Microsoft Azure Security Engineer Associate AZ-500 Practice Question
An Azure Storage account hosts several blob containers, including a new container named appdata. Members of the DevTeam Microsoft Entra group must be able to upload, download, and list blobs only in appdata. They must not see other containers or manage storage account settings. You decide to use Azure role-based access control (Azure RBAC), not shared access signatures. What should you do to meet the requirement?
Assign the built-in role Storage Blob Data Contributor to the DevTeam group with scope set to the appdata container.
Assign the built-in role Storage Blob Data Contributor to the DevTeam group at the storage account scope.
Create a stored access policy on appdata and generate a user delegation SAS for the DevTeam group.
Assign the built-in role Storage Account Contributor to the DevTeam group at the resource group scope.
The Storage Blob Data Contributor built-in role grants read, write, and delete permissions for blob data without allowing management of the storage account or its keys. When the role is assigned at the container scope (in this case, the appdata container), the permissions apply only inside that container, so DevTeam members cannot view or access other containers in the same storage account.
Assigning the same role at the storage account scope would expose every container. The Storage Account Contributor role adds management capabilities and therefore exceeds the requirement. A stored access policy and user delegation SAS would work for granting data access but the scenario explicitly requires Azure RBAC, so it does not satisfy the condition.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Azure RBAC and how does it work?
Open an interactive chat with Bash
What permissions does the Storage Blob Data Contributor role grant?
Open an interactive chat with Bash
What is the difference between container scope and storage account scope in Azure RBAC?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .