Microsoft Azure Administrator Associate AZ-104 Practice Question
As an Azure Administrator, you need to provide temporary read access to a blob container for a set of clients. You also want the ability to revoke that access immediately if needed, without regenerating the storage account keys. What should you configure to meet these requirements?
Generate a SAS token with an expiration time directly on the blob container
Enable anonymous access on the blob container
Create a shared access signature (SAS) with a stored access policy on the blob container
Use Azure Key Vault to manage keys for the blob container
Creating a shared access signature (SAS) with a stored access policy on the blob container allows you to grant temporary access that can be revoked by modifying or deleting the policy. This method provides flexibility and control over access without impacting the storage account keys or requiring changes to each individual SAS token. Generating a SAS token without an associated stored access policy does not allow you to revoke the token once it's issued. Enabling anonymous access would make the container publicly accessible, which is insecure and does not meet the requirement of controlled, temporary access. Using Azure Key Vault manages keys but does not provide a mechanism for issuing and revoking SAS tokens for temporary access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a shared access signature (SAS) in Azure?
Open an interactive chat with Bash
What is a stored access policy and how does it work with SAS?
Open an interactive chat with Bash
Why shouldn't I enable anonymous access for a blob container?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access