You manage a collection of large video files that is stored in an Azure Storage account.A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the user no longer needs
it.
What should you do?
A.
Give the user the secondary key for the storage account. Once the user is done with the file, regenerate the
secondary key.
B.
Create an Ad-Hoc Shared Access Signature for the Blob resource. Set the Shared Access Signature to
expire in seven days.
C.
Create an access policy on the container. Give the external user a Shared Access Signature for the blob by
using the policy. Once the user is done with the file, delete the policy.
D.
Create an access policy on the blob. Give the external user access by using the policy. Once the user is
done with the file, delete the policy.
Explanation:
See 3) below.
By default, only the owner of the storage account may access blobs, tables, and queues within that account. If
your service or application needs to make these resources available to other clients without sharing your
access key, you have the following options for permitting access:https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
why not “B.
Create an Ad-Hoc Shared Access Signature for the Blob resource. Set the Shared Access Signature to
expire in seven days.”
0
0
you can use B, however there’s no “Once the user is done with the file, delete the policy.” in B.
Means the share will still there for 7 days, what if user just need it for 2 days?
0
0
You can’t revoke a SAS – only a policy. The correct answer is D.
0
0
I believe it is B:
“A SAS gives you granular control over the type of access you grant to clients who have the SAS, including:
The interval over which the SAS is valid, including the start time and the expiry time.” Source: https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
You don’t have to revoke the SAS, it has an expiration date that you can set.
0
0
Blob doesn’t support stored access policies, but Blob Container does.
0
0
The answer is B. “You need to allow the user access only to the video file.”
A policy cannot be applied only to the file blob, it applies to a container.
“User needs access within 7 days.”
The ad-hoc SAS can be given an expiry time of 7 days. Then access is automatically revoked. It is correct however that it cannot be revoked before the 7 days after it is created.
https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1
0
0
B:
Shared Access Signatures
There are two forms of Shared Access Signatures:
Ad hoc: The start time, expiry time, and permissions for the SAS are all specified on the SAS URI.
0
0
ad hoc SAS can only be revoked by changing the storage account key. You don’t want to change the storage account key to revoke a simple SAS, do you?
0
0
It’s C. Access policy can only be applied to containers. https://docs.microsoft.com/en-us/rest/api/storageservices/establishing-a-stored-access-policy
Note
Note that a stored access policy on a container can be associated with a shared access signature granting permissions to the container itself or to the blobs it contains. Similarly, a stored access policy on a file share can be associated with a shared access signature granting permissions to the share itself or to the files it contains.
Stored access policies are currently not supported for account SAS.
1
0
What’s more, part of new 243Q 70-533 dumps for your reference:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!
0
0