AZ-104 Exam - Question 118

It should be A, I just created a storage account, then created a file share, went to IAM, and it says : To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account.

After arguing with ChatGPT here is the answer: The correct steps to assign User1 the Storage File Data SMB Share Contributor role for share1 are: 1. Enable identity-based data access for the file shares in storage1. 2. Configure Access control (IAM) for share1 and add User1 as a role assignment with the Storage File Data SMB Share Contributor role. So the correct answer is A.

Correct answer is D, the question is here about granting RBAC role to a user. the option A, i about identity based access, it is only needed when you want to give permissions to a file share to lets say end users. It has nothing to do with RBAC role .

.... i had no issues assigning Storage File Data SMB Share Contributor role through IAM to a single user.............. didnt have to do anything else like enable identy based authentication. etc.

D. Configure Access control (IAM) for share1. Here’s why: Configure Access control (IAM): In Azure, roles such as the Storage File Data SMB Share Contributor are assigned through the Access control (IAM) settings. This process involves selecting the appropriate role and assigning it to a user or group for a specific resource, which in this case is the file share named share1.

To add RBAC role you just need to assign the role to any Entra user through IAM Kerberos access is a different topic don't confuse this with RBAC

Tested - Was able to assign the role in Access Control (IAM) without enabling identity-based authentication.

To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account.

A is correct

Should B a as it needs UDentity-based authentication for individual users

Correct Answer is A. tested as well.

A is right

Option C: Select Default to Azure Active Directory authorization in the Azure portal for storage1 - This option is the most straightforward and necessary initial step for setting up Azure AD-based authorization. It directly configures the storage account to use Azure AD for access control, which is a prerequisite for assigning Azure AD roles to manage access to file shares.

A is correct because this setting allows Azure AD-based authentication for the file shares, which is a prerequisite for assigning roles based on Azure AD identities.

To assign the SMB Share Contributor role to user1 for Share1, you can follow these steps1: 1. Go to the Azure portal: Log in to your Azure portal. 2. Navigate to the storage account: Browse to the storage account (storage1) that contains the file share (Share1) you created previously1. 3. Select Access Control (IAM): This is where you can manage access to your resources1. 4. Add a role assignment: Select ‘+ Add’, then select ‘Add role assignment’ from the drop-down menu1. 5. Select the role and assign it to the user: In the ‘Add role assignment’ blade, select the ‘Storage File Data SMB Share Contributor’ role from the Role list1. Then, in the ‘Select members’ field, search for and select user11. 6. Review and assign: Review the role assignment details and then click 'Assign’1.

Answer is D. Stop saying A. It is very clea in Microsfot Documentation ( https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal ) Step 2: Open the Add role assignment page (Answer D) Step 3: Select the appropriate role (Answer A)

A is correct key words are what should you do first, A is done first before D.