ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 80 discussion

Actual exam question from Microsoft's AZ-104
Question #: 80
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a storage account named storage1.

You need to configure a shared access signature (SAS) to ensure that users can only download blobs securely by name.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct answer is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by CarlosMarin at Aug. 31, 2023, 5:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Spoon3r
Highly Voted 1 year, 5 months ago
Configure the SAS token settings: Allowed services: Blob (since you want to access blobs). Allowed resource types: Service (if you want users to access all blobs within a container) or Object (if you want users to access a specific blob by name). Allowed permissions: Set to "Read" to allow downloading. Specify the start and expiry date for the token. If you're using a shared access policy, you can select it here. Otherwise, configure the SAS token directly.
upvoted 49 times
Rafi786_khan
1 year, 2 months ago
Thanks! Great explanation.
upvoted 1 times
...
...
CarlosMarin
Highly Voted 1 year, 6 months ago
This question was in my exam on 31/08/2023.
upvoted 18 times
...
Bravo_Dravel
Most Recent 1 month ago
Answer: Object & Read
upvoted 1 times
...
Abhisk127
1 month, 1 week ago
This question was there on exam today:23/01/2025 Box1 Allowed resource types: Object (you want users to access a specific blob by name) Box2 Allowed permissions: Read (to allow downloading)
upvoted 2 times
...
[Removed]
6 months ago
CORRECT
upvoted 2 times
...
tashakori
1 year ago
Correct
upvoted 1 times
...
mcclane654
1 year, 1 month ago
Solution is correct Object and read. Tested in lab. uploaded file to blob container. Copied url to file created SAS. when going to the url in incognito it says file does not exsist. when adding SAS token. content of file appears
upvoted 5 times
...
[Removed]
1 year, 2 months ago
I have tested this in my lab and with the given options you can't connect to the storage account using the SAS token. If you enable just Container, Object, Read, when you try to use the token you get the following error: The SAS cannot be used to connect to a storage account. An account SAS with at least service-level access ('srt=s') is required.
upvoted 2 times
[Removed]
1 year, 2 months ago
If you enable Object, Read, List you get The SAS has inadequate permissions. An account SAS with at least List permission ('sp=l') is required. If you enable Service, Object, Read, List, you can connect to the storage account but you can't see anything in the container, there is no data. If you enable Service, Container, Read, List, you can connect to the storage account and see the blobs but you cannot download them.
upvoted 2 times
[Removed]
1 year, 2 months ago
So what you actually need for this to work, is: Allowed Services: Blob Allowed Resource Types: Service, Container, Object Allowed Permissions: Read, List Make of this what you will but if this question came in my exam I would simply treat it as "which settings should you enable FIRST" and choose Service, Container, Object as without these the Allowed permissions make no difference. There is also the possibility of just enabling Read/List access on the container itself via SAS tokens and that would be better in this case, but the screenshot in the question is from generating a SAS token at the storage account level, the container level SAS view looks different.
upvoted 3 times
...
...
...
BIOKU
1 year, 4 months ago
Permissions: Set the permissions to "Read." This allows users to read (download) blobs from the storage account securely. By setting this permission, users will only be able to download blobs and cannot perform other operations like uploading, deleting, or listing blobs. Resource Type: Set the resource type to "Object (Blobs)." This ensures that the SAS token is only applicable to blobs within the storage account. It restricts the access to blobs, specifically by name, rather than granting access to other types of resources in the storage account like containers or queues.
upvoted 4 times
...
EzBL
1 year, 5 months ago
Allowed resources types: Objects (access by name) Allowed Permissions: Read (you need download) and List (you need to see the object to read it)
upvoted 6 times
...
kzlo2
1 year, 5 months ago
Box1 Allowed resource types: Object (you want users to access a specific blob by name) Box2 Allowed permissions: Read (to allow downloading)
upvoted 5 times
...
Vokuhila
1 year, 6 months ago
Resource type: Object : "Use a read-only SAS when possible. If a user needs only read access to a single object, then grant them read access to that single object, and not read/write/delete access to all objects. " https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview It is not mentioned that the data will be overwritten, only downloaded, so Read seems to be the correct setting
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago