0
0
Azurecloud~5 mins

Storage access keys and SAS tokens in Azure - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is a Storage Access Key in Azure Storage?
A Storage Access Key is a secret key that grants full access to all data in an Azure Storage account. It acts like a master password to manage and access storage resources.
Click to reveal answer
beginner
What does SAS stand for and what is its purpose?
SAS stands for Shared Access Signature. It allows you to grant limited and time-bound access to Azure Storage resources without sharing the storage account keys.
Click to reveal answer
intermediate
How does a SAS token improve security compared to using Storage Access Keys directly?
A SAS token limits access by specifying permissions, resource types, and expiration time, reducing risk if the token is exposed. Storage Access Keys provide full access without restrictions.
Click to reveal answer
intermediate
Name two types of SAS tokens in Azure Storage.
1. User Delegation SAS - uses Azure Active Directory credentials for enhanced security. 2. Service SAS - grants access based on storage account keys.
Click to reveal answer
beginner
Why should you avoid sharing Storage Access Keys directly?
Because Storage Access Keys provide full control over the storage account, sharing them increases risk of unauthorized access. Using SAS tokens is safer as they limit permissions and duration.
Click to reveal answer
What does a Shared Access Signature (SAS) token allow you to do?
AReset the storage account keys
BProvide full access to the storage account
CGrant limited, time-bound access to storage resources
DEncrypt data in the storage account
Which of the following is a risk of sharing Storage Access Keys directly?
AUnauthorized full access to storage account
BAutomatic expiration of access
CLimited access to specific files
DAccess only to read data
What is a User Delegation SAS?
AA SAS token signed with storage account keys
BA tool to encrypt storage data
CA key to reset storage account passwords
DA SAS token signed with Azure AD credentials
Which permission can you NOT restrict with a SAS token?
AWrite access
BReset storage account keys
CDelete access
DRead access
Why is it best practice to use SAS tokens instead of Storage Access Keys for sharing access?
ASAS tokens provide limited, revocable access
BStorage Access Keys only allow read access
CStorage Access Keys are free to share
DSAS tokens never expire
Explain the difference between Storage Access Keys and SAS tokens in Azure Storage.
Think about access scope and security risks.
You got /4 concepts.
    Describe scenarios where you would use a SAS token instead of a Storage Access Key.
    Consider safety and control when sharing access.
    You got /4 concepts.