1. " Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal#overview-of-the-workflow
upvoted 20 times
Asta2001
1 year, 4 months ago
>A) " Enable Active Directory Domain Service The link you provided says: "Enable AZURE Active Directory Domain Service..." Does it matter?
upvoted 2 times
ggogel
4 months, 4 weeks ago
No, because it is now called "Microsoft Entra Domain Services".
upvoted 3 times
...
...
...
Athul07
Highly Voted 10 months, 3 weeks ago
A. Enable Active Directory Domain Service (AD DS) authentication for storage1. To grant the Group1 the Storage File Data SMB Share Elevated Contributor role for share1, you need to enable Active Directory Domain Service (AD DS) authentication for the storage account. By enabling AD DS authentication, you allow Azure AD security groups to be used for granting access control to file shares in the storage account. This enables you to assign roles, such as the Storage File Data SMB Share Elevated Contributor role, to the security group Group1 for the specific file share share1. Once AD DS authentication is enabled and the security group is assigned the appropriate role, Group1 will have the necessary permissions to access and manage the file share. Therefore, enabling Active Directory Domain Service (AD DS) authentication for storage1 is the first step you should take to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
upvoted 11 times
...
Amir1909
Most Recent 1 month ago
A is correct
upvoted 1 times
...
Mehedi007
9 months ago
Selected Answer: A
Answer: Enable Active Directory Domain Service (AD DS) authentication for storage1. "1. Enable Azure AD DS authentication over SMB for your storage account to register the storage account with the associated Azure AD DS deployment. 2. Assign share-level permissions to an Azure AD identity (a user, group, or service principal)." https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal#overview-of-the-workflow https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal#assign-share-level-permissions
upvoted 2 times
...
zellck
1 year, 2 months ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal#assign-share-level-permissions Most users should assign share-level permissions to specific Azure AD users or groups, and then configure Windows ACLs for granular access control at the directory and file level. However, alternatively you can set a default share-level permission to allow contributor, elevated contributor, or reader access to all authenticated identities. We have introduced three Azure built-in roles for granting share-level permissions to users and groups: - Storage File Data SMB Share Elevated Contributor allows read, write, delete, and modify Windows ACLs in Azure file shares over SMB.
upvoted 3 times
zellck
1 year, 2 months ago
Before you can assign the Storage File Data SMB Share Elevated Contributor role to Group1, you need to enable AD DS authentication for storage1, which allows you to use Azure AD security groups to manage access to the file share. Once you have enabled AD DS authentication, you can then assign the appropriate role to the security group.
upvoted 2 times
...
...
AndreaStack
1 year, 3 months ago
A) . Enable Active Directory Domain Service (AD DS) authentication for storage1. Reference: learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable
upvoted 2 times
...
Mat_m0381
1 year, 7 months ago
A is Correct
upvoted 3 times
...
libran
1 year, 7 months ago
Selected Answer: A
A is the right answer
upvoted 3 times
...
EmnCours
1 year, 7 months ago
Selected Answer: A
Note: The Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB. Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable
upvoted 2 times
...
RichardBill
1 year, 7 months ago
Correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel