AZ-204 Exam QuestionsBrowse all questions from this exam

AZ-204 Exam - Question 256


HOTSPOT

-

A company has an Azure storage static website with a custom domain name.

The company informs you that unauthorized users from a different country/region are accessing the website. The company provides the following requirements for the static website:

• Unauthorized users must not be able to access the website.

• Users must be able to access the website using the HTTPS protocol.

You need to implement the changes to the static website.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Exam AZ-204 Question 256
Show Answer
Correct Answer:
Exam AZ-204 Question 256

Discussion

5 comments
Sign in to comment
c75314a
Oct 21, 2024

Not "Configure the AllowBlobPublicAccess property for the storage account to False" https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#set-the-storage-accounts-allowblobpublicaccess-property Not "Configure the storage account to use Microsoft Entra ID authentication" https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#do-static-websites-support-microsoft-entra-id Not "Configure the public access level of the web container to Blob" https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#impact-of-setting-the-access-level-on-the-web-container So i would say "Configure a firewall rule on the storage account" "Enable Azure Content Delivery Network on the storage account" is correct: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website#mapping-a-custom-domain-to-a-static-website-url

examtopicsLogin123
Dec 19, 2024

Thanks for the links! "Enable Azure Content Delivery Network on the storage account" - this option says nothing about HTTPS. With this option you can setup HTTPS if you want. "Configure the storage account to require secure transfer" - this option means only HTTPS requests would work. And the question contains the word "Require". I think this is the correct one. Quotes from the last link: "To enable HTTPS, you'll have to use Azure CDN ..." "If the storage account is configured to require secure transfer over HTTPS, then users must use the HTTPS endpoint."

examtopicsLogin123
Dec 19, 2024

Now I think this is the correct answer: "Enable Azure Content Delivery Network on the storage account" Because there is a nuance with custom domains. It seems the "Secure transfer required" option doesn't work for HTTPS and custom domains: "Because Azure Storage doesn't support HTTPS for custom domain names, this option isn't applied when you're using a custom domain name." https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer

examtopicsLogin123
Dec 19, 2024

Now I think this is the correct answer: "Enable Azure Content Delivery Network on the storage account" Because there is a nuance with custom domains. It seems the "Secure transfer required" option doesn't work for HTTPS and custom domains: "Because Azure Storage doesn't support HTTPS for custom domain names, this option isn't applied when you're using a custom domain name." https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer

Mattt
Oct 29, 2024

- Configure a firewall rule on the storage account - Configure the storage account to require secure transfer

Iaminall
Apr 8, 2025

It's about authorization, I think the 1st one must be with Entra ID m.

Iaminall
Apr 9, 2025

Configure firewall rules on the storage account (to restrict unauthorized users by location) Configure the storage account to enable secure transfer (to enforce HTTPS)

Thameur01
Apr 12, 2025

Prevent access from unauthorized users ==> Configure a firewall rule on the storage account Require HTTPS access to the website ==> Configure the storage account to require secure transfer

gfanco
Apr 18, 2025

SOLUTION 1: "Configure a firewall rule on the storage account" -> Prevents attacks from external IPs, or public links that are being misused. However, an attacker inside the allowed network can still attempt to access it. "Configure the storage account to use Microsoft Entra ID authentication" -> Authentication is not enough, Authorization (RBAC) via Microsoft Login ID is also required. "Configure the AllowBlobPublicAccess property for the storage account to False" -> The best choice, because prevents anonymous access to the blobs, regardless of the container's public access level. SOLUTION 2: "Configure the SA to require secure transfer" - Ensures that all communication with the storage account is encrypted using HTTPS, preventing sensitive data from being intercepted in transit. Requires all requests to be made over HTTPS, rejecting any HTTP requests.

gfanco
Apr 18, 2025

My bad, SOLUTION 2 is "Enable Azure Content Delivery Network on the storage account" "Secure transfer required" has a limitation for custom domain names: "Because Azure Storage doesn't support HTTPS for custom domain names, this option isn't applied when you're using a custom domain name." https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer Suggested Answer are CORRECT !!!