You manage a data processing application that receives requests from an Azure Storage queue.
You need to manage access to the queue. You have the following requirements:
✑ Provide other applications access to the Azure queue.
✑ Ensure that you can revoke access to the queue without having to regenerate the storage account keys.
✑ Specify access at the queue level and not at the storage account level.
Which type of shared access signature (SAS) should you use?

A. Service SAS with a stored access policy

B. Account SAS

C. User Delegation SAS

D. Service SAS with ad hoc SAS








 

Suggested Answer: A

A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage,
Queue storage, Table storage, or Azure Files.
Stored access policies give you the option to revoke permissions for a service SAS without having to regenerate the storage account keys.
Incorrect Answers:
Account SAS: Account SAS is specified at the account level. It is secured with the storage account key.
User Delegation SAS: A user delegation SAS applies to Blob storage only.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

This question is in AZ-204: Developing Solutions for Microsoft Azure Exam
For getting Microsoft Azure Developer Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.