Microsoft Azure Administrator Associate AZ-104 Practice Question
An application requires access to data stored in an Azure storage account. As an Azure Administrator, you need to grant this access in a secure manner without sharing the storage account's access keys. What is the BEST way to achieve this?
Provide the application with the storage account's access keys.
Enable Azure Entra ID authentication for the storage account and assign appropriate permissions to the application.
Store the access keys in Azure Key Vault and allow the application to retrieve them.
Use a Shared Access Signature (SAS) token to grant access.
Enabling Azure Entra ID authentication for the storage account and assigning appropriate permissions to the application provides secure access without using access keys. This approach uses role-based access control (RBAC), allowing fine-grained permission management and eliminating the need to handle access keys. Storing access keys in Azure Key Vault still involves distributing keys to the application, which can pose security risks. Using a Shared Access Signature (SAS) token exposes a token that could be misused if intercepted. Directly providing the access keys is insecure as it grants full access to the storage account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure Entra ID authentication?
Open an interactive chat with Bash
What is Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
What are the security risks of using Shared Access Signature (SAS) tokens?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access