Exam AZ-204 topic 4 question 29 discussion

Given answer is incorrect. Correct answers are A , D https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#revoke-a-user-delegation-sas

Answer seems correct. A: Use az storage account revoke-delegation-keys command. B: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Reference: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/storage-blob-user-delegation-sas-create-cli.md https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modifying-or-revoking-a-stored-access-policy https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_revoke_delegation_keys

If you believe that a SAS has been compromised, you should revoke it. You can revoke a user delegation SAS either by revoking the user delegation key, or by changing or removing RBAC role assignments for the security principal that's used to create the SAS.

Revoke, Regenerate

May be A and C

Guis A and C . The role assignments are not directly linked to SAS (Shared Access Signature) tokens in Blob Storage. Removing a role wouldn't invalidate a SAS token

A,C When dealing with a compromised user delegation SAS token in Azure Blob storage, you can take the following actions: A. Revoke the delegation key: User delegation SAS tokens are generated based on a delegation key. Revoking the delegation key would invalidate any tokens generated with that key. C. Regenerate the account key: Regenerating the account key would effectively invalidate all SAS tokens, including user delegation SAS tokens, associated with the storage account. This is a more drastic measure and should be carefully considered, as it affects all tokens, not just the compromised one. Therefore, the correct answers are A (Revoke the delegation key) and C (Regenerate the account key).

A. Revoke the Delegation Key Approach: By revoking the user delegation key used to create the SAS token, you can effectively invalidate the SAS token. Feasibility: Azure Blob Storage allows you to revoke user delegation keys, which will invalidate any SAS tokens created with them. Effectiveness: This is a direct way to revoke a compromised User Delegation SAS token. D. Remove the Role Assignment for the Security Principle Approach: This involves removing the Azure AD role assignment that grants permissions to the user or service principal associated with the SAS token. Feasibility: By removing or altering the role assignment in Azure AD, you can effectively revoke access permissions that the SAS token grants. Effectiveness: This can be an effective way to revoke access, though it may be broader than just invalidating a specific SAS token.

A and D!

Question was on exam 2023-09-26

If you believe that a SAS has been compromised, you should revoke it. You can revoke a user delegation SAS either by revoking the user delegation key, or by changing or removing RBAC role assignments for the security principal that's used to create the SAS. https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas

C By regenerating the you make the prevues key unusable why isn't that right

https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy cannot be B as per this link..not supporeted

Correct answers A and D

If you believe that a SAS has been compromised, then you should revoke the SAS. You can revoke a user delegation SAS either by revoking the user delegation key, or by changing or removing RBAC role assignments for the security principal used to create the SAS.

Can we pass the exam just by studying questions tilll Page 22? I don't have contributor access and can't afford right now.

A & D for sure