Microsoft AZ-204 Exam - Topic 19 Question 43 Discussion

Actual exam question for Microsoft's AZ-204 exam

Question #: 43
Topic #: 19

A development team is creating a new REST API. The API will store data in Azure Blob storage. You plan to deploy the API to Azure App Service.

Developers must access the Azure Blob storage account to develop the API for the next two months. The Azure Blob storage account must not be accessible by the developers after the two-month time period.

You need to grant developers access to the Azure Blob storage account.

What should you do?

AGenerate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers.

BCreate and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account.

CProvide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header.

DGrant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles.

Show Suggested Answer

Suggested Answer: A

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

by Kimbery at May 09, 2022, 11:23 PM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Fallon

4 months ago

Not sure if a lifecycle policy will actually restrict access like we need.

upvoted 0 times

...

Kris

4 months ago

SAS is temporary, so it fits the requirement perfectly!

upvoted 0 times

...

Eun

4 months ago

Wait, can we really just give them the access key?

upvoted 0 times

...

Erin

4 months ago

I think RBAC is safer for managing access.

upvoted 0 times

...

Linn

5 months ago

A SAS token is the way to go!

upvoted 0 times

...

Mel

5 months ago

I vaguely remember that lifecycle management policies are more about data retention than access control. I don't think that's the right answer.

upvoted 0 times

...

Regenia

5 months ago

I feel like providing the access key might not be secure enough for this scenario. I wonder if RBAC could be a better choice?

upvoted 0 times

...

Kristofer

5 months ago

I think I practiced a similar question where we had to limit access to resources. SAS sounds familiar, but I can't recall the exact details.

upvoted 0 times

...

Alex

5 months ago

I remember something about using a shared access signature for temporary access, but I'm not sure if that's the best option here.

upvoted 0 times

...

Eric

5 months ago

Okay, I've got this. Teams allow you to restrict searches against certain indexes, like the itsi_notable_audit index. I'm pretty confident that's the right answer here.

upvoted 0 times

...

Marisha

5 months ago

I'm feeling pretty good about this one. I think the answer is Claims - that data model seems designed to incorporate information from outside sources to support the use case. I'll go with that.

upvoted 0 times

...

Sina

5 months ago

Okay, let me think this through step-by-step. RSVP uses the Path message to signal the desired path for the LSP, and the Resv message to reserve resources along that path. I'm confident those are the two correct answers here.

upvoted 0 times

...

Geoffrey

5 months ago

This question is testing our knowledge of GCP services and how they work together. I'm pretty confident that the best approach is to use App Engine Cron to schedule the tasks and then publish the messages to Pub/Sub, which can be consumed by a Compute Engine service. That way, the scheduling is reliable and the processing is scalable. I'll go with option B.

upvoted 0 times

...

Rosio

5 months ago

I'm a bit unsure about confusing UX with UI. I remember something about how they differ, but I'm not clear on specifics.

upvoted 0 times

...