AZ-204 · Question #402
AZ-204 Question #402: Real Exam Question with Answer & Explanation
The correct answer is C: Cosmos DB Operator. Azure Cosmos DB now provides a new RBAC role, Cosmos DB Operator. This new role lets you provision Azure Cosmos accounts, databases, and containers, but can't access the keys that are required to access the data. This role is intended for use in scenarios where the ability to gra
Question
You are developing a Java application that uses Cassandra to store key and value data. You plan to use a new Azure Cosmos DB resource and the Cassandra API in the application. You create an Azure Active Directory (Azure AD) group named Cosmos DB Creators to enable provisioning of Azure Cosmos accounts, databases, and containers. The Azure AD group must not be able to access the keys that are required to access the data. You need to restrict access to the Azure AD group. Which role-based access control should you use?
Options
- ADocumentDB Accounts Contributor
- BCosmos Backup Operator
- CCosmos DB Operator
- DCosmos DB Account Reader
Explanation
Azure Cosmos DB now provides a new RBAC role, Cosmos DB Operator. This new role lets you provision Azure Cosmos accounts, databases, and containers, but can't access the keys that are required to access the data. This role is intended for use in scenarios where the ability to grant access to Azure Active Directory service principals to manage deployment operations for Cosmos DB is needed, including the account, database, and containers. https://azure.microsoft.com/en-us/updates/azure-cosmos-db-operator-role-for-role-based-access- control-rbac-is-now-available/
Community Discussion
No community discussion yet for this question.