AZ-204 Question #431: Real Exam Question with Answer & Explanation

Question

Case Study 8 - VanArsdel, Ltd Background VanArsdel, Ltd. is a global office supply company. The company is based in Canada and has retail store locations across the world. The company is developing several cloud-based solutions to support their stores, distributors, suppliers, and delivery services. Current environment Corporate website consists of a React JavaScript user interface, HTML, CSS, image assets, and several APIs hosted in Azure Functions. Retail Store Locations The company supports thousands of store locations globally. Store locations send data every hour to an Azure Blob storage account to support inventory, purchasing and delivery services. Each record includes a location identifier and sales transaction information. Requirements The application components must meet the following requirements: Corporate website - Secure the website by using SSL. - Minimize costs for data storage and hosting. - Implement native GitHub workflows for continuous integration and continuous deployment (CI/CD). - Distribute the website content globally for local use. - Implement monitoring by using Application Insights and availability web tests including SSL certificate validity and custom header value verification. - The website must have 99.95 percent uptime. Retail store locations - Azure Functions must process data immediately when data is uploaded to Blob storage. Azure Functions must update Azure Cosmos DB by using native SQL language queries. - Audit store sale transaction information nightly to validate data, process sales financials, and reconcile inventory. Delivery services - Store service telemetry data in Azure Cosmos DB by using an Azure Function. Data must include an item id, the delivery vehicle license plate, vehicle package capacity, and current vehicle location coordinates. - Store delivery driver profile information in Azure Active Directory (Azure AD) by using an Azure Function called from the corporate website. Inventory services The company has contracted a third-party to develop an API for inventory processing that requires access to a specific blob within the retail store storage account for three months to include read-only access to the data. Security - All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key. - Authentication and authorization must use Azure AD and services must use managed identities where possible. Issues Retail Store Locations - You must perform a point-in-time restoration of the retail store location data due to an unexpected and accidental deletion of data. - Azure Cosmos DB queries from the Azure Function exhibit high Request Unit (RU) usage and contain multiple, complex queries that exhibit high point read latency for large items as the function app is scaling. Question You need to grant access to the retail store location data for the inventory service development effort. What should you use?

Options

• AAzure AD access token
• BAzure RBAC role
• CShared access signature (SAS) token
• DAzure AD ID token
• EAzure AD refresh token

Explanation

A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For What resources the client may access. What permissions they have to those resources. How long the SAS is valid. Note: Inventory services: The company has contracted a third-party to develop an API for inventory processing that requires access to a specific blob within the retail store storage account for three months to include read-only access to the data. https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

No community discussion yet for this question.