ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam DP-420 All Questions

View all questions & answers for the DP-420 exam
Go to Exam

Exam DP-420 topic 1 question 1 discussion

Actual exam question from Microsoft's DP-420
Question #: 1
Topic #: 1
[All DP-420 Questions]

HOTSPOT -
You have an Azure Cosmos DB Core (SQL) API account named account1 that has the disableKeyBasedMetadataWriteAccess property enabled.
You are developing an app named App1 that will be used by a user named DevUser1 to create containers in account1. DevUser1 has a non-privileged user account in the Azure Active Directory (Azure AD) tenant.
You need to ensure that DevUser1 can use App1 to create containers in account1.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Resource tokens -
Resource tokens provide access to the application resources within a database. Resource tokens:
Provide access to specific containers, partition keys, documents, attachments, stored procedures, triggers, and UDFs.
Box 2: Azure Resource Manager API
You can use Azure Resource Manager to help deploy and manage your Azure Cosmos DB accounts, databases, and containers.
Incorrect Answers:
The Microsoft Graph API is a RESTful web API that enables you to access Microsoft Cloud service resources.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data https://docs.microsoft.com/en-us/rest/api/resources/
by lakime at April 27, 2022, 7:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lakime
Highly Voted 2 years, 4 months ago
I think it will be "Role-based access control" as Resouce Token doesn't cooperate with AD, regarding second part - ARM is correct
upvoted 23 times
...
nkav
Highly Voted 2 years, 2 months ago
RBAC is the answer.
upvoted 6 times
...
anto69
Most Recent 4 days, 10 hours ago
RBAC and AzureRM API
upvoted 1 times
...
Tuopikson
1 month, 1 week ago
Correct selections are: Role-Based Access Control (RBAC) SQL (Core) API RBAC allows you to manage access to Azure resources, ensuring that DevUser1 has the necessary permissions to create containers in the Azure Cosmos DB Core (SQL) API account. Once permissions are granted, DevUser1 can use the SQL (Core) API to create containers.
upvoted 1 times
...
rakun
4 months, 2 weeks ago
first is RBAC: Azure Cosmos DB RBAC is the ideal access control method in situations where: - You want to use Microsoft Entra identities to authenticate your requests.
upvoted 1 times
...
3a0b61c
6 months ago
RBAC/ARM https://learn.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs#disable-key-based-metadata-write-access ・After you set this property, changes to any resource can happen from a user with the proper Azure role and credentials. ・After the disableKeyBasedMetadataWriteAccess is turned on, if the SDK based clients run create or update operations, an error "Operation 'POST' on resource 'ContainerNameorDatabaseName' is not allowed through Azure Cosmos DB endpoint is returned. You have to turn on access to such operations for your account, or perform the create/update operations through Azure Resource Manager, Azure CLI or Azure PowerShell.
upvoted 2 times
...
[Removed]
10 months, 2 weeks ago
RBAC SQL API
upvoted 1 times
...
XiangRongChang
1 year, 2 months ago
For me is Azure Resource Manager API. When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked. Alternatively, you can use Azure portal, Azure CLI, Azure PowerShell, or Azure Resource Manager template deployments to perform these operations.
upvoted 1 times
xRiot007
8 months, 2 weeks ago
"When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked." - unless the user has an AD account (he does) with proper access rights (Cosmos DB Contributor) - this is not specified.
upvoted 1 times
...
...
azuredemo2022three
1 year, 3 months ago
Correct Answer Should be. Grant permission to create containers by using: Role-based access control (RBAC) Create containers by using: SQL (Core) API
upvoted 5 times
...
essdeecee
2 years ago
More likely to be SQL (Core) API. Permission for Cosmos is required whereas Azure Resource Manager would need portal permissions.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago