ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 52 discussion

Actual exam question from Microsoft's AZ-500
Question #: 52
Topic #: 5
[All AZ-500 Questions]

HOTSPOT -
You have a hybrid Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1 and the servers shown in the following table.

The tenant is linked to an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
User1 is assigned the Storage File Data SMB Share Contributor role for storage1.
The Security protocol settings for the file shares of storage1 are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
Kerberos uses user's credentials, not access keys.

Box 2: Yes -
Kerberos uses user's credentials.

Box 3: No -
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-kcd
by somenick at Oct. 19, 2022, 5:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tutonata
Highly Voted 1 year, 2 months ago
No Yes No Disabling NTLM will prevent ppl from mounting/acessing file share using SA key: https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings Windows Server 2016 onwards does support SMB 3.1.1: https://learn.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview#features-added-in-smb-311-with-windows-server-2016-and-windows-10-version-1607
upvoted 13 times
...
zellck
Highly Voted 1 year ago
NYN is the answer. https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings Authentication methods: Which SMB authentication methods are allowed. Supported authentication methods are NTLMv2 (storage account key only) and Kerberos. By default, all authentication methods are allowed. Removing NTLMv2 disallows using the storage account key to mount the Azure file share. Azure Files doesn't support using NTLM authentication for domain credentials.
upvoted 5 times
zellck
1 year ago
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-file-data-smb-share-contributor Allows for read, write, and delete access on files/directories in Azure file shares.
upvoted 2 times
...
...
Nhadipour
Most Recent 2 months, 3 weeks ago
On the exam, Feb 2025
upvoted 2 times
MonikaMaksim123456
2 months, 1 week ago
Are these questions still relevant, and do you also have any labs ?
upvoted 1 times
...
...
xxavimr
6 months, 1 week ago
Initially I thought that it is YES YES YES but It is asking about access key from storage 1. In documentation says that it is the access key from the machine that is domain joined. It is the ADDS. Storage 1 is in Azure AD. https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview?view=azuresql#dynamic-data-masking-policy So, it is No YES No
upvoted 1 times
...
heatfan900
8 months, 2 weeks ago
If you look at the screenshot above, NTLMv2 is not checked, therefore, the STORAGE KEYS cannot be used to mount the FILE SHARE 1. n,y,n FROM MICROSOFT: Authentication methods: Which SMB authentication methods are allowed. Supported authentication methods are NTLMv2 (storage account key only) and Kerberos. By default, all authentication methods are allowed. Removing NTLMv2 disallows using the storage account key to mount the Azure file share. Azure Files doesn't support using NTLM authentication for domain credentials.
upvoted 2 times
...
Self_Study
9 months, 3 weeks ago
On an exam on 7/8/23, agree with the answer provided.
upvoted 3 times
...
majstor86
1 year, 2 months ago
NO YES NO
upvoted 2 times
...
Nick66
1 year, 7 months ago
N - Y - N Custom Profile - Authentication mechanism Kerberos
upvoted 4 times
undecided
1 year, 5 months ago
Correct, as per https://learn.microsoft.com/en-us/azure/storage/files/files-smb-protocol?tabs=azure-portal#smb-security-settings. "Removing NTLMv2 disallows using the storage account key to mount the Azure file share."
upvoted 4 times
...
...
OlgaLG
1 year, 7 months ago
https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
upvoted 1 times
...
somenick
1 year, 7 months ago
Y,Y,Y SMB 3.1.1 is supported on server 2016 and later OS When mapping the share you can select the authentication method: Active Directory or Storage account key. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#ad-ds
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel