You need to recommend a security solution for containers in Azure Blob storage. The solution must ensure that only read permissions are granted to a specific user for a specific container. What should you include in the recommendation?

QuestionsCategory: DP-201You need to recommend a security solution for containers in Azure Blob storage. The solution must ensure that only read permissions are granted to a specific user for a specific container. What should you include in the recommendation?
Admin Staff asked 4 months ago
You need to recommend a security solution for containers in Azure Blob storage. The solution must ensure that only read permissions are granted to a specific user for a specific container.
What should you include in the recommendation?

A. shared access signatures (SAS)

B. an RBAC role in Azure Active Directory (Azure AD)

C. public read access for blobs only

D. access keys








 

Suggested Answer: A

You can delegate access to read, write, and delete operations on blob containers, tables, queues, and file shares that are not permitted with a service SAS.
Note: A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data.
With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Incorrect Answers:
C: You can enable anonymous, public read access to a container and its blobs in Azure Blob storage. By doing so, you can grant read-only access to these resources without sharing your account key, and without requiring a shared access signature (SAS).
Public read access is best for scenarios where you want certain blobs to always be available for anonymous read access.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

This question is in DP-201 Designing an Azure Data Solution Exam
For getting Microsoft Certified: Azure Data Engineer Associate Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.