Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Suggested Answer:A🗳️
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS). Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
I think is A, because storage1 and storage2 have enabled Azure Active Directory Domain services. I think that you have to enable in storage 2 identity-based access for the file shares too.
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#enable-identity-based-authentication
A. On storage2, enable identity-based access for the file shares.
To grant Group4 Azure RBAC read-only permissions to all the Azure file shares, you should enable identity-based access for the file shares on storage2. Identity-based access enables you to manage access to file shares based on Azure AD identities, including users, groups, and service principals. By enabling identity-based access, you can grant access to specific users or groups and manage access control centrally from Azure AD.
Recreating storage2 with Hierarchical namespace enabled (Option B) is not relevant to granting RBAC permissions to Azure file shares.
Changing the account kind type to StorageV2 (general purpose v2) (Option C) is not relevant to granting RBAC permissions to Azure file shares.
Creating a shared access signature (SAS) (Option D) provides temporary access to resources in storage accounts, but it does not allow you to grant RBAC permissions to Azure file shares.
Therefore, the correct answer is A. On storage2, enable identity-based access for the file shares.
the closest is A. the question is wrong. Azure RBAC is for Azure resource, not for File Share. Identity-based access is Azure AD which needs Azure AD role.
storage 1 and 4 already had azure AD enabled so the only storage that does not have is storage 2 and you enable it. Storage 3 IS BOB NOT FILE share so yeah :)
it also makes sense as it wants group4 plus RBAC. SAS does not go by Azure AD groupss
Once either Azure AD DS or on-premises AD DS authentication is enabled, you can use Azure built-in roles or configure custom roles for Azure AD identities and assign access rights to any file shares in your storage accounts. The assigned permission allows the granted identity to get access to the share only, nothing else, not even the root directory. You still need to separately configure directory or file-level permissions for Azure file shares.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
qwerty100
Highly Voted 1 year, 7 months agokukeleku
1 year, 7 months agoMazinger
Highly Voted 1 year, 2 months agomdwSysOps
1 year, 1 month agotashakori
Most Recent 1 month agoShely
1 year, 4 months agoBabushka
1 year, 5 months agoklexams
1 year, 5 months agoawssecuritynewbie
1 year, 6 months agoawssecuritynewbie
1 year, 6 months agoadrianspa
1 year, 6 months agolol2525
1 year, 6 months agoEleChie
1 year, 7 months agoivan0590
11 months agoakavoor
1 year, 7 months agotodorov
1 year, 7 months agohumnahibataynge
1 year, 7 months agopmsiva
1 year, 6 months agoMoSea
1 year, 5 months ago