You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the
Cosmos DB databases.
What should you include in the recommendation?
A . a resource token and an Access control (IAM) role assignment
B . shared access signatures (SAS) and conditional access policies
C . master keys and Azure Information Protection policies
D . certificates and Azure Key Vault
Answer: A
Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control