ExpertMedium1 markMultiple Choice
AZ-305 · Question 25 · Domain 2.3: Recommend a data storage solution
You are designing a data lake for a financial institution using Azure Data Lake Storage Gen2.
The security team requires granular access control. Specifically, they need to grant a data science team read access to a specific sub-directory (/finance/2023/Q1/) without granting them access to the parent directory (/finance/) or any other sub-directories.
Which feature of ADLS Gen2 makes this possible?
You are designing a data lake for a financial institution using Azure Data Lake Storage Gen2.
The security team requires granular access control. Specifically, they need to grant a data science team read access to a specific sub-directory (/finance/2023/Q1/) without granting them access to the parent directory (/finance/) or any other sub-directories.
Which feature of ADLS Gen2 makes this possible?
Answer options:
A.
Azure Role-Based Access Control (RBAC)
B.
Shared Access Signatures (SAS)
C.
POSIX-compliant Access Control Lists (ACLs)
D.
Storage Account Access Keys
How to approach this question
Identify the feature unique to ADLS Gen2 that allows file and folder level permissions.
Full Answer
C.POSIX-compliant Access Control Lists (ACLs)✓ Correct
POSIX-compliant Access Control Lists (ACLs)
Azure Data Lake Storage Gen2 implements a hierarchical namespace, which allows it to support POSIX-compliant Access Control Lists (ACLs). While Azure RBAC is used to grant broad access (e.g., Storage Blob Data Contributor on a container), ACLs are used to provide granular, directory-level or file-level access. To grant access to a specific sub-directory, you assign Execute (X) permissions on the parent directories to allow traversal, and Read (R) permissions on the target directory.
Common mistakes
Choosing Azure RBAC. RBAC is too broad and cannot restrict access to a specific folder while denying access to sibling folders.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2
55 questions · hints · full answers · grading
More questions from this exam
Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel.
The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...Hard