What method can be recommended for securely sharing specific blobs with vendors while ensuring limited public exposure?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Master the Microsoft Cybersecurity Architect Expert exam with our comprehensive SC-100 quiz. Learn with detailed questions, explanations, and get exam-ready with expert insights!

Using shared access signatures (SAS) with time limits is an effective method for securely sharing specific blobs with vendors while minimizing public exposure. SAS tokens provide a way to grant limited access to storage resources in Azure without revealing the storage account’s access keys.

When you create a SAS, you can specify the permissions (such as read, write, or delete) for a particular blob and set a time limit during which the SAS token remains valid. This controlled access ensures that vendors can only access the specific resources they need, for a defined period, reducing the risk of unauthorized access or data leakage after the access period expires.

This approach allows for granular control over who can access the blobs and for how long, addressing concerns about public exposure effectively. Other options might not provide the necessary restriction or security:

  • Configuring encryption using customer-managed keys (CMKs) focuses on the protection of data at rest rather than on sharing mechanisms.
  • Providing access through Azure AD roles can be effective but may require more complex management and may not allow for temporary or limited access as needed for specific vendor interactions.
  • Enabling public access to the blobs directly contradicts the goal of limited exposure, as it permits unrestricted access to anyone who has the URL.

Using SAS with time

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy