You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the
user no longer needs it.
What should you do?
A.
Give the user the secondary key for the storage account. Once the user is done with the
file, regenerate the secondary key.
B.
Create an Ad-Hoc Shared Access Signature for the Blob resource. Set the Shared
Access Signature to expire in seven days.
C.
Create an access policy on the container. Give the external user a Shared Access
Signature for the blob by using the policy. Once the user is done with the file, delete the
policy.
D.
Create an access policy on the blob. Give the external user access by using the policy.
Once the user is done with the file, delete the policy.
Explanation:
Ref: http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-sharedaccesssignature-part-1/
Ans is B
“When you create an ad hoc SAS, the start time, expiry time, and permissions for the SAS are all specified on the SAS URI (or implied, in the case where start time is omitted). This type of SAS may be created on a container, blob, table, or queue.”
http://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-shared-access-signature-part-1/
0
0
Agree
0
0
B +1
0
0
Agreed, B is the correct answer.
0
0
Hi pras, can u help me with 70-553. AìHave u updated exam files?
0
0
i think its C
0
0
Joni Can you copy me the Microsoft Azure exam 70-532 Dumps. Exam file. plz
0
0
My email Id is: ahmadrazakhan92786@gmail.com
0
0
Yes, please copy me as well with the Azure exam 70-532 dump PDF:
robertcostas@yahoo.com
Many thanks! 🙂
0
0
C is the correct answer because you should be able to revoke the access which you can not do with Ad-hoc key.
0
0
Correct.
Ad-HOC SAS will expire and cannot be revoked
SAS with stored access policy can be revoked.
see https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/ the part of “Controlling a SAS with a stored access policy”
@exam monkey; By asking for a revokation the question is asking for the manual action
0
0
The wording of this question is ambiguous. When it states that ‘You need to allow the user access only to the video file, then revoke access when they no longer need it’, it is not clear if this means you must be able to manually revoke access when the user no longer needs it (which may be less than 7 days), or that it is ok to have this done automatically after the 7 days.
If it must be done manually, then C is the correct answer as it is the only way to manually remove access. If automatic, then B is better as access will expire in 7 days without any further effort on your part.
0
0
imho, ans C provides access to the full container of video files, instead with ans B you are giving access to only that specific file.
it is clearly stated “You need to allow the user access ONLY to the video file”, so I would go for B
0
0
+1
0
0
I think C is correct.
The stored access policy allows manual revocation of the SAS, while the SAS controls access to the specific blob and can be set to expire in 7 days.
https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
0
0
C is correct.. the exam has a clue “…then revoke access once the
user no longer needs it.” B doesn’t fit this requirement.
0
0
Two key takeaways here, first it says the container is a collection of video files and user need access to only one video file.
Option C gives user access at the container level which gives access to all video files.
Since the access is needed only for one video file, the answer is B.
0
0
B. Access policies are used when you’ll need to repeatedly grant the same access (not for one-offs), and 2) you wouldn’t delete the *policy* when the user was done – you’d revoke the SAS token created using the policy.
0
0
I agree. I found here a similar answer http://ms70533.free-exams.com
0
0
The team that came up with these questions clearly didn’t think about the candidates’ mindset. They assumed that the candidates have gone so deep into implementing Azure Infrastructure solutions that they can understand the slightest difference in such non-standard features that the engineering team at MS has designed.
This is another example of a very thin and tricky line between two answers.
The link https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/ explains so many things and is probably the only resource that candidates will refer to in order to address SAS model… and it is still unclear if it should be an ‘ad-hoc SAS’ that auto expires (with no revocation step mentioned) or if it is the ‘SAS with Stored Access Policy’ that essentially does the same thing (particular Blob, not entire container level) and has an extra manual revocation step.
Grrrrrrrrrr!!!!
0
0
Got some info outside of the documentation.
Shared Access Policy cannot be applied on Blob. It can only be applied on Container. (Probably a known fact here)
Adhoc SAS key should not be applied to container. To revoke, the storage account key will need to be changed. (not needed here)
Between B & C:
B seems right because it is only needed for 7 days so it is safe to generate adhoc on blob and share SAS key. This poses one limitation. To manually revoke, you need to change the Storage Account Key. There is no other way to “revoke access once user no longer needs it”.
C sounds better because B has the revoke constraint. By generating Shared Access Policy, you can define constraints (read-only for Blob) and time limit. To revoke access, simply delete the policy.
Therefore, my vote is for C.
0
0
+1
0
0
And, you can download that new 197Q 70-533 dumps here:
https://doc.co/QdoskX
Best Regards!
0
0
Besides, part of that new 218Q 70-533 dumps for your reference:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!
0
0
What’s more, part of the new 243Q Azure 70-533 dumps are available here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!
0
0
Answer is C
0
0