Crucial Exams

Microsoft Azure Security Engineer Associate AZ-500 Practice Question

An Azure Storage account hosts several blob containers, including a new container named appdata. Members of the DevTeam Microsoft Entra group must be able to upload, download, and list blobs only in appdata. They must not see other containers or manage storage account settings. You decide to use Azure role-based access control (Azure RBAC), not shared access signatures. What should you do to meet the requirement?

  • Assign the built-in role Storage Account Contributor to the DevTeam group at the resource group scope.

  • Assign the built-in role Storage Blob Data Contributor to the DevTeam group at the storage account scope.

  • Assign the built-in role Storage Blob Data Contributor to the DevTeam group with scope set to the appdata container.

  • Create a stored access policy on appdata and generate a user delegation SAS for the DevTeam group.

Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot