DP-203 Practice Questions — Page 24

Question 231

You have an Azure Data Lake Storage Gen 2 account named storage1.

You need to recommend a solution for accessing the content in storage1. The solution must meet the following requirements:

• List and read permissions must be granted at the storage account level.

• Additional permissions can be applied to individual objects in storage1.

• Security principals from Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, must be used for authentication.

What should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Question 232

Open question ↗

You have an Azure Synapse Analytics dedicated SQL pool named Pool1 that contains a table named Sales.

Sales has row-level security (RLS) applied. RLS uses the following predicate filter.

A user named SalesUser1 is assigned the db_datareader role for Pool1.

Which rows in the Sales table are returned when SalesUser1 queries the table?

A.only the rows for which the value in the User_Name column is SalesUser1
B.all the rows
C.only the rows for which the value in the SalesRep column is Manager
D.only the rows for which the value in the SalesRep column is SalesUser1

Question 233

Open question ↗

You have an Azure Data Lake Storage Gen2 account named account1 that contains the resources shown in the following table.

You need to configure access control lists (ACLs) to allow a user named User1 to delete File1. User1 is NOT assigned any role-based access control (RBAC) roles for account1. The solution must use the principle of least privilege.

Which type of ACL should you configure for each resource? To answer select the appropriate options in the answer area.

Question 234

Open question ↗

You have an Azure subscription that is linked to a tenant in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. The tenant that contains a security group named Group1. The subscription contains an Azure Data Lake Storage account named myaccount1. The myaccount1 account contains two containers named container1 and container2.

You need to grant Group1 read access to container1. The solution must use the principle of least privilege.

Which role should you assign to Group1?

A.Storage Table Data Reader for myaccount1
B.Storage Blob Data Reader for container1
C.Storage Blob Data Reader for myaccount1
D.Storage Table Data Reader for container1

Question 235

Open question ↗

You have an Azure Synapse Analytics dedicated SQL pool that contains a table named dbo.Users.

You need to prevent a group of users from reading user email addresses from dbo.Users.

What should you use?

A.column-level security
B.row-level security (RLS)
C.Transparent Data Encryption (TOE)
D.dynamic data masking

Question 236

Open question ↗

You have an Azure Synapse Analytics dedicated SQL pool that hosts a database named DB1.

You need to ensure that DB1 meets the following security requirements:

• When credit card numbers show in applications, only the last four digits must be visible.

• Tax numbers must be visible only to specific users.

What should you use for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 237

Open question ↗

You have an Azure subscription that contains a storage account named storage1 and an Azure Synapse Analytics dedicated SQL pool. The storage1 account contains a CSV file that requires an account key for access.

You plan to read the contents of the CSV file by using an external table.

You need to create an external data source for the external table.

What should you create first?

A.a database role
B.a database scoped credential
C.a database view
D.an external file format

Question 238

Open question ↗

You have a tenant in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. The tenant contains a group named Group1.

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that members of Group1 can read CSV files from storage1 by using the OPENROWSET function. The solution must meet the following requirements:

• The members of Group1 must use credential1 to access storage1.

• The principle of least privilege must be followed.

Which permission should you grant to Group1?

A.EXECUTE
B.CONTROL
C.REFERENCES
D.SELECT

Question 239

Open question ↗

You have an Azure subscription that contains an Azure Data Lake Storage account named dl1 and an Azure Analytics Synapse workspace named workspace1.

You need to query the data in dl1 by using an Apache Spark pool named Pool1 in workspace1. The solution must ensure that the data is accessible Pool1.

Which two actions achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct answer is worth one point.

A.Implement Azure Synapse Link.
B.Load the data to the primary storage account of workspace1.
C.From workspace1, create a linked service for the dl1.
D.From Microsoft Purview, register dl1 as a data source.

Question 240

Open question ↗

You have a Microsoft Entra tenant.

The tenant contains an Azure Data Lake Storage Gen2 account named storage1 that has two containers named fs1 and fs2.

You have a Microsoft Entra group named DepartmentA.

You need to meet the following requirements:

• DepartmentA must be able to read, write, and list all the files in fs1.

• DepartmentA must be prevented from accessing any files in fs2.

• The solution must use the principle of least privilege.

Which role should you assign to DepartmentA?

A.Contributor for fs1
B.Storage Blob Data Owner for fs1
C.Storage Blob Data Contributor for storage1
D.Storage Blob Data Contributor for fs1