Exam-Answer

Home / Microsoft / AZ-300 / Question 47

Prev Question
Next Question

Question 47

You need to give a user temporary read and write permissions to a blob by using an ad hoc shared access signature (SAS).

Which six actions should you perform in sequence?

Answers


Advertisement

Explanation (click to expand)

You need to perform the following steps in order:

1. Open Azure Storage Explorer.

2. Connect to your Azure Storage account.

3. Create a blob container.

4. Upload the blob to the blob container.

5. Get an SAS for the blob and specify start/expiry time and permissions.

6. Use HTTPS to distribute the URL to the user.

You use Azure Storage Explorer to manage your storage account as well as upload and download blobs, files, and other resources. After you open Azure Storage Explorer, you connect to your storage account. Next, you create a blob container for the blob you will grant access to, and then you upload the blob. Blobs are always uploaded into a container so they can be more easily organized.

You generate a SAS for the blob simply by right-clicking, selecting Get Shared Access Signature, and then specifying start/expiry time and permissions. Finally, you use HTTPS to distribute the SAS to the user. Using HTTP can leave your resources vulnerable to attack.

You should not create a resource group. This is a necessary step when creating VMs in Azure, but it is not part of the procedure to create an SAS by using Azure Storage Explorer.

You should not create a stored access policy for the container. In this scenario, you are creating an ad hoc SAS, and the start time, expiry time, and permissions are specified in the SAS URI. With a stored access policy, the start time, expiry time, and permissions are defined in the policy. An SAS associated with the policy inherits those constraints.

References (click to expand)

Prev Question
Next Question

Load more