Designing an Azure Data Solution (legacy) — Question 47
You are designing a storage solution to store CSV files.
You need to grant a data scientist access to read all the files in a single container of an Azure Storage account. The solution must use the principle of least privilege and provide the highest level of security.
What are two possible ways to achieve the goal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer options
- A. Provide an access key.
- B. Assign the Storage Blob Data Reader role at the container level.
- C. Assign the Reader role to the storage account.
- D. Provide an account shared access signature (SAS).
- E. Provide a user delegation shared access signature (SAS).
Correct answer: B, E
Explanation
The correct answers are B and E. Assigning the Storage Blob Data Reader role at the container level (B) allows the data scientist to read files with the least privilege necessary. Providing a user delegation SAS (E) also ensures that access is granted securely while adhering to the principle of least privilege. The other options either provide broader access than necessary or do not align with the security requirements.