AZ-204 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-204 Exam - Question 37

HOTSPOT

-

You are developing an application that includes two Docker containers.

The application must meet the following requirements:

• The containers must not run as root.

• The containers must be deployed to Azure Container Instances by using a YAML file.

• The containers must share a lifecycle, resources, local network, and storage volume.

• The storage volume must persist through container crashes.

• The storage volume must be deployed on stop or restart of the containers.

You need to configure Azure Container Instances for the application.

Which configuration values should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Exam AZ-204 Question 37
Show Answer
Correct Answer:

Discussion

23 comments
Sign in to comment
armpro
Jan 8, 2023

Ans: Container group, EmptyDir Container group is the only logical answer that can have shared lifecycle https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups?source=recommendations#what-is-a-container-group Azure files need root permission Secret is for secrets and read-only EmtyDir can persist through crash and redeployed on stop and restart https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-emptydir#emptydir-volume Cloned Git Repo also does the job but it needs more details like Git URL and stuff which are not mentioned to be available in the question

narenazure
Jan 11, 2023

Data in an emptyDir volume is persisted through container crashes. Containers that are restarted, however, are not guaranteed to persist the data in an emptyDir volume. If you stop a container group, the emptyDir volume is not persisted.

Esward
Jan 26, 2023

Gievn answers are correct!!

alekomar
Feb 3, 2023

There is no requirement to persist the data in a volume between restarts

Esward
Jan 26, 2023

Gievn answers are correct!!

alekomar
Feb 3, 2023

There is no requirement to persist the data in a volume between restarts

TonyMel
Mar 24, 2023

correct, in 2023Mar24, score:904/1000

BrownieP
Jan 6, 2025

Ans: Container group, EmptyDir Shared lifecycle: Container group. This ensures that the containers share a lifecycle, resources, local network, and storage volume. Storage volume: Empty directory; the appropriate storage volume option would be empty directory. This option allows the containers to run without root privileges while still providing a shared storage volume that persists through container crashes

GuruPratap
Mar 27, 2023

Chat GPT : Container Group, Azure fileshare

rgullini
Apr 6, 2023

Cannot be Azure File Share as requirement is not to run as root. https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files

varinder82
Mar 23, 2023

Could anyone give the correct answare. As it is quite confusing from the comments and multiple people having diff. options

nayru
Sep 27, 2023

Got on 26/09/23 and chose container group and empty dir (score 910)

narenazure
Jan 11, 2023

https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files here it is clearly mentioned Azure file share volume mount requires the Linux container run as root . so Azure file share is not an option

GuruPratap
Mar 27, 2023

Container Group, Azure fileshare For Shared lifecycle, the appropriate configuration setting would be "Container Group," which allows multiple containers to be deployed together as a group and share a local network, storage, and lifecycle. For Storage volume, the appropriate configuration setting would be "Azure file share," which provides a durable and highly available storage solution that can be mounted as a volume in the container instance. This ensures that the storage volume persists through container crashes and can be deployed on stop or restart of the containers.

rgullini
Apr 15, 2023

Azure File Share requires root. It is EmptyDir

dddddd111
Oct 23, 2023

No, using Azure File Share does not require running containers as root. Azure File Share allows you to mount a shared file system to containers in Azure Container Instances without the need for elevated privileges. You can mount Azure File Share to your containers securely without running them as root, ensuring better security practices.

dddddd111
Oct 23, 2023

No, using Azure File Share does not require running containers as root. Azure File Share allows you to mount a shared file system to containers in Azure Container Instances without the need for elevated privileges. You can mount Azure File Share to your containers securely without running them as root, ensuring better security practices.

aragones
May 14, 2023

Got this 2023-05-12. my cases also: case: You need to configure authorization. case: You need to ensure the app does not time out and processes the blob data case study: VanArsdel Inc Canada

dddddd111
Oct 23, 2023

Ans: Container group and Azure File share.

guschess
Feb 1, 2023

Ans: Container group, EmptyDir

Priya0703
Feb 20, 2023

This question was in exam today 20-2-2023

sachinrikhe
Mar 20, 2023

Container Group is the only logical But storage volume should be azure file share "Azure File Share allows the containers to share a persistent volume for storing data, and it can be mounted to the containers as a file system. It also provides a durable and highly available storage solution that persists through container crashes and can be deployed on stop or restart of the containers." Cloned Git does not provide a mechanism for deploying the application or managing its dependencies.

rgullini
Apr 15, 2023

Azure File Share requires root. It is EmptyDir

dddddd111
Oct 23, 2023

No, using Azure File Share does not require running containers as root. Azure File Share allows you to mount a shared file system to containers in Azure Container Instances without the need for elevated privileges. You can mount Azure File Share to your containers securely without running them as root, ensuring better security practices.

dddddd111
Oct 23, 2023

No, using Azure File Share does not require running containers as root. Azure File Share allows you to mount a shared file system to containers in Azure Container Instances without the need for elevated privileges. You can mount Azure File Share to your containers securely without running them as root, ensuring better security practices.

JH81
Jun 29, 2023

Got this on 6/28/2023 and passed with 850. Went with Container group, EmptyDir.

imanonion
Jan 7, 2023

Why isn't this Azure file share? Clone git repo is only available for Linux machines and this question did not specify Linux as a requirement..

imanonion
Jan 7, 2023

oops my bad..seems like all the four options are only available for Linux lol. Check this link: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-overview#linux-and-windows-containers Nonetheless, the link also mentions "To retrieve and persist state with Azure Container Instances, we offer direct mounting of Azure Files shares backed by Azure Storage."..shouldn't Azure Files then be the best answer?

tcybu
Jan 7, 2023

I agree with you, it should be Azure File Share, see: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files

JustHereToLearn
Jan 24, 2023

It cannot be Azure File Share as it contradicts with this "Azure file share volume mount requires the Linux container run as root ." which is explicitly mentioned in question not to do.

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

JustHereToLearn
Jan 24, 2023

It cannot be Azure File Share as it contradicts with this "Azure file share volume mount requires the Linux container run as root ." which is explicitly mentioned in question not to do.

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

tcybu
Jan 7, 2023

I agree with you, it should be Azure File Share, see: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files

JustHereToLearn
Jan 24, 2023

It cannot be Azure File Share as it contradicts with this "Azure file share volume mount requires the Linux container run as root ." which is explicitly mentioned in question not to do.

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

JustHereToLearn
Jan 24, 2023

It cannot be Azure File Share as it contradicts with this "Azure file share volume mount requires the Linux container run as root ." which is explicitly mentioned in question not to do.

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

tcybu
Feb 7, 2023

You're right, I missed the non-root requirement in the description. So, it can't be the Azure File Share

Ar_priya
Jan 7, 2023

as the container instances must run as non root user, answer is definitely not file share. "Azure file share volume mount requires the Linux container run as root ." https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files#limitations

Ar_priya
Jan 7, 2023

its not directory either. if container stops, directory data is lost and cant be persistent. so it is gitRepo Volume https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-gitrepo#gitrepo-volume

rgullini
Apr 15, 2023

We don´t need the data to remain on restart. The containers are re-deployed.

NicolasMous
Sep 7, 2023

The link is not outdated: The link you provided is outdated and does not reflect the current state of Azure Container Instances. According to the latest documentation, Azure file share volume mounts do not require the Linux container to run as root anymore. You can use the runAsUser and runAsGroup properties in the container group YAML file to specify a non-root user and group for the container. This way, you can meet the requirement of not running the container as root while using Azure file share as a persistent storage volume. I hope this clarifies your doubt. 😊 : https://docs.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files#mount-an-azure-file-share-as-a-volume : https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-groups#containeridentity

rgullini
Apr 15, 2023

We don´t need the data to remain on restart. The containers are re-deployed.

NicolasMous
Sep 7, 2023

The link is not outdated: The link you provided is outdated and does not reflect the current state of Azure Container Instances. According to the latest documentation, Azure file share volume mounts do not require the Linux container to run as root anymore. You can use the runAsUser and runAsGroup properties in the container group YAML file to specify a non-root user and group for the container. This way, you can meet the requirement of not running the container as root while using Azure file share as a persistent storage volume. I hope this clarifies your doubt. 😊 : https://docs.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files#mount-an-azure-file-share-as-a-volume : https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-groups#containeridentity

katrang
Sep 15, 2023

Shared Lifecycle - Container Group Storage volume - The storage volume must persist through container crashes, so emptyDir meets the requirements

manopeydakon
Jan 4, 2024

Container Group, Azure fileshare, You can set the user and group IDs for each container in the Docker image to ensure they do not run as the root user. This is typically done using the USER instruction in the Dockerfile. Azure File Share can be mounted as a volume in each container to provide shared storage. With these modifications, your containers will run with non-root users, and they will share storage using an Azure File Share.

Isoldhe
Feb 20, 2024

ChatGPT: Azure Container Group, Azure Fire Share

ThierryAhn
Mar 21, 2024

Azure file share volume mount requires the container run as root, so can not be.

Christian_garcia_martin
Aug 8, 2024

you dont be root if you modify the ownership and permissions using the chown and chmod commands after mounting the share in your startup script or Dockerfile .So Azure File share is ok

Christian_garcia_martin
Aug 8, 2024

you dont be root if you modify the ownership and permissions using the chown and chmod commands after mounting the share in your startup script or Dockerfile .So Azure File share is ok

8ac3742
Jul 31, 2024

The Storage Volume should Azure File Share, An Empty directory (or emptyDir) in Azure Container Instances is a type of ephemeral storage volume. An Empty directory provides a writable directory that is accessible to each container in a container group. When the container group is created, the directory is initially empty, hence the name "emptyDir"1. Empty directories are commonly used for: scratch space: Temporary storage for data that doesn’t need to persist beyond the container’s lifecycle. Checkpointing: Storing intermediate results during long-running tasks. Sidecar containers: Sharing data between a main application container and a sidecar container, such as logs or temporary files1.

Ody
Dec 23, 2024

I think this is the correct answer... now. Maybe not in the past. Now, we can use Managed Identities. az container create \ --resource-group <your-resource-group> \ --name <your-container-instance-name> \ --image <your-container-image> \ --assign-identity <your-managed-identity-id> \ --azure-file-volume-account-name <your-storage-account> \ --azure-file-volume-share-name <your-file-share> \ --azure-file-volume-mount-path <mount-path> \ --role StorageBlobDataContributor https://learn.microsoft.com/en-us/answers/questions/2075070/mount-volumes-in-aci-but-without-using-storage-acc

dimsok
Feb 7, 2023

"The storage volume must persist through container crashes" + "The storage volume must be deployed on stop or restart of the containers." = "Cloned Git Repo"

AhmedAbdelAziz
Jan 26, 2024

Ans: Container group, EmptyDir EmptyDir doesn't required run as root , also support data persistence throw container crashes although it doesn't grantee persist the data in a volume between restarts as there is no requirement like that

Kensington
Aug 15, 2024

Container group is the only logical answer, as mentioned by others. Emptydir lifecycle is tied to the container group and therefore persists for individual container crashes. GitRepo makes less sense as it's ready-only and is mostly used for scenarios where you want to load code into your app. https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-emptydir

hasala
Apr 10, 2025

GPT: Storage volume: ✔ Answer: Azure file share 📌 Explanation: An Azure File Share provides persistent, durable storage that survives container crashes and restarts. This is the only option listed that fully meets the persistence requirement. Options like Empty directory are temporary and reset on restart.

Thameur01
Apr 19, 2025

Ans: Container group, EmptyDir, please update the answer