DP-420 Exam QuestionsBrowse all questions from this exam
Go to Exam

DP-420 Exam - Question 1

HOTSPOT -

You have an Azure Cosmos DB Core (SQL) API account named account1 that has the disableKeyBasedMetadataWriteAccess property enabled.

You are developing an app named App1 that will be used by a user named DevUser1 to create containers in account1. DevUser1 has a non-privileged user account in the Azure Active Directory (Azure AD) tenant.

You need to ensure that DevUser1 can use App1 to create containers in account1.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam DP-420 Question 1
Show Answer
Correct Answer:
Exam DP-420 Question 1

Box 1: Resource tokens -

Resource tokens provide access to the application resources within a database. Resource tokens:

Provide access to specific containers, partition keys, documents, attachments, stored procedures, triggers, and UDFs.

Box 2: Azure Resource Manager API

You can use Azure Resource Manager to help deploy and manage your Azure Cosmos DB accounts, databases, and containers.

Incorrect Answers:

The Microsoft Graph API is a RESTful web API that enables you to access Microsoft Cloud service resources.

Reference:

https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data https://docs.microsoft.com/en-us/rest/api/resources/

Discussion

11 comments
Sign in to comment
lakime
Oct 27, 2022

I think it will be "Role-based access control" as Resouce Token doesn't cooperate with AD, regarding second part - ARM is correct

nkav
Dec 24, 2022

RBAC is the answer.

azuredemo2022three
Dec 4, 2023

Correct Answer Should be. Grant permission to create containers by using: Role-based access control (RBAC) Create containers by using: SQL (Core) API

essdeecee
Mar 11, 2023

More likely to be SQL (Core) API. Permission for Cosmos is required whereas Azure Resource Manager would need portal permissions.

3a0b61c
Sep 14, 2024

RBAC/ARM https://learn.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs#disable-key-based-metadata-write-access ・After you set this property, changes to any resource can happen from a user with the proper Azure role and credentials. ・After the disableKeyBasedMetadataWriteAccess is turned on, if the SDK based clients run create or update operations, an error "Operation 'POST' on resource 'ContainerNameorDatabaseName' is not allowed through Azure Cosmos DB endpoint is returned. You have to turn on access to such operations for your account, or perform the create/update operations through Azure Resource Manager, Azure CLI or Azure PowerShell.

XiangRongChang
Jan 7, 2024

For me is Azure Resource Manager API. When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked. Alternatively, you can use Azure portal, Azure CLI, Azure PowerShell, or Azure Resource Manager template deployments to perform these operations.

xRiot007
Jul 1, 2024

"When disableKeyBasedMetadataWriteAccess is set to true, the metadata operations issued by the SDK are blocked." - unless the user has an AD account (he does) with proper access rights (Cosmos DB Contributor) - this is not specified.

[Removed]
May 1, 2024

RBAC SQL API

rakun
Nov 3, 2024

first is RBAC: Azure Cosmos DB RBAC is the ideal access control method in situations where: - You want to use Microsoft Entra identities to authenticate your requests.

Tuopikson
Feb 6, 2025

Correct selections are: Role-Based Access Control (RBAC) SQL (Core) API RBAC allows you to manage access to Azure resources, ensuring that DevUser1 has the necessary permissions to create containers in the Azure Cosmos DB Core (SQL) API account. Once permissions are granted, DevUser1 can use the SQL (Core) API to create containers.

anto69
Mar 13, 2025

RBAC and AzureRM API

WimTS
Apr 17, 2025

RBAC to grant access to the user The user will use App1 to create the container, so the app will use the SQL (Core) API