AZ-103 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-103 Exam - Question 47

SIMULATION -

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g, copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Use the following login credentials as needed:

Azure Username: XXXXXXX -

Azure Password: XXXXXXX -

The following information is for technical support purposes only:

Lab Instance: 9172796 -

Exam AZ-103 Question 47

You plan to store media files in the rg1lod9172796 storage account.

You need to configure the storage account to store the media files. The solution must ensure that only users who have access keys can download the media files and that the files are accessible only over HTTPS.

What should you do from the Azure portal?

Show Answer
Correct Answer:

See solution below.

We should create an Azure file share.

Step 1: In the Azure portal, select All services. In the list of resources, type Storage Accounts. As you begin typing, the list filters based on your input. Select

Storage Accounts.

On the Storage Accounts window that appears.

Step 2: Locate the rg1lod9172796 storage account.

Step 3: On the storage account page, in the Services section, select Files.

Exam AZ-103 Question 47

Step 4: On the menu at the top of the File service page, click + File share. The New file share page drops down.

Step 5: In Name type myshare. Click OK to create the Azure file share.

References:

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-portal

Discussion

20 comments
Sign in to comment
awsnoob
Mar 20, 2020

So, to clarify... 1. Create a Blob container with private access 2. Generate a SAS, with Blob only access and allow only HTTPS

Wathini
Mar 17, 2020

Media files use Blob Storage, You can generate Keys and allow protocols http/https by using SAS. My answer would be blob storage.

[Removed]
May 18, 2020

The correct answer is to have Blob storage set to private access to cover the question requirement for only accessible with Access keys. and you have to enable secure setting in the storage account configuration menu (to cover only available in HTTPS). Some users are talking about setting SAS over https, but that's not what the question is asking for, SAS is different than Access Key and it's been explicitly said storage keys. important to differentiate SAS and AK.

praveen97
Jul 4, 2020

Agree with AshkanVafa. To access media files only in HTTPS, enable Secure Transfer in Storage Account -> Configuration. The secure transfer option enhances the security of your storage account by only allowing requests to the storage account by secure connection. For example, when calling REST APIs to access your storage accounts, you must connect using HTTPs. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. Also, as per the below link, Microsoft recommends to use Azure Blob Storage for media files (Video/Audio). https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction#blob-storage So, the answer should be create a Blob Storage (Containers -> New Container (Private - no anonymous access) -> Upload -> select mediate files -> Advanced, select Block type as Block blob) Azure Blob files can be downloaded using c# https://microsoft.github.io/AzureTipsAndTricks/blog/tip76.html#download-a-file

BesQpin
Jul 26, 2021

This is the answer

jonnybugaloo
Jun 7, 2020

https://www.examtopics.com/assets/media/exam-media/03048/0005500001.jpg This is an image showing this kind of configuration requested on this question. File share with access key accessed through HTTPS only. That's the way

Julien92600
Jun 9, 2020

The answer is good. If you want to set "HTTPS Only" go to our Storage Account > select Shared Access Signature and Check HTTPS Only as the image above

silversurfer
Mar 15, 2020

only share access signature on file shares allow you to select https access

deepu1207
Mar 11, 2020

for media files we can use blob storage but how we can goto files in storage account

SorinOmen
Aug 3, 2020

The question says "only users who have access keys" ( SAS is a token, not a key ), so I assume we can just enable the "Secure transfer required" feature on the Storage Account level and create a blob to store the media files.

Saman2020
Aug 20, 2020

Storage Account -> Configuration > Secure Transfer > enable

Bruce
Mar 23, 2020

I would also create a blob store with SAS tokens, no?

jonnybugaloo
May 29, 2020

It is correct, guys. Fine shares can store media files, no problem on this. My doubt was on https part, and I found this: Encryption in transit By default, all Azure storage accounts have encryption in transit enabled. This means that when you mount a file share over SMB or access it via the FileREST protocol (such as through the Azure portal, PowerShell/CLI, or Azure SDKs), Azure Files will only allow the connection if it is made with SMB 3.0+ with encryption or HTTPS. Clients that do not support SMB 3.0 or clients that support SMB 3.0 but not SMB encryption will not be able to mount the Azure file share if encryption in transit is enabled. For more information about which operating systems support SMB 3.0 with encryption, see our detailed documentation for Windows, macOS, and Linux. All current versions of the PowerShell, CLI, and SDKs support HTTPS. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-networking-overview So, the answer given is correct.

jonnybugaloo
May 29, 2020

Second thoughts: Question says "only HTTPS" I don't know if it possible to disable SMB on file share, and even it has no sense. Container for blobs is best option to guarantee this.

TinyTrexArmz
Aug 5, 2020

It seems to me there are two workable solutions. 1) File Share - Not recommended for media files but will handle them. You can go into the storage account's Configuration blade and select "secure transfer required." This will allow SMB with encryption ONLY. When mapping the drive letter, you are required to use the Account Key as the password. 2) Blob Container with SAS - This one is recommended for media files. You can use a SAS token to require HTTPS and limit what users can do. You can argue that the question says explicitly, users have to have the Access Key to access the data and that SAS is not sharing the Access Key. But I think you could install Storage Explorer and input the user and Access Key data into it and access the data via APIs and the storage account (untested). With the addition of going into the Storage Account's Configuration blade and selecting secure transfer required, this too would seem to satisfy the requirements. Correct?

fransbj
Mar 15, 2020

I would create a blob container with private access

dayakollapu
Mar 16, 2020

We cannot store the media files on File Share.

Intikhab
Apr 12, 2020

answer is right because, Azure Files offers two additional ways to manage access control: You can use shared access signatures (SAS) to generate tokens that have specific permissions, and which are valid for a specified time interval. For example, you can generate a token with read-only access to a specific file that has a 10-minute expiry. Anyone who possesses the token while the token is valid has read-only access to that file for those 10 minutes. Shared access signature keys are supported only via the REST API or in client libraries. You must mount the Azure file share over SMB by using the storage account keys. https://docs.microsoft.com/en-us/azure/storage/files/storage-files-faq

lolo13698
Apr 20, 2020

For https access, you need to use blobs.

[Removed]
Apr 25, 2020

You are missing the HTTPS part, you need a blob for that.

r_s880
May 15, 2020

for media file we can use FileShare as well, it provides you https URL access however we can deploy the scenario via blob storage but I am ok with FileShare

Jmontenegro
May 31, 2020

It has to be Blob and not file share, if HTTPs is requiered, a SMB file share is pointless, SAS access is not lined to Blob o file share though, but to the storage account

nfett
Jun 2, 2020

answer should be blob. not file share.

DA0410
Sep 22, 2020

Create file share , make sure SMB port 445 and Https port 443 are allowed to share access

cmom
Oct 16, 2020

Blobs no longer shows as an option on the Azure portal, so I am guess that answers it.

JBinuya
Feb 3, 2021

Blobs is not shown as an option there are only: Containers, File shares, Tables, and Queues