You need to construct the link to the summary report for the email that is sent to users. What should you do?
A.
Create a SharedAccessBlobPolicy and add it to the containers SharedAccessPolicies. Call GetSharedAccessSignature on the blob and use the resulting link.
B.
Create a SharedAccessAccountPolicy and call GetSharedAccessSignature on storage account and use the resulting link.
C.
Create a SharedAccessBlobPolicy and set the expiry time to two weeks from today. Call GetSharedAccessSignature on the blob and use the resulting link.
D.
Create a SharedAccessBlobPolicy and set the expiry time to two weeks from today. Call GetSharedAccessSignature on the container and use the resulting link.
Suggested Answer:D🗳️
Scenario: Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user. Create a stored access policy to manage signatures on a container's resources, and then generate the shared access signature on the container, setting the constraints directly on the signature. Code example: Add a method that generates the shared access signature for the container and returns the signature URI. static string GetContainerSasUri(CloudBlobContainer container) { //Set the expiry time and permissions for the container. //In this case no start time is specified, so the shared access signature becomes valid immediately. SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy(); sasConstraints.SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(24); sasConstraints.Permissions = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Write; //Generate the shared access signature on the container, setting the constraints directly on the signature. string sasContainerToken = container.GetSharedAccessSignature(sasConstraints); //Return the URI string for the container, including the SAS token. return container.Uri + sasContainerToken; } Incorrect Answers: C: Call GetSharedAccessSignature on the container, not on the blob. References: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-dotnet-shared-access-signature-part-2
correct ans:
C. Create a SharedAccessBlobPolicy and set the expiry time to two weeks from today. Call GetSharedAccessSignature on the blob and use the resulting link.
It should be A and use a stored access policy.
"In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system."
https://docs.microsoft.com/en-us/azure/storage/common/storage-stored-access-policy-define-dotnet
But the same article states: "Stored access policies are supported for a service SAS only. Stored access policies are not supported for account SAS or user delegation SAS."
Therefore it can't be used here
D is correct I think.
"In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system."
- So that we can revoke in one go. 2 weeks is also good for security.
Ans A is correct.
The second way to create an SAS URI is to set up a stored access policy for the container and specify a name, start time, expiration time, permissions, etc. Then when you need an SAS URI, you can create it and specify the name of the stored access policy instead of all of the parameters required on the ad hoc version of the URI. The information will be retrieved from the stored access policy when authorization takes place. Also, unlike with the adhoc SAS URI, if you want to revoke access, you can simply change the stored access policy and all SAS URI’s that inherited from that stored access policy will immediately be modified; this is preferable to changing the storage account key!
https://www.red-gate.com/simple-talk/cloud/platform-as-a-service/azure-blob-storage-part-9-shared-access-signatures/
Not really. You can create a SAS for a container or a blob - https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-service-sas-create-dotnet
So blob or container? It is actually depending on the requirement - for this question, the requirement is for the blob. Plus, we need to be able to revoke it if something goes wrong.
So answer is A.
Agree, It should be C.
The access should be on Blob which is the receipt user uploaded.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.AZ-203 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
shanky_007
Highly Voted 5 years, 6 months agojw_duke
4 years, 11 months agocbn
4 years, 4 months agoPhantom88
Highly Voted 5 years, 1 month agolau13
5 years, 1 month agoall_nicks_are_taken
5 years, 1 month agoPhantom88
5 years agoAzurite
Most Recent 4 years, 3 months agoxewebikezsevysqduv
4 years, 9 months agoMike8
4 years, 10 months agoChilred
4 years, 5 months agoankitsingh12
5 years, 1 month agovova12345
5 years, 1 month ago[Removed]
5 years, 2 months agoWilsonShen
5 years, 2 months agojandayranl
5 years, 4 months agojnlhj
5 years, 1 month agolau13
5 years, 1 month agoKhang
5 years, 4 months agorrongcheng
4 years, 11 months ago