Module 7 - Configure Storage Security

Question 1

Create shared access signatures

Answer 1

Never share you key as it will give them access to all the storage

Provides delegated access to resources

Grants access to cleints without sharing your storage keys

The accounts SAS delagtes access to resources in one or more of the storage services

The SAS dlagtes access to a resoyrce in just one storage serviecs

Question 2

Identify URI and SAS parameters

Answer 2

A SAS is a signed URI that points to one or more storage resources

Consists of a storage resource URI and the SAS token

Question 3

Determine storage service encryption

Answer 3

You can use your own key

Protects your data for securtiy compliance

Auto enryots and decrtypys your data

Encrypted through 256 bit AES encryption

Is enabled for all new and existing storage accounts and connto be disabled

Question 4

Create customer managed keys

Answer 4

Use the Azure key vault to manage your encryption keys

Create your own encyption keys and store them in a key fault

Use azure key faults API to geneate encyption keys

Custom keys give you more flexibility and control

Question 5

Apply Storage Secirty best practices

Answer 5

Always use HTTPS to create or distribute a SAS

Refence stored access policies where possible

Use near term expiration times on an ad hoc SAS

use storage analytics to monitor your application

Be careful with SAS start time

be specicfic with resource to be be accessed

Understand that your account will be billed for any usage

Validate data written using SAS

don’t assume SAS is always…