You need to recommend a security solution to grant anonymous users permission to access the blobs in a specific container only. What should you include in the recommendation?
Suggested Answer:D🗳️
You can enable anonymous, public read access to a container and its blobs in Azure Blob storage. By doing so, you can grant read-only access to these resources without sharing your account key, and without requiring a shared access signature (SAS). Public read access is best for scenarios where you want certain blobs to always be available for anonymous read access. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources
D is right, in the container clic "Change access level" , you can choose between : private, blob , container, select blob to get "anonymous read access for blob only"
D is correct- You have to do 2 steps:
1) Enable "Allow Blob public access" for the Storage Account
2) On the selected container -> Change Access Level -> Public Access Level -must be set on Blobs or Container.
Ref: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal
Explanation
The most secure way is to use a shared access signature
A shared access signature (SAS) provides secure delegated access to resources in your storage account. With a SAS, you have granular control over how a client can access your data. For example:
What resources the client may access.
What permissions they have to those resources.
How long the SAS is valid.
Blob level access can be provided via Azure portal and folder level access can be provided via Storage Explorer
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Incorrect answers:
Access keys for the storage account - This would give access to the entire storage account
Role based access control - This is used to control permissions to the entire storage account
Public access level for the blob service - This would give access to the entire blob service and to anyone who has the storage link
I agree with D however as now Storage explorer been integrated with r Storage account, so if you open a container via storage explorer and then right click , you'll get SAS oprion too
using SAS, if given at container level, one can access all the containers in a service account, the permission is not specific to a particular container. However, this is possible with by creating a container with public access level set to 'Public access to Anonymous users'
This section is not available anymore. Please use the main Exam Page.DP-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
wyxh
Highly Voted 4 years, 12 months agocadio30
4 years ago0gorek
Highly Voted 4 years, 6 months agodavita8
Most Recent 4 years, 1 month agodavita8
4 years, 1 month agoLG5
4 years, 1 month agodpp2020
4 years, 4 months agoavix
4 years, 9 months agopassnow
4 years, 10 months agoSebK
4 years, 11 months agoAbhilvs
4 years, 11 months agoDivs123
5 years agoCertnovice
4 years, 7 months ago