Exam AZ-104 topic 2 question 78 discussion

It should be A, I just created a storage account, then created a file share, went to IAM, and it says : To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account.

After arguing with ChatGPT here is the answer: The correct steps to assign User1 the Storage File Data SMB Share Contributor role for share1 are: 1. Enable identity-based data access for the file shares in storage1. 2. Configure Access control (IAM) for share1 and add User1 as a role assignment with the Storage File Data SMB Share Contributor role. So the correct answer is A.

chatGpt's answer is A

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-assign-share-level-permissions?tabs=azure-portal To assign an Azure role to a Microsoft Entra identity, using the Azure portal, follow these steps: 1. In the Azure portal, go to your file share, or create an SMB file share. 2. Select Access Control (IAM). 3. Select Add a role assignment 4. In the Add role assignment blade, select the appropriate built-in role from the Role list. 5. Leave Assign access to at the default setting: Microsoft Entra user, group, or service principal. Select the target Microsoft Entra identity by name or email address. The selected Microsoft Entra identity must be a hybrid identity and cannot be a cloud only identity. This means that the same identity is also represented in AD DS. 6. Select Save to complete the role assignment operation.

The correct answer is A. Enable identity-based data access for the file shares in Storage1 Enable identity-based data access for the file shares in Storage1: This step is necessary to allow Azure AD identities to access the file shares. Without enabling identity-based data access, you cannot assign Azure AD roles like the Storage File Data SMB Share Contributor role to users for accessing file shares.

Go to Azure Portal Create a new storage account Create a new File Share Go to the File Share > IAM > Add Role Assignment > Storage File Data SMB Share Contributor

Tested and "Identity-based access: Not configured"

Just tested it, create storage, selected IAM and gave the user the role.

D is ok tested with a pay as you go

Today, Feb 2025, you i could add Storage File Data SMB Share Contributor role for a user without enable identity-based data access for the file shares in storage1. D is correct

C. Select Default to Azure Active Directory authorization in the Azure portal for storage1: While this step is necessary, it comes after enabling identity-based data access. Without enabling identity-based access first, this setting alone won't work.

By the way - If I need wait for moderator approval my comment. Why comments with wrong answers are visible? I see a lot of new comments (1-6 months ago) "YEA I HAD A CHAT WITH CHAT GPT THE ANSWER IS 100% A" - Hollllyyy and the price is higher and higher....

Correct answer is D I tried the same way like macrawat however in my case that works - inside created file share "share1" I was able to grant access from IAM to user. State of identity-based access is "not configured" as on screenshot from microsoft doc https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal

Just repro in a lab with a new storage account. Identity-based access can be enabled in two steps for a particular share in this storage account. This allows individual users to use their Active Directory or Microsoft Entra account to gain access to a specific file share. Step 1: Enable an identity source

A for me is correct

Definetly A is the correct answer. That is the first step.

The answer is A