Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 73 discussion

Actual exam question from Microsoft's AZ-104
Question #: 73
Topic #: 3
[All AZ-104 Questions]

You have an Azure Storage account that contains 5,000 blobs accessed by multiple users.

You need to ensure that the users can view only specific blobs based on blob index tags.

What should you include in the solution?

  • A. a role assignment condition
  • B. a stored access policy
  • C. just-in-time (JIT) VM access
  • D. a shared access signature (SAS)
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Siraf at June 23, 2023, 8:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Siraf
Highly Voted 1 year, 3 months ago
Anser is A: An Azure role assignment condition is an optional check that you can add to your role assignment to provide more fine-grained access control. For example, you can add a condition that requires an object to have a specific tag to read the object. https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal
upvoted 24 times
...
mein17
Highly Voted 1 year, 3 months ago
Answer: A Role assignment Condition https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes
upvoted 7 times
...
CrypticToast
Most Recent 1 week, 3 days ago
Role assignment conditions allow you to apply conditions to role-based access control (RBAC) roles. In this case, you can use blob index tags as a condition to restrict access to specific blobs. Here are why the other options aren't suitable: Stored access policy is used to manage shared access signatures (SAS) over a long period but does not filter access based on blob index tags. Just-in-time (JIT) VM access is for managing virtual machine access and does not apply to Azure Storage. Shared access signature (SAS) can provide limited-time access to blobs but doesn't inherently work with blob index tags for filtering. Therefore, the correct answer is: A. a role assignment condition.
upvoted 1 times
...
117b84e
3 weeks, 6 days ago
chatGpt said: To ensure that users can view only specific blobs based on blob index tags in an Azure Storage account, you should include Option D: a shared access signature (SAS) in the solution.
upvoted 1 times
...
SeMo0o0o0o
1 month ago
Selected Answer: A
it´s A
upvoted 1 times
...
SofiaLorean
3 months, 3 weeks ago
Selected Answer: A
A. Role Assignment https://learn.microsoft.com/en-us/azure/storage/blobs/storage-auth-abac-portal
upvoted 2 times
...
varinder82
4 months, 3 weeks ago
Final Answer: Role assignment Condition
upvoted 1 times
...
tashakori
7 months, 1 week ago
A is correct
upvoted 1 times
...
Watcharin_start
7 months, 2 weeks ago
Selected Answer: A
A role assignment condition can `Restrict access to blobs based on a blob index tag` Ref: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-auth-abac-portal
upvoted 2 times
...
devops_devops
8 months, 3 weeks ago
This question was in exam 15/01/24
upvoted 6 times
Nickybambi
3 months, 4 weeks ago
What is the answer?
upvoted 1 times
...
...
sreemog
9 months, 3 weeks ago
The answer is D. A. role assignment condition: This would control access at the container level, not individual blobs. You need more granular control for specific blobs based on tags. B. stored access policy: This can be used to define access levels for a container or blob, but it wouldn't allow you to filter based on tags dynamically. C. just-in-time (JIT) VM access: This is used for managing access to virtual machines, not blob storage. D. shared access signature (SAS): This provides temporary access to blobs with granular control over permissions. You can generate SAS tokens with conditions based on blob index tags, allowing users to access only the relevant blobs.
upvoted 7 times
...
Xerinzxx
9 months, 3 weeks ago
Answer: A Role assignment Condition
upvoted 1 times
...
SgtDumitru
10 months, 1 week ago
Selected Answer: A
Answer: A - Role assignment condition. Stored access policy is a setup for SAS token. But since we don't mention here how users will access blobs, this means it should work both for SAS and AAD, which automatically removes option B & D.
upvoted 3 times
rumino
9 months, 2 weeks ago
Option B is also invalid because: A stored access policy is defined on a resource container, which can be a blob container, table, queue, or file share. https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview
upvoted 1 times
...
...
amsioso
10 months, 2 weeks ago
Answer: D Finding data using blob index tags can be performed by the Storage Blob Data Owner and by anyone with a Shared Access Signature that has permission to find blobs by tags (the f SAS permission). In addition, RBAC users with the Microsoft.Storage/storageAccounts/blobServices/containers/blobs/filter/action permission can perform this operation. https://learn.microsoft.com/en-us/azure/storage/blobs/storage-manage-find-blobs?tabs=azure-portal#finding-data-using-blob-index-tags Remember the principle of least privilege roles/access.
upvoted 3 times
...
Ahkhan
10 months, 4 weeks ago
Here is the whole procedure to do it via role assignment condition. Answer is A. This is a fairly new feature called ABAC (Attribute-based access control). https://learningbydoing.cloud/blog/control-access-to-azure-storage-blobs-with-abac/
upvoted 6 times
...
PrabodhM
11 months ago
Answer - D https://learn.microsoft.com/en-us/azure/storage/blobs/storage-manage-find-blobs?tabs=azure-portal Important Setting blob index tags can be performed by the Storage Blob Data Owner and by anyone with a Shared Access Signature that has permission to access the blob's tags (the t SAS permission).
upvoted 3 times
PrabodhM
11 months ago
SAS permissions Callers using a shared access signature (SAS) may be granted scoped permissions to operate on blob index tags.
upvoted 1 times
...
PrabodhM
11 months ago
Permissions and authorization You can authorize access to blob index tags using one of the following approaches: Using Azure role-based access control (Azure RBAC) to grant permissions to a Microsoft Entra security principal. Use Microsoft Entra ID for superior security and ease of use. For more information about using Microsoft Entra ID with blob operations, see Authorize access to data in Azure Storage. Using a shared access signature (SAS) to delegate access to blob index. For more information about shared access signatures, see Grant limited access to Azure Storage resources using shared access signatures (SAS). Using the account access keys to authorize operations with Shared Key. For more information, see Authorize with Shared Key.
upvoted 1 times
josola
10 months, 3 weeks ago
So the answer is both "A" and "D"?
upvoted 1 times
...
...
...
YesPlease
1 year ago
Selected Answer: A
Role Assignment Condition https://learn.microsoft.com/en-us/azure/storage/blobs/storage-auth-abac-examples?tabs=portal-visual-editor#example-read-blobs-with-a-blob-index-tag
upvoted 2 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel