exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam

Exam AZ-104 topic 3 question 92 discussion

Actual exam question from Microsoft's AZ-104
Question #: 92
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

The domain contains the identities shown in the following table.



You have an Azure subscription that contains a storage account named storage1. The file shares in storage1 have an identity source of AD DS and Default share-level permissions set to Enable permissions for all authenticated users and groups.

You create an Azure Files share named share1 that has the roles shown in the following table.



You have a Microsoft Entra tenant that contains a cloud-only user named User3.

You use Microsoft Entra Connect to sync OU1 from the AD DS domain to the Microsoft Entra tenant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Rediwed
Highly Voted 3 months, 2 weeks ago
I think it is NYN. N - User 1 is in organizational unit 2, but OU2 isn't configured to sync from the AD DS domain to the Entra Tenant. Y - User2 is in the OU1 domain which IS synced to the Entra tenant N - User3 has not been granted access either as an authenticated user or through an authenticated group.
upvoted 14 times
Dankho
1 month, 3 weeks ago
User1 is a member of Group1 which is in OU1 which is synced to AD DS. so 1 is yes.
upvoted 2 times
Dankho
1 month, 3 weeks ago
Nevermind. Azure AD role assignments are evaluated based on Azure AD identities. For User1 to have access, they need an Azure AD identity, which they don’t have because they are in an organizational unit (OU2) that hasn’t been synchronized.
upvoted 2 times
...
...
alsmk2
3 months, 2 weeks ago
I agree with this, though I hate the fact MS want us to be Sherlock Holmes to answer most of these questions.
upvoted 4 times
Brzzzzz4489
2 months, 3 weeks ago
RIGHT!!!!!!
upvoted 1 times
...
...
...
Stunomatic
Most Recent 1 month, 1 week ago
If OU2 is not included in the synchronization scope, User 1 will not be synchronized to Azure AD, even though User 1 is a member of Group 1. As a result, in Azure AD, Group 1 will appear without User 1 in its membership because User 1 is not synced.
upvoted 3 times
...
itismadu
2 months ago
Box 1: Yes Yes - User1 can access content in share1. User1 is in OU2. OU2 is not synced to the on-premises Active Directory Domain Services (AD DS) domain. However, User1 is member of Group1. Group1 is member of OU1. OU1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. So, User1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. Box 2: Yes Yes - User2 can access content in share1. User2 is in OU1. OU1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. Box 3: No No - User3 can access content in share1. User3 is not member of OU2. User3 is not member of Group1.
upvoted 3 times
Dankho
1 month, 3 weeks ago
Group membership in on-prem AD does not grant Azure access unless both the group and the user accounts are synchronized to Azure AD.
upvoted 1 times
...
Mshaty
2 months ago
Where is it written that user 1 is in Grp1 ?
upvoted 2 times
...
...
155e6a0
2 months, 2 weeks ago
Y - User1 is in Group1, which is in OU1. So User1 is synced. Y N
upvoted 1 times
Dankho
1 month, 3 weeks ago
#1 is No> Both the group and the user need to be present in Azure AD for the user to inherit the group's permissions and access Azure resources.
upvoted 1 times
...
...
SeMo0o0o0o
3 months ago
WRONG No Yes No
upvoted 2 times
...
areyoushawtho
3 months ago
I think NYN N - It does not specify or imply that OU2 is configured to sync, therefore user will not be synced to Azure. Y - User2 is synced to azure, Role applied allows access N - It is not mentioned anywhere that User3 has the correct role to access share1
upvoted 1 times
...
ELearn
3 months, 1 week ago
User1 can access the content in share1. Answer: No. User1 does not have on-premises sync enabled, and therefore, would not be authenticated via Azure AD Domain Services. User2 can access the content in share2. Answer: Yes. User2 has on-premises sync enabled, which means they can be authenticated and have access to contoso2024 storage account shares, including share2. User2 can access the content in share3. Answer: No. The configuration for identity-based access was only shown for contoso2024, and share3 is in a different storage account (contoso2025). Without information about the configuration for contoso2025, we cannot assume User2 has access.
upvoted 1 times
Sickcnt
3 months ago
This answer is for another questions up this page
upvoted 2 times
...
...
DanfossAzure
3 months, 1 week ago
NYN I think
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago