Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 88 discussion

Actual exam question from Microsoft's AZ-104
Question #: 88
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains blobs in a container named container1.

You plan to share access to storage1.

You need to generate a shared access signature (SAS). The solution must meet the following requirements:

• Ensure that the SAS can only be used to enumerate and download blobs stored in container1.
• Use the principle of least privilege.

Which three settings should you enable? To answer, select the appropriate settings in the answer area.

Show Suggested Answer Hide Answer
Suggested Answer:
by Andreas_Czech at Nov. 2, 2023, 9:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
ggogel
Highly Voted 10 months ago
The correct answer should be: Allowed resource types: Container Allowed permissions: List and Read. Explanation: Container: "Grants access to the content and metadata of any blob in the container, and to the list of blobs in the container." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-the-signed-resource-field Specifying "Object" additionally would be redundant because it is a subset of "Container". List: "List blobs non-recursively." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-permissions Satisfies the requirement of enumeration. Read: "Read the content, blocklist, properties, and metadata of any blob in the container or directory. Use a blob as the source of a copy operation." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-permissions Satisfies the requirement of download.
upvoted 33 times
alsmk2
2 months ago
Copilot agrees with this.
upvoted 1 times
...
...
AliNadheer
Highly Voted 10 months ago
I would go with "container, read, list" container: it's the resource type we want to generate SAS for read: this will allow download List: this will allow enumeration or count/listing object: is for when you want to target a specific blob. So it's not necessary for this scenario however it was required in the previous question.
upvoted 8 times
...
SeMo0o0o0o
Most Recent 1 month ago
WRONG Container Read + List
upvoted 1 times
...
varinder82
4 months, 3 weeks ago
Correct: - Container - Read, List
upvoted 4 times
...
tashakori
7 months, 1 week ago
- Container - Read - List
upvoted 4 times
...
clg003
10 months, 3 weeks ago
I would say container and object. You need container to list and you need the object to download. You need the list option because that's the actions you want to perform on the container and you need read to download the object. https://learn.microsoft.com/en-us/answers/questions/67751/azure-sas-terms
upvoted 5 times
BluAlien
8 months ago
Tryed in lab and is exactly what happens. To do all requested operations you need container, object, read and list. So, the question is wrong.
upvoted 3 times
hahmed
5 months, 1 week ago
yes, same result, the question is wrong, to download you need read on the object. to list you need container and list.
upvoted 1 times
...
...
Alscoran
10 months, 2 weeks ago
You get to pick three, not four.
upvoted 1 times
...
clg003
10 months, 3 weeks ago
So thats... container object read list
upvoted 2 times
ki01
9 months, 3 weeks ago
still 4, buddy...
upvoted 7 times
...
...
...
PrabodhM
11 months ago
Why container? Only object should be sufficient as it is asked to enumerate all the blobs in the given container.
upvoted 3 times
Indy429
9 months, 2 weeks ago
Because if there’s more containers, you would be able to read those too, and since it's principle of least privilege, container has to be selected.
upvoted 2 times
edurakhan
4 months ago
we don't care about other containers. The question is about container1
upvoted 1 times
...
...
...
Andreas_Czech
11 months, 1 week ago
From the Internet: As far as I know, the resource type, you could regard as below: Service (s): Access to service-level APIs (e.g., Get/Set Service Properties, Get Service Stats, List Containers/Queues/Tables/Shares) Container (c): Access to container-level APIs (e.g., Create/Delete Container, Create/Delete Queue, Create/Delete Table, Create/Delete Share, List Blobs/Files and Directories) Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files(e.g. Put Blob, Query Entity, Get Messages, Create File, etc.) therefore is the answer: Container, Object, Read correct
upvoted 7 times
MatAlves
8 months, 3 weeks ago
Is it possible to enumerate with selecting "List" though?
upvoted 1 times
...
bhadrisn
9 months, 4 weeks ago
@ggogel - i would agree to this as Container, object and read correct. Allowed permission of list is not needed, as when you specify service container, you get the list option of listing the blobs. and for download you select read option Reference: https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas?redirectedfrom=MSDN#blob-service
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel