0
0
Azurecloud~20 mins

Storage access keys and SAS tokens in Azure - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Storage Access Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding SAS Token Permissions

You create a Shared Access Signature (SAS) token for an Azure Storage blob with the following permissions: read and list. What actions can a user perform with this SAS token?

AThe user can read blob content and list blobs in the container but cannot upload or delete blobs.
BThe user can upload new blobs and delete existing blobs but cannot read blob content.
CThe user can read, upload, delete, and list blobs in the container.
DThe user can only list blobs but cannot read or modify blob content.
Attempts:
2 left
💡 Hint

Think about what 'read' and 'list' permissions allow in Azure Storage.

Configuration
intermediate
2:00remaining
SAS Token Expiry Configuration

You want to create a SAS token that expires exactly 2 hours after creation. Which of the following ISO 8601 datetime strings correctly sets the expiry time if the token is created at 2024-06-01T10:00:00Z?

A2024-06-01T10:02:00Z
B2024-06-01T12:00:00Z
C2024-06-01T08:00:00Z
D2024-06-01T14:00:00Z
Attempts:
2 left
💡 Hint

Remember that the expiry time must be 2 hours after the creation time.

Architecture
advanced
2:00remaining
Choosing Between Storage Access Keys and SAS Tokens

Your company wants to allow a third-party app to upload files to a specific container in your Azure Storage account without giving full access to the storage account. Which approach is best?

AShare the storage account access keys with the third-party app.
BGive the third-party app the Azure subscription owner role.
CCreate a SAS token scoped to the specific container with write permission and limited expiry time.
DCreate a new storage account and share its access keys with the third-party app.
Attempts:
2 left
💡 Hint

Think about least privilege and limiting access scope.

security
advanced
2:00remaining
Security Risks of Using Storage Account Access Keys

What is the main security risk of distributing your Azure Storage account access keys to multiple applications?

AAccess keys only allow read access, limiting application functionality.
BAccess keys expire too quickly, causing service interruptions.
CAccess keys automatically rotate, causing authentication failures.
DAccess keys provide full control over the storage account, so if leaked, attackers can access or delete all data.
Attempts:
2 left
💡 Hint

Consider the scope of permissions granted by access keys.

service_behavior
expert
2:00remaining
Effect of Revoking a SAS Token

You generate a SAS token with read and write permissions for a blob container. Later, you regenerate the storage account access keys. What happens to the SAS token?

AThe SAS token immediately becomes invalid and cannot be used anymore.
BThe SAS token's permissions are reduced to read-only automatically.
CThe SAS token remains valid until its expiry time, unaffected by key regeneration.
DThe SAS token is valid only if the storage account is in read-only mode.
Attempts:
2 left
💡 Hint

Think about how SAS tokens are signed and what regenerating keys means.