Microsoft Azure Administrator Associate AZ-104 Practice Question
You manage an Azure Storage account containing confidential data. You need to grant temporary access with write permissions to a container for an external vendor. The access should be revocable before its expiration without affecting other users. What should you do to meet these requirements?
Change the container's access level to public and share the container's URI.
Create a shared access signature token linked to a stored access policy and provide it to the vendor.
Generate a user delegation SAS token with write permissions and share it with the vendor.
Creating a shared access signature (SAS) token linked to a stored access policy allows you to grant temporary access to the vendor and manage it centrally. By associating the SAS with a stored access policy, you can revoke the access by modifying or deleting the policy before its expiration without impacting other users. Sharing the storage account key compromises security and revoking it would affect all services using that key. Generating a user delegation SAS does not offer a way to revoke access before expiration without regenerating keys, which could disrupt other users. Changing the container's access level to public exposes your data to anyone with the URI, which is not secure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Shared Access Signature (SAS) token in Azure?
Open an interactive chat with Bash
What is a stored access policy and how does it work with SAS tokens?
Open an interactive chat with Bash
Why is it insecure to share the storage account key?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access