READ Free Dumps For Microsoft- 70-533
| Question ID 18148 | You manage a collection of large video files that is stored in an Azure Storage account.
A user wants access to one of your video files within the next seven days.
You need to allow the user access only to the video file, and then revoke access once the
user no longer needs it.
What should you do?
|
| Option A | Give the user the secondary key for the storage account.Once the user is done with the file, regenerate the secondary key.
|
| Option B | Create an Ad-Hoc Shared Access Signature for the Blob resource.Set the Shared Access Signature to expire in seven days.
|
| Option C | Create an access policy on the container.Give the external user a Shared Access Signature for the blob by using the policy.Once the user is done with the file, delete the policy.
|
| Option D | Create an access policy on the blob.Give the external user access by using the policy.Once the user is done with the file, delete the policy.
|
| Correct Answer | C |
Explanation Explanation: See 3) below. By default, only the owner of the storage account may access blobs, tables, and queues within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access: 1.You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues. 2. You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it. 3. You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.
| Question ID 18149 | You administer an Access Control Service namespace named contosoACS that is used by
a web application. ContosoACS currently utilizes Microsoft and Yahoo accounts.
Several users in your organization have Google accounts and would like to access the web
application through ContosoACS.
You need to allow users to access the application by using their Google accounts.
What should you do?
|
| Option A | Register the application directly with Google.
|
| Option B | Edit the existing Microsoft Account identity provider and update the realm to include Google.
|
| Option C | Add a new Google identity provider.
|
| Option D | Add a new WS-Federation identity provider and configure the WS-Federation metadata to point to the Google sign-in URL.
|
| Correct Answer | C |
Explanation Explanation: Configuring Google as an identity provider eliminates the need to create and manage authentication and identity management mechanism. It helps the end user experience if there are familiar authentication procedures.