Learn how to implement secure access to Azure Storage for your company’s media files with ease using shared access signatures, stored access policies, and network configuration rules, ensuring robust data protection and accessibility.
Your company uses an Azure storage account for storing large numbers of video and audio files. Containers are used to store each type of file and access is limited to those media files. Additionally, the files can only be accessed through shared access signatures.
- The company wants the ability to revoke access to the files and to change the period for which users can access the files.
- The company is planning a delegation model for Azure storage. Applications in the production environment must have unrestricted access to Azure Storage resources.
- You’re researching how to use network configuration rules, shared access signatures (SAS), and stored access policies to implement secure access to Azure Storage.
Question 1
Which solution is the easiest way to implement secure storage for the company’s media files?
A. Create a shared access signature (SAS) for each user and delete the SAS to prevent access.
B. Create stored access policies for each container to enable revocation of access or change of duration.
C. Periodically regenerate the account key to control access to the files.
Answer
B. Create stored access policies for each container to enable revocation of access or change of duration.
Explanation
The SAS changes access based on permissions or duration by replacing the stored access policy with a new one, or by deleting the stored access policy altogether to revoke access.
A is incorrect. Creating a SAS for each user involves a great amount of administrative overhead. Is there an easier alternative?
C is incorrect. Regenerating keys prevents all users from accessing all files at the same time.
Question 2
What’s the default network rule when configuring network access to an Azure storage account?
A. Allow all connections from all networks.
B. Allow all connection from a private IP address range.
C. Deny all connections from all networks.
Answer
A. Allow all connections from all networks.
Explanation
The default network rule is to allow all connections from all networks.
B is incorrect. By default, the IP address isn’t considered.
C is incorrect. All connections aren’t denied by default.
Question 3
What’s the best way to implement secure access to Azure Storage for the company’s users?
A. Use shared access signatures for the production applications.
B. Use access keys for the production applications.
C. Use stored access policies for the production applications.
Answer
B. Use access keys for the production applications.
Explanation
Access keys provide unrestricted access to the storage resources, which is the requirement for production applications in this scenario.
A is incorrect. A SAS isn’t the best solution for the production applications.
C is incorrect. Stored access policies aren’t the best solution for the production applications.
Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.