Learn how to secure Azure AI Search using custom roles to ensure app-specific query access and reduce unauthorized risks. Perfect for mastering the AI-102 certification exam!
Table of Contents
Question
Xerigon Corporation has created an Azure AI Search service named XerigonSearch. Several apps will use this service. You create private endpoints for Azure AI Search to allow clients on the virtual network to securely access data in a search index over Azure Private Link.
It would be best if you secured XerigonSearch. You must ensure the following:
Certain apps must only access specific queries.
The risk of unauthorized access must be reduced.
What should you do?
A. Use admin keys.
B. Use custom roles.
C. Use Entra ID tokens.
D. Use query keys.
Answer
B. Use custom roles.
Explanation
You would use custom roles. Azure AI Search offers support for role-based access control (RBAC) and Microsoft Entra ID authentication. You can secure search indexes and queries with RBAC or keys. With RBAC, developers can use a secure approach to controlling access to indexes and queries. You would create a custom role to provide access to a single index or to a specific Azure AI Search resource. You can define what actions an app or user can perform on an index or query. This approach reduces the risk of unauthorized access and limits access to only users who need it. With key-based authentication, you are limited to providing query-only access to an index or full admin access to the service. You cannot prevent the key from being misused.
You can use the following roles to define custom roles for data plane operations:
- Search Service Contributor – Gives full access to all data plane actions on indexes, synonym maps, indexers, data sources, and skillsets as defined by Microsoft.Search/searchServices/*. This role does not have access to index content.
- Search Index Data Contributor – Gives read/write access to search indexes.
- Search Index Data Reader – Gives read-only access to search indexes.
You would not use query keys or admin keys. Query keys only provide read-only access to the resource or service, while admin keys provide access. While it is possible to distribute keys to client applications that need to issue queries, there is no way to limit the misuse of the keys.
You would not use Entra ID tokens. These tokens are used to authenticate and authorize access to Entra ID resources. You cannot use tokens to control access to Azure AI Search indexes.
Microsoft Azure AI Engineer Associate AI-102 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Engineer Associate AI-102 exam and earn Microsoft Azure AI Engineer Associate AI-102 certification.