Microsoft Azure Architect Design (legacy) — Question 2

Your network contains an on-premises Active Directory forest named contoso.com. The forest is synced to an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure AD Domain Services (Azure AD DS) domain named contoso-aad.com.
You have an Azure Storage account named Storage1 that contains a file share named Share1.
You configure NTFS permissions on Share1. You plan to deploy a virtual machine that will be used by several users to access Share1.
You need to ensure that the users can access Share1.
Which type virtual machine should you deploy?

Answer options

• A. a virtual machine that runs Windows Server 2016 and is joined to the contoso.com domain
• B. a virtual machine that runs Windows 10 and is joined to the contoso-add.com domain
• C. a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain
• D. an Azure virtual machine that runs Windows Server 2016 and is joined to the contoso-add.com domain

Correct answer: D

Explanation

The correct answer is D because an Azure virtual machine running Windows Server 2016 joined to the contoso-aad.com domain can effectively utilize the Azure AD Domain Services for authentication and access to Share1. Options A and C are incorrect as they do not leverage Azure AD Domain Services, while option B is not suitable since Windows 10 machines joined to the contoso-aad.com domain cannot utilize NTFS permissions set on Share1 properly.