AZ-104 · Question #555
AZ-104 Question #555: Real Exam Question with Answer & Explanation
The correct answer is C: On storage2, enable identity-based access for the file shares.. Azure Files supports identity-based authentication over Server Message Block (SMB) through on- premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
Question
Case Study 5 - Contoso, Ltd Overview General Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and branch offices in Seattle and New York. Environment Existing Environment Contoso has an Azure subscription named Sub1 that is linked to an Azure Active Directory (Azure AD) tenant. The network contains an on-premises Active Directory domain that syncs to the Azure AD tenant. The Azure AD tenant contains the users shown in the following table. Sub1 contains two resource groups named RG1 and RG2 and the virtual networks shown in the following table. User1 manages the resources in RG1. User4 manages the resources in RG2. Sub1 contains virtual machines that run Windows Server 2019 as shown in the following table No network security groups (NSGs) are associated to the network interfaces or the subnets. Sub1 contains the storage accounts shown in the following table. Requirements Planned Changes Contoso plans to implement the following changes: Create a blob container named container1 and a file share named share1 that will use the Cool storage tier. Create a storage account named storage5 and configure storage replication for the Blob service. Create an NSG named NSG1 that will have the custom inbound security rules shown in the following table. Associate NSG1 to the network interface of VM1. Create an NSG named NSG2 that will have the custom outbound security rules shown in the following table. Associate NSG2 to VNET1/Subnet2. Technical Requirements Contoso must meet the following technical requirements: Create container1 and share1. Use the principle of least privilege. Create an Azure AD security group named Group4. Back up the Azure file shares and virtual machines by using Azure Backup. Trigger an alert if VM1 or VM2 has less than 20 GB of free space on volume C. Enable User1 to create Azure policy definitions and User2 to assign Azure policies to RG1. Create an internal Basic Azure Load Balancer named LB1 and connect the load balancer to VNET1/Subnet1 Enable flow logging for IP traffic from VM5 and retain the flow logs for a period of eight months. Whenever possible, grant Group4 Azure role-based access control (Azure RBAC) read-only permissions to the Azure file shares. You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the Azure file shares. What should you do?
Options
- AOn storage1 and storage4, change the Account kind type to StorageV2 (general purpose v2).
- BRecreate storage2 and set Hierarchical namespace to Enabled.
- COn storage2, enable identity-based access for the file shares.
- DCreate a shared access signature (SAS) for storage1, storage2, and storage4.
Explanation
Azure Files supports identity-based authentication over Server Message Block (SMB) through on- premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
Community Discussion
No community discussion yet for this question.