ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-203 All Questions

View all questions & answers for the DP-203 exam
Go to Exam

Exam DP-203 topic 3 question 29 discussion

Actual exam question from Microsoft's DP-203
Question #: 29
Topic #: 3
[All DP-203 Questions]

DRAG DROP -
You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. Storage1 contains a container named container1.
Container1 contains a directory named directory1. Directory1 contains a file named file1.
You have an Azure Active Directory (Azure AD) user named User1 that is assigned the Storage Blob Data Reader role for storage1.
You need to ensure that User1 can append data to file1. The solution must use the principle of least privilege.
Which permissions should you grant? To answer, drag the appropriate permissions to the correct resources. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Execute -
If you are granting permissions by using only ACLs (no Azure RBAC), then to grant a security principal read or write access to a file, you'll need to give the security principal Execute permissions to the root folder of the container, and to each folder in the hierarchy of folders that lead to the file.

Box 2: Execute -
On Directory: Execute (X): Required to traverse the child items of a directory

Box 3: Write -
On file: Write (W): Can write or append to a file.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control
by anks84 at Sept. 7, 2022, 5:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
anks84
Highly Voted 2 years, 1 month ago
-Execute -Execute -Write
upvoted 13 times
Matt2000
1 year, 2 months ago
Supported by the following two references: without additional permissions: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control with additional permissions such as storage blob data reader: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control-model#permissions-table-combining-azure-rbac-abac-and-acls
upvoted 2 times
AlviraTony
1 year, 2 months ago
In the above link, the use case is given for appending to Data.txt file, then the answers would be -Execute -Execute -Read and Write
upvoted 5 times
mav2000
8 months, 1 week ago
you don't need to read a file to be able to append data to it
upvoted 2 times
...
...
...
...
dom271219
Highly Voted 2 years, 1 month ago
Correct : Execute to traverse the folders and Write to append the file
upvoted 6 times
...
Alongi
Most Recent 6 months, 4 weeks ago
Exe; Exe; Write
upvoted 1 times
...
Lewiasskick
9 months, 3 weeks ago
https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control must be rw- for the file
upvoted 2 times
...
[Removed]
1 year, 1 month ago
X X RW need both rw for append
upvoted 3 times
...
hassexat
1 year, 1 month ago
Execute Execute Write The provided answer is correct!
upvoted 1 times
...
kkk5566
1 year, 2 months ago
correct
upvoted 1 times
...
bakamon
1 year, 5 months ago
container1 : Read access [ by default because User1 that is assigned the Storage Blob Data Reader role for storage1 ] directory1: Execute [ since requirement is only to append file1 so traverse (execute) permission will be enough for it ] file1 : Write [ because execute cannot append the file in Azure Data Lake Storage Gen2 ] only write permission can append a file.
upvoted 1 times
...
OldSchool
1 year, 11 months ago
Can't remember if the wording on actual exam was the same or very similar but instead of Append was Delete and the Q was like this: You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. Storage1 contains a container named container1. Container1 contains a directory named directory1. Directory1 contains a file named file1. You have an Azure Active Directory (Azure AD) user named User1 that is assigned the Storage Blob Data Reader role for storage1. You need to ensure that User1 can delete file1. The solution must use the principle of least privilege. Permission: ---- --WX ---X Answer Area and my answers: container1 ---X directory1 ---X file1 --WX
upvoted 5 times
mamahani
1 year, 6 months ago
i dont think you gave correct answers; see this doc: https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-access-control#common-scenarios-related-to-permissions to delete a file you dont need any permissions on the file itself; only on the folder where it resides (read + execute)
upvoted 1 times
Matt2000
1 year, 2 months ago
mamahani is correct. See the following references: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control-model#permissions-table-combining-azure-rbac-abac-and-acls
upvoted 1 times
...
renukahouse
1 year, 3 months ago
if you give write access to entire folder , the user can delete/modify other folders , whihc is not correct
upvoted 1 times
...
vctrhugo
1 year, 4 months ago
The solution must use the principle of least privilege. You shouldn't do -WX on folder, only on file.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago