Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 9 question 2 discussion

Actual exam question from Microsoft's AZ-104
Question #: 2
Topic #: 9
[All AZ-104 Questions]

You need to ensure that you can grant Group4 Azure RBAC read only permissions to all the Azure file shares.
What should you do?

  • A. On storage2, enable identity-based access for the file shares.
  • B. Recreate storage2 and set Hierarchical namespace to Enabled.
  • C. On storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).
  • D. Create a shared access signature (SAS) for storage1, storage2, and storage4.
Show Suggested Answer Hide Answer
Suggested Answer: A ūüó≥ÔłŹ
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory Domain Services (AD DS) and Azure
Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
qwerty100
Highly Voted 1 year, 2 months ago
Selected Answer: A
I think is A, because storage1 and storage2 have enabled Azure Active Directory Domain services. I think that you have to enable in storage 2 identity-based access for the file shares too. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#enable-identity-based-authentication
upvoted 23 times
kukeleku
1 year, 2 months ago
Agree on this.
upvoted 3 times
...
...
Mazinger
Highly Voted 9 months, 3 weeks ago
A. On storage2, enable identity-based access for the file shares. To grant Group4 Azure RBAC read-only permissions to all the Azure file shares, you should enable identity-based access for the file shares on storage2. Identity-based access enables you to manage access to file shares based on Azure AD identities, including users, groups, and service principals. By enabling identity-based access, you can grant access to specific users or groups and manage access control centrally from Azure AD. Recreating storage2 with Hierarchical namespace enabled (Option B) is not relevant to granting RBAC permissions to Azure file shares. Changing the account kind type to StorageV2 (general purpose v2) (Option C) is not relevant to granting RBAC permissions to Azure file shares. Creating a shared access signature (SAS) (Option D) provides temporary access to resources in storage accounts, but it does not allow you to grant RBAC permissions to Azure file shares. Therefore, the correct answer is A. On storage2, enable identity-based access for the file shares.
upvoted 7 times
mdwSysOps
8 months, 4 weeks ago
ChatGpt answer, but i agree
upvoted 2 times
...
...
Shely
Most Recent 11 months, 3 weeks ago
I think it should be A. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
upvoted 1 times
...
Babushka
1 year ago
Selected Answer: A
RBAC = Role Based Access Control and you will give Reader Role so you would need Azure AD for this, no? So A seems like a right answer
upvoted 3 times
...
klexams
1 year, 1 month ago
the closest is A. the question is wrong. Azure RBAC is for Azure resource, not for File Share. Identity-based access is Azure AD which needs Azure AD role.
upvoted 4 times
...
awssecuritynewbie
1 year, 1 month ago
storage 1 and 4 already had azure AD enabled so the only storage that does not have is storage 2 and you enable it. Storage 3 IS BOB NOT FILE share so yeah :) it also makes sense as it wants group4 plus RBAC. SAS does not go by Azure AD groupss
upvoted 3 times
awssecuritynewbie
1 year, 1 month ago
A is right
upvoted 1 times
...
...
adrianspa
1 year, 2 months ago
Selected Answer: A
You have to look in the table. storag2 has the auth disabled.
upvoted 1 times
...
lol2525
1 year, 2 months ago
Once either Azure AD DS or on-premises AD DS authentication is enabled, you can use Azure built-in roles or configure custom roles for Azure AD identities and assign access rights to any file shares in your storage accounts. The assigned permission allows the granted identity to get access to the share only, nothing else, not even the root directory. You still need to separately configure directory or file-level permissions for Azure file shares.
upvoted 2 times
...
EleChie
1 year, 2 months ago
Why not D ? Since the File shares exist on Storage1, Storage2 and Storage4 !!
upvoted 3 times
ivan0590
6 months, 2 weeks ago
Because SAS tokens != RBAC
upvoted 2 times
...
...
akavoor
1 year, 2 months ago
A is the correct answer
upvoted 1 times
...
todorov
1 year, 2 months ago
Selected Answer: A
The question only asks about File Shares not Blob Storage
upvoted 1 times
...
humnahibataynge
1 year, 2 months ago
The answer should be D? Because with A we can give only to storage1 file shares only.
upvoted 3 times
pmsiva
1 year, 1 month ago
The question is RBAC, D is SAS token
upvoted 4 times
MoSea
1 year ago
thank you kind person. you made it make sense.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...