Microsoft Azure Administrator Associate AZ-104 Practice Question
Your company needs to grant temporary access to external users to download blobs from a private container in Azure Blob Storage. The access should be time-limited and should be possible to revoke without regenerating the storage account keys or affecting other users. What is the best method to achieve this?
Generate ad-hoc shared access signatures (SAS) for the blobs.
Enable anonymous access on the storage account.
Generate shared access signatures (SAS) tied to a stored access policy.
Set the container's public access level to 'Blob'.
By generating shared access signatures (SAS) tied to a stored access policy, you can provide time-limited access to external users and have the ability to revoke their access by modifying or deleting the stored access policy without impacting the storage account keys or other users. Ad-hoc SAS tokens cannot be revoked without regenerating the storage account keys, which can disrupt other services and users relying on those keys. Setting the container's public access level to 'Blob' would make the blobs publicly accessible to anyone, which does not meet the requirement for controlled access. Enabling anonymous access on the storage account is not a supported feature and would not provide the necessary security controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a stored access policy in Azure Blob Storage?
Open an interactive chat with Bash
How do shared access signatures (SAS) work in Azure?
Open an interactive chat with Bash
What are the security implications of setting a container's public access level to 'Blob'?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access