Question 49 of 247 from exam AZ-104: Microsoft Azure Administrator

Question 49 of 247 from exam AZ-104: Microsoft Azure Administrator

Prev Question Next Question

Question

HOTSPOT -

You have an Azure Storage account named storage1.

You have an Azure Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.

You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:

-> Minimize the number of secrets used.

-> Ensure that App2 can only read from storage1 for the next 30 days.

What should you configure in storage1 for each app? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Explanations

App1: Access keys -

App2: Shared access signature (SAS)

A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a

SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Prev Question Next Question