ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 92 discussion

Actual exam question from Microsoft's AZ-104
Question #: 92
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain.

The domain contains the identities shown in the following table.



You have an Azure subscription that contains a storage account named storage1. The file shares in storage1 have an identity source of AD DS and Default share-level permissions set to Enable permissions for all authenticated users and groups.

You create an Azure Files share named share1 that has the roles shown in the following table.



You have a Microsoft Entra tenant that contains a cloud-only user named User3.

You use Microsoft Entra Connect to sync OU1 from the AD DS domain to the Microsoft Entra tenant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by HardeWerker433 at Aug. 20, 2024, 11:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rediwed
Highly Voted 10 months, 3 weeks ago
I think it is NYN. N - User 1 is in organizational unit 2, but OU2 isn't configured to sync from the AD DS domain to the Entra Tenant. Y - User2 is in the OU1 domain which IS synced to the Entra tenant N - User3 has not been granted access either as an authenticated user or through an authenticated group.
upvoted 20 times
Mitko_V_Milkov
7 months ago
It seems that NYN is the correct answer. You can type this question like this "I have the following scenario. On-prem AD syncing to Azure Entra ID. On prem I have two OUs. OU1 and OU2. I have User1 in OU2 and User2 in OU1. In OU1 I have Group1 which contains User1. Only OU1 is is synced from on-prem AD to Azure. Is User1 going to be synced to Azure?", and it will be explained to you that User1 will not be synced, therefore will not be able to read the share.
upvoted 2 times
Mitko_V_Milkov
5 months, 2 weeks ago
But you know what.....regardles of all arguments if Uer1 will be synced or not, User1 is part of Group1 which only has Contributer access to the Share. Does not this mean that it can add and modify, but not actually access the content of the Share...and that is what the question is asking "access"...So, NO...
upvoted 2 times
...
Mitko_V_Milkov
6 months, 1 week ago
Forgot to mention...you type this question in ChatGPT
upvoted 1 times
...
...
Dankho
9 months ago
User1 is a member of Group1 which is in OU1 which is synced to AD DS. so 1 is yes.
upvoted 3 times
Dankho
9 months ago
Nevermind. Azure AD role assignments are evaluated based on Azure AD identities. For User1 to have access, they need an Azure AD identity, which they don’t have because they are in an organizational unit (OU2) that hasn’t been synchronized.
upvoted 3 times
...
...
alsmk2
10 months, 3 weeks ago
I agree with this, though I hate the fact MS want us to be Sherlock Holmes to answer most of these questions.
upvoted 6 times
Brzzzzz4489
10 months, 1 week ago
RIGHT!!!!!!
upvoted 1 times
...
...
...
itismadu
Highly Voted 9 months, 2 weeks ago
Box 1: Yes Yes - User1 can access content in share1. User1 is in OU2. OU2 is not synced to the on-premises Active Directory Domain Services (AD DS) domain. However, User1 is member of Group1. Group1 is member of OU1. OU1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. So, User1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. Box 2: Yes Yes - User2 can access content in share1. User2 is in OU1. OU1 is synced to the on-premises Active Directory Domain Services (AD DS) domain. Box 3: No No - User3 can access content in share1. User3 is not member of OU2. User3 is not member of Group1.
upvoted 5 times
Dankho
9 months ago
Group membership in on-prem AD does not grant Azure access unless both the group and the user accounts are synchronized to Azure AD.
upvoted 3 times
...
Mshaty
9 months, 2 weeks ago
Where is it written that user 1 is in Grp1 ?
upvoted 2 times
...
...
marek_jazz
Most Recent 1 month, 3 weeks ago
No Yes No During an On-Prem>Entra sync, only direct objects are synced from the OU - so Group1 is synced but the contained user USER1 is not.
upvoted 2 times
...
Mitko_V_Milkov
7 months ago
It seems that NYN is the correct answer. You can type this question like this "I have the following scenario. On-prem AD syncing to Azure Entra ID. On prem I have two OUs. OU1 and OU2. I have User1 in OU2 and User2 in OU1. In OU1 I have Group1 which contains User1. Only OU1 is is synced from on-prem AD to Azure. Is User1 going to be synced to Azure?", and it will be explained to you that User1 will not be synced, therefore will not be able to read the share.
upvoted 2 times
ozansenturk
6 months ago
User2, who resides in OU1, will be synced because OU1 is part of the sync configuration. User1, who resides in OU2, will not be synced, even though they are a member of Group1 in OU1.
upvoted 1 times
...
...
Stunomatic
8 months, 3 weeks ago
If OU2 is not included in the synchronization scope, User 1 will not be synchronized to Azure AD, even though User 1 is a member of Group 1. As a result, in Azure AD, Group 1 will appear without User 1 in its membership because User 1 is not synced.
upvoted 3 times
...
155e6a0
9 months, 3 weeks ago
Y - User1 is in Group1, which is in OU1. So User1 is synced. Y N
upvoted 1 times
Dankho
9 months ago
#1 is No> Both the group and the user need to be present in Azure AD for the user to inherit the group's permissions and access Azure resources.
upvoted 2 times
...
...
areyoushawtho
10 months, 1 week ago
I think NYN N - It does not specify or imply that OU2 is configured to sync, therefore user will not be synced to Azure. Y - User2 is synced to azure, Role applied allows access N - It is not mentioned anywhere that User3 has the correct role to access share1
upvoted 1 times
...
ELearn
10 months, 3 weeks ago
User1 can access the content in share1. Answer: No. User1 does not have on-premises sync enabled, and therefore, would not be authenticated via Azure AD Domain Services. User2 can access the content in share2. Answer: Yes. User2 has on-premises sync enabled, which means they can be authenticated and have access to contoso2024 storage account shares, including share2. User2 can access the content in share3. Answer: No. The configuration for identity-based access was only shown for contoso2024, and share3 is in a different storage account (contoso2025). Without information about the configuration for contoso2025, we cannot assume User2 has access.
upvoted 1 times
Sickcnt
10 months, 2 weeks ago
This answer is for another questions up this page
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel