Exam AI-103 Topic 1 Question 56 Discussion
Actual exam question for Microsoft's AI-103 exam
Question #: 56
Topic #: 1
Question #: 56
Topic #: 1
You have a Microsoft Foundry project that contains a customer support agent built by using the Foundry Agent Service.
The agent uploads user-provided screenshots to Azure Storage through a ticketing tool and receives a blob URL for additional reasoning.
You need to use image moderation during agent runs and prevent harmful content from being returned during runs. Azure Al Content Safety must access the images by using the blob URL. The solution must follow the principle of least privilege.
What should you configure for Content Safety? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The agent uploads user-provided screenshots to Azure Storage through a ticketing tool and receives a blob URL for additional reasoning.
You need to use image moderation during agent runs and prevent harmful content from being returned during runs. Azure Al Content Safety must access the images by using the blob URL. The solution must follow the principle of least privilege.
What should you configure for Content Safety? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Suggested Answer:
Explanation:
Guardrails: Select User input, Output, Tool response, and Tool call and set Action to Block.
Storage access: A system-assigned managed identity that is assigned the Storage Blob Data Contributor role The guardrail must be applied to User input, Output, Tool response, and Tool call with the action set to Block . Microsoft Foundry guardrails support four intervention points: user input, tool call, tool response, and output. This scenario includes user-provided screenshots, a ticketing tool that uploads images and returns blob URLs, and final agent responses. Applying blocking controls at all four points ensures harmful image-related content is inspected throughout the agent run and prevented from continuing or being returned to the user.
Microsoft's guardrails guidance also states that tool call and tool response controls are specifically required when harmful content can pass through agent tools.
For storage, configure the Azure AI Content Safety resource with a system-assigned managed identity and grant it Storage Blob Data Contributor on the storage account or container. The Content Safety image moderation quickstart states that images can be supplied by blob storage URL and that the Content Safety resource must be given storage access by enabling its system-assigned managed identity and assigning Storage Blob Data Contributor or Owner; Contributor is the least-privileged valid option shown. Reference topics: Foundry guardrails, agent intervention points, image moderation, managed identity, and Azure Storage RBAC.
by Page at Jun 23, 2026, 03:54 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).