ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 90 discussion

Actual exam question from Microsoft's AZ-500
Question #: 90
Topic #: 4
[All AZ-500 Questions]

HOTSPOT
-

You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the following table.



In storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit.



To which resources can User1 write on July 1, 2022 by using SAS1 and key1? To answer select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by skr123 at Jan. 10, 2023, 3:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nick66
Highly Voted 2 years, 3 months ago
SAS1: folder1 KEY1: container1, folder1, table1 https://stackoverflow.com/questions/43446426/relationship-between-azure-sas-allowed-services-and-allowed-resource-types Don't think of a container mentioned there as blob container. Think of it as something that will have child elements (objects in this case). In context of blobs, container will refer to blob container which will contain blobs. In context of file service, container will refer to share which will contain files & directories. In context of table service, container will refer to table which will contain entities. In context of queue service, container will refer to queue which will contain messages.
upvoted 20 times
TheProfessor
1 year, 6 months ago
Agree with you. I think Container here is confused with Blob container
upvoted 3 times
...
Ajdlfasudfo0
2 years, 3 months ago
SAS1: folder 1 and container (that's also why it says container and not container1)
upvoted 7 times
_fvt
1 year, 9 months ago
I think it's a good point https://learn.microsoft.com/en-us/answers/questions/67751/azure-sas-terms
upvoted 1 times
...
_fvt
1 year, 8 months ago
I also suggest this MS link (after the other one I posted in my previous comment) who show in a table what operation you can do with which service*resource*permission (example "list container" operation needs Blob*Service*List) https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas#blob-service
upvoted 1 times
...
...
...
ETV
Highly Voted 2 years ago
the discussions are so confusing
upvoted 12 times
...
pentium75
Most Recent 9 months ago
Box1 - Folder1 only. ("Containers" in the context of Files refers to file shares, NOT blob containers like "container1"). Box 2 - Everything (it's the storage account key)
upvoted 3 times
...
Goke282
1 year, 2 months ago
Did anyone notice that table service is not allowed? In that case the only answer that makes sense to me is: Box1: Container and Folder1 Box2: Container and Folder1
upvoted 3 times
pentium75
9 months ago
"Table service is not allowed" for the SAS key. Has nothing to do with key1.
upvoted 1 times
...
...
wardy1983
1 year, 5 months ago
Explanation: SAS1: folder1 KEY1: container1, folder1, table1 Don't think of a container mentioned there as blob container. Think of it as something that will have child elements (objects in this case). In context of blobs, container will refer to blob container which will contain blobs. In context of file service, container will refer to share which will contain files & directories. In context of table service, container will refer to table which will contain entities. In context of queue service, container will refer to queue which will contain messages. Reference: https://stackoverflow.com/questions/43446426/relationship-between-azure-sas-allowed-services-andallowed- resource-types
upvoted 1 times
...
wardy1983
1 year, 5 months ago
SAS1: folder1 KEY1: container1, folder1, table1 Don't think of a container mentioned there as blob container. Think of it as something that will have child elements (objects in this case). In context of blobs, container will refer to blob container which will contain blobs. In context of file service, container will refer to share which will contain files & directories. In context of table service, container will refer to table which will contain entities. In context of queue service, container will refer to queue which will contain messages.
upvoted 1 times
...
[Removed]
1 year, 6 months ago
Tested in the lab SAS will only allow folder access no container access Key will allow all 3 access
upvoted 1 times
...
Pupu86
1 year, 10 months ago
SAS1: folder 1 (not testing your English here so not container) KEY1: container1, folder1 and table1
upvoted 1 times
...
zellck
2 years ago
SAS1: folder only Key1: container1, folder1 and table1 https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#protect-your-access-keys Storage account access keys provide full access to the configuration of a storage account, as well as the data. Always be careful to protect your access keys.
upvoted 4 times
...
majstor86
2 years, 2 months ago
SAS1: Container and folder1 KEY1: Container1, folder1 and table1
upvoted 7 times
...
Ajdlfasudfo0
2 years, 3 months ago
Container gives the file share permissions to create/delete share
upvoted 1 times
Ajdlfasudfo0
2 years, 3 months ago
Service (s): Access to service-level APIs (e.g., Get/Set Service Properties, Get Service Stats, List Containers/Queues/Tables/Shares) Container (c): Access to container-level APIs (e.g., Create/Delete Container, Create/Delete Queue, Create/Delete Table, Create/Delete Share, List Blobs/Files and Directories) Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files(e.g. Put Blob, Query Entity, Get Messages, Create File, etc.)
upvoted 1 times
Ajdlfasudfo0
2 years, 3 months ago
So, Answer one is Folder and Container
upvoted 4 times
Ajdlfasudfo0
2 years, 3 months ago
the storage account keys key1 and key2 have full permission, therefore container1, folder1 and table1 for answer two
upvoted 1 times
...
...
...
...
AzureJobsTillRetire
2 years, 3 months ago
Box1: container and folder1 The allowed service is File only, and folder1 is file share. The allowed resources types are service, container and object. Box1: container and folder1 Both key1 and key2 are the signing keys of SAS1. https://social.msdn.microsoft.com/Forums/en-US/150b5a5d-0a0c-49a6-8ec6-265535789e0b/signing-key-under-shared-access-signature?forum=windowsazuredata
upvoted 2 times
AzureJobsTillRetire
2 years, 3 months ago
Sorry my bad. Both box1 and box2 are container and folder1
upvoted 2 times
...
AzureJobsTillRetire
2 years, 3 months ago
Sorry I messed up. The signing key of SAS1 (key1) is the storage account key and it has full access to the storage account. The Box2 is Container1, folder1 and tables.
upvoted 1 times
...
...
skr123
2 years, 3 months ago
Foe SAS1 - only allowed services are files - hence it can only do operation on FOLDER1
upvoted 10 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago