ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 3 question 88 discussion

Actual exam question from Microsoft's AZ-104
Question #: 88
Topic #: 3
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a storage account named storage1. The storage1 account contains blobs in a container named container1.

You plan to share access to storage1.

You need to generate a shared access signature (SAS). The solution must meet the following requirements:

• Ensure that the SAS can only be used to enumerate and download blobs stored in container1.
• Use the principle of least privilege.

Which three settings should you enable? To answer, select the appropriate settings in the answer area.

Show Suggested Answer Hide Answer
Suggested Answer:
by Andreas_Czech at Nov. 2, 2023, 9:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ggogel
Highly Voted 1 year, 2 months ago
The correct answer should be: Allowed resource types: Container Allowed permissions: List and Read. Explanation: Container: "Grants access to the content and metadata of any blob in the container, and to the list of blobs in the container." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-the-signed-resource-field Specifying "Object" additionally would be redundant because it is a subset of "Container". List: "List blobs non-recursively." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-permissions Satisfies the requirement of enumeration. Read: "Read the content, blocklist, properties, and metadata of any blob in the container or directory. Use a blob as the source of a copy operation." Source: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#specify-permissions Satisfies the requirement of download.
upvoted 37 times
marerad
4 months, 3 weeks ago
I have tested also and you are right. I did not know that only way to interact usins SAS is through powershell.. At least I was able to do it only like that... and using commands: Install-Module -Name Az -AllowClobber -Scope CurrentUser Connect-AzAccount "$context = New-AzStorageContext -StorageAccountName $storageAccountName -SasToken $sasToken" Get-AzStorageBlob -Container $containerName -Context $context Get-AzStorageBlobContent -Container $containerName -Blob "cenik-octavia.pdf" -Destination $destinationPath -Context $cont ext So when you have all other prereqs set for using commands and storage account created, you can test it using those commands... So there wont be any confusion left for you..
upvoted 1 times
...
alsmk2
7 months ago
Copilot agrees with this.
upvoted 1 times
...
...
AliNadheer
Highly Voted 1 year, 2 months ago
I would go with "container, read, list" container: it's the resource type we want to generate SAS for read: this will allow download List: this will allow enumeration or count/listing object: is for when you want to target a specific blob. So it's not necessary for this scenario however it was required in the previous question.
upvoted 11 times
...
[Removed]
Most Recent 6 months ago
WRONG Container Read + List
upvoted 2 times
...
varinder82
9 months, 3 weeks ago
Correct: - Container - Read, List
upvoted 4 times
...
tashakori
1 year ago
- Container - Read - List
upvoted 4 times
...
clg003
1 year, 3 months ago
I would say container and object. You need container to list and you need the object to download. You need the list option because that's the actions you want to perform on the container and you need read to download the object. https://learn.microsoft.com/en-us/answers/questions/67751/azure-sas-terms
upvoted 5 times
BluAlien
1 year, 1 month ago
Tryed in lab and is exactly what happens. To do all requested operations you need container, object, read and list. So, the question is wrong.
upvoted 3 times
hahmed
10 months ago
yes, same result, the question is wrong, to download you need read on the object. to list you need container and list.
upvoted 1 times
...
...
Alscoran
1 year, 3 months ago
You get to pick three, not four.
upvoted 1 times
...
clg003
1 year, 3 months ago
So thats... container object read list
upvoted 2 times
ki01
1 year, 2 months ago
still 4, buddy...
upvoted 9 times
...
...
...
PrabodhM
1 year, 3 months ago
Why container? Only object should be sufficient as it is asked to enumerate all the blobs in the given container.
upvoted 3 times
Indy429
1 year, 2 months ago
Because if there’s more containers, you would be able to read those too, and since it's principle of least privilege, container has to be selected.
upvoted 3 times
edurakhan
9 months ago
we don't care about other containers. The question is about container1
upvoted 1 times
...
...
...
Andreas_Czech
1 year, 4 months ago
From the Internet: As far as I know, the resource type, you could regard as below: Service (s): Access to service-level APIs (e.g., Get/Set Service Properties, Get Service Stats, List Containers/Queues/Tables/Shares) Container (c): Access to container-level APIs (e.g., Create/Delete Container, Create/Delete Queue, Create/Delete Table, Create/Delete Share, List Blobs/Files and Directories) Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files(e.g. Put Blob, Query Entity, Get Messages, Create File, etc.) therefore is the answer: Container, Object, Read correct
upvoted 7 times
MatAlves
1 year, 1 month ago
Is it possible to enumerate with selecting "List" though?
upvoted 1 times
...
bhadrisn
1 year, 2 months ago
@ggogel - i would agree to this as Container, object and read correct. Allowed permission of list is not needed, as when you specify service container, you get the list option of listing the blobs. and for download you select read option Reference: https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas?redirectedfrom=MSDN#blob-service
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago