Home » Microsoft » AZ-204 v.2 » What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage.
The token is compromised.
You need to revoke the token.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Revoke the delegation keys
B. Delete the stored access policy.
C. Regenerate the account key.
D. Remove the role assignment for the security principle.
Correct Answer: AB
Explanation/Reference:
Explanation:
A: Revoke a user delegation SAS
To revoke a user delegation SAS from the Azure CLI, call the az storage account revoke-delegation-keys command. This command revokes all of the user delegation keys associated with the specified storage account. Any shared access signatures associated with those keys are invalidated.
B: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/storage-blob-user-delegation-sas-create-cli.md
https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modifying-or-revoking-a-stored-access-policy
Microsoft AZ-204: Developing Solutions for Microsoft Azure
Free dumps for AZ-204 in PDF format also you can read online.
High quality AZ-204 PDF and software. VALID exam to help you pass.
|
|