Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 80 discussion

Actual exam question from Microsoft's AZ-104
Question #: 80
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a storage account named storage1.

You need to configure a shared access signature (SAS) to ensure that users can only download blobs securely by name.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct answer is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by CarlosMarin at Aug. 31, 2023, 5:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Spoon3r
Highly Voted 1 year, 1 month ago
Configure the SAS token settings: Allowed services: Blob (since you want to access blobs). Allowed resource types: Service (if you want users to access all blobs within a container) or Object (if you want users to access a specific blob by name). Allowed permissions: Set to "Read" to allow downloading. Specify the start and expiry date for the token. If you're using a shared access policy, you can select it here. Otherwise, configure the SAS token directly.
upvoted 39 times
Rafi786_khan
9 months, 3 weeks ago
Thanks! Great explanation.
upvoted 1 times
...
...
CarlosMarin
Highly Voted 1 year, 1 month ago
This question was in my exam on 31/08/2023.
upvoted 18 times
sssishod
1 year, 1 month ago
what's the right answer, also did you pass it?
upvoted 2 times
sebadito
1 year, 1 month ago
asking the same. i'll perform 2nd chance on wednesday 6th of sept.
upvoted 7 times
...
...
...
SeMo0o0o0o
Most Recent 1 month ago
CORRECT
upvoted 1 times
...
tashakori
7 months, 1 week ago
Correct
upvoted 1 times
...
mcclane654
8 months, 1 week ago
Solution is correct Object and read. Tested in lab. uploaded file to blob container. Copied url to file created SAS. when going to the url in incognito it says file does not exsist. when adding SAS token. content of file appears
upvoted 5 times
...
[Removed]
9 months, 1 week ago
I have tested this in my lab and with the given options you can't connect to the storage account using the SAS token. If you enable just Container, Object, Read, when you try to use the token you get the following error: The SAS cannot be used to connect to a storage account. An account SAS with at least service-level access ('srt=s') is required.
upvoted 2 times
[Removed]
9 months, 1 week ago
If you enable Object, Read, List you get The SAS has inadequate permissions. An account SAS with at least List permission ('sp=l') is required. If you enable Service, Object, Read, List, you can connect to the storage account but you can't see anything in the container, there is no data. If you enable Service, Container, Read, List, you can connect to the storage account and see the blobs but you cannot download them.
upvoted 2 times
[Removed]
9 months, 1 week ago
So what you actually need for this to work, is: Allowed Services: Blob Allowed Resource Types: Service, Container, Object Allowed Permissions: Read, List Make of this what you will but if this question came in my exam I would simply treat it as "which settings should you enable FIRST" and choose Service, Container, Object as without these the Allowed permissions make no difference. There is also the possibility of just enabling Read/List access on the container itself via SAS tokens and that would be better in this case, but the screenshot in the question is from generating a SAS token at the storage account level, the container level SAS view looks different.
upvoted 3 times
...
...
...
BIOKU
11 months, 3 weeks ago
Permissions: Set the permissions to "Read." This allows users to read (download) blobs from the storage account securely. By setting this permission, users will only be able to download blobs and cannot perform other operations like uploading, deleting, or listing blobs. Resource Type: Set the resource type to "Object (Blobs)." This ensures that the SAS token is only applicable to blobs within the storage account. It restricts the access to blobs, specifically by name, rather than granting access to other types of resources in the storage account like containers or queues.
upvoted 4 times
...
EzBL
1 year ago
Allowed resources types: Objects (access by name) Allowed Permissions: Read (you need download) and List (you need to see the object to read it)
upvoted 6 times
...
kzlo2
1 year ago
Box1 Allowed resource types: Object (you want users to access a specific blob by name) Box2 Allowed permissions: Read (to allow downloading)
upvoted 5 times
...
Vokuhila
1 year, 1 month ago
Resource type: Object : "Use a read-only SAS when possible. If a user needs only read access to a single object, then grant them read access to that single object, and not read/write/delete access to all objects. " https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview It is not mentioned that the data will be overwritten, only downloaded, so Read seems to be the correct setting
upvoted 6 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel