Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What solution should you implement for each web app to ensure they can only read their own written data in Azure storage?

  1. Provide each app with a system-assigned identity and configure storage1 for Azure AD User account authentication.

  2. Provide each app with a separate Storage account key and configure the app to use it with each request.

  3. Provide each app with a user-managed identity and configure storage1 for Azure AD User account authentication.

  4. Provide each app with a unique Base64-encoded AES-256 encryption key.

The correct answer is: Provide each app with a user-managed identity and configure storage1 for Azure AD User account authentication.

Providing each app with a user-managed identity and configuring the Azure storage account for Azure AD User account authentication is a robust solution for ensuring that each web app can only read its own written data. Using user-managed identities allows for greater control and security, as these identities can be created, managed, and deleted independently of the lifecycle of the web apps. This means that if an app no longer needs access or if it is decommissioned, the corresponding user-managed identity can be disabled or deleted without impacting other apps or identities. When each app is assigned a distinct user-managed identity, it can be granted permissions specifically to access only its own data stored in Azure Storage. By configuring the storage account to utilize Azure AD authentication, the application uses roles and policies to define access rights further. This ensures that even if applications attempt to access resources, they will only succeed if the permissions attached to their respective user-managed identities allow it, thereby enforcing strict data segregation. This approach also enhances security by eliminating the need for hard-coded storage account keys or any shared secrets, reducing the attack surface that comes with credential management. In contrast, other options may not enforce as strict access controls or could introduce unnecessary complexity or security risks. For instance, providing separate storage account

More Questions Like This