DP-100 Question #345: Real Exam Question with Answer & Explanation

The correct answer is C: Account SAS key. To configure permanent access to an Azure Files share from an Azure Machine Learning datastore, an Account SAS key is the most appropriate and secure authorization method.

Design and prepare a machine learning solution

Question

You manage an Azure Machine Learning Workspace named Workspase1 and an Azure Files share named Share1. You plan to create an Azure Files datastore in Workspace1 to target Share1. You need to configure permanent access to Share1 from the Azure Files datastore. Which authorization method should you use?

Options

APrimary access key
BAnonymous access
CAccount SAS key
DUser delegation SAS key

Explanation

To configure permanent access to an Azure Files share from an Azure Machine Learning datastore, an Account SAS key is the most appropriate and secure authorization method.

Common mistakes.

A. Using the primary access key directly for datastore creation grants full control over the storage account and is generally not recommended for long-term or shared access due to significant security risks.
B. Anonymous access is not supported for Azure Files shares, meaning files cannot be accessed without some form of authentication.
D. A User delegation SAS key is typically issued by Azure Active Directory for Blob storage, not Azure Files, and it still has a defined validity period, making it less 'permanent' than a long-lived Account SAS.

Concept tested. Azure ML datastore Azure Files authentication

Reference. https://learn.microsoft.com/en-us/azure/machine-learning/how-to-create-datastore?view=azureml-api-2#azure-files

Topics

#Azure Storage#Azure Files#Datastores#SAS Keys

Community Discussion

No community discussion yet for this question.

Full DP-100 Practice Browse All DP-100 Questions