Exam AZ-500 topic 2 question 1 discussion

I believe the correct answer to this is "No". You can up to 5 access policies on an object. Creating a new one doesn't revoke the old one. To revoke a stored access policy, you can delete it, rename it by changing the signed identifier, or change the expiry time to a value in the past. Nowhere in the documentation does it say creating a new one revokes the old one.

Answer "Yes" is correct. You can find explanation in the article: https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy "A stored access policy provides an additional level of control over service-level shared access signatures (SAS) on the server side. Establishing a stored access policy serves to group shared access signatures and to provide additional restrictions for signatures that are bound by the policy. You can use a stored access policy to change the start time, expiry time, or permissions for a signature, or to revoke it after it has been issued."

Answer: B, No Reason: Creating a new stored access policy doesn't revoke existing SAS tokens or access. To revoke all access, you need to regenerate the storage account keys, which will invalidate all existing SAS tokens regardless of their policies. Reference: https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage

I believe the correct answer to this is "No". You can up to 5 access policies on an object. Creating a new one doesn't revoke the old one. To revoke a stored access policy, you can delete it, rename it by changing the signed identifier, or change the expiry time to a value in the past. Nowhere in the documentation does it say creating a new one revokes the old one.

No, creating a new stored access policy alone does not meet the goal. To revoke all access to the storage account (sa1), you need to delete or modify the existing stored access policies associated with the shared access signatures (SAS). When you delete or change an existing stored access policy, all SAS tokens associated with that policy will be immediately invalidated, effectively revoking access. Creating a new stored access policy does not impact existing SAS tokens, so it will not revoke access for unauthorized users who have valid SAS tokens linked to the current policies. To revoke all access effectively, you should either: Delete the existing stored access policies linked to the SAS tokens, or Rotate the account keys for sa1, which will invalidate all SAS tokens associated with those keys. Therefore, the correct action would be to delete or modify the existing stored access policies or rotate the storage account keys.

this question was in exam 19/07/2024

In exam 1/28/24

The question was given on the October 9, 2023 exam.

B is correct answer.

No, creating a new stored access policy does not meet the goal of revoking all access to the Azure Storage account. A stored access policy is used to define a set of constraints and permissions for shared access signatures (SAS) to the resources in the storage account. Creating a new stored access policy does not automatically revoke existing access.

B is the answer. https://learn.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modify-or-revoke-a-stored-access-policy To revoke a stored access policy, you can delete it, rename it by changing the signed identifier, or change the expiry time to a value in the past. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Changing the expiry time to a value in the past causes any associated signatures to expire. Deleting or modifying the stored access policy immediately affects all of the shared access signatures associated with it.

Exam.6 case studies. 3 true/false questions. 47 multiple questions and no simulations. Alot of new questions thats not up here

In exam April 11, 2023

B. NO is correct answer

In Exam 10/18/2022. One case study, no lab.

# In EXAM - 01-Oct-2022

In Exam 08/29/22