Developing Solutions for Microsoft Azure (AZ-204) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Developing Solutions for Microsoft Azure Exam. Prepare with flashcards and multiple choice questions, get hints and explanations for each question. Ace your test prep!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which type of shared access signature (SAS) applies exclusively to Blob storage?

  1. Account SAS

  2. Service SAS

  3. User delegation SAS

  4. Storage account key

The correct answer is: User delegation SAS

The User delegation SAS is specifically designed for Azure Blob storage. This type of shared access signature allows for finer-grained control over the permissions associated with a specific user identified by Azure Active Directory (AAD). By using User delegation SAS, you can create a signature that provides access to certain resources in Blob storage while adhering to the permissions set within Azure Access Control (IAM). This approach enhances security and offers temporary access without needing to share storage account keys or broad service-level permissions. Since User delegation SAS is tied directly to the user and their roles and permissions, it is especially beneficial in scenarios requiring temporary access or auditing. In contrast, Account SAS and Service SAS are more general types of shared access signatures that can apply to multiple Azure storage services beyond just Blob storage. The account key is a more restricted form of access and does not provide the same level of granularity and user-based control that the User delegation SAS offers. Thus, when focusing exclusively on Blob storage access, the User delegation SAS stands out as the most appropriate choice.

More Questions Like This