Microsoft Azure Administrator Associate AZ-104 Practice Question
You need to provide temporary, secure access to specific blobs in a storage account to external users without sharing your storage account keys. Which method should you use to achieve this?
Assign the users to a role with read permissions using Azure RBAC
Configure blob soft delete for the storage account
Generate a Shared Access Signature (SAS) token for the blobs
Provide the users with the storage account access keys
Generating a Shared Access Signature (SAS) token allows you to grant limited access to resources in your storage account without exposing your account keys. SAS tokens can be scoped to specific resources, permissions, and time frames, providing secure, temporary access. Assigning roles using Azure RBAC is more appropriate for internal users managed through Azure AD. Providing storage account keys grants full access to the storage account, which is insecure. Configuring blob soft delete enhances data protection but does not facilitate external access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Shared Access Signature (SAS) token?
Open an interactive chat with Bash
What are the permissions that can be assigned through a SAS token?
Open an interactive chat with Bash
What are the differences between Azure RBAC and SAS tokens for access control?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access