nerdexam
ExamsAZ-500Questions#350
MicrosoftMicrosoft

AZ-500 · Question #350

AZ-500 Question #350: Real Exam Question with Answer & Explanation

This question tests knowledge of which authorization types (Shared Key, SAS, Azure AD/RBAC, Anonymous) are supported by different Azure Storage account kinds and configurations, particularly focusing on how the 'Allow storage account key access' setting and storage account type a

Submitted by packet_pusher· Mar 6, 2026Secure compute, storage, and databases

Question

Hotspot Question You have an Azure subscription that contains the storage accounts shown in the following table. You need to configure authorization access. Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Options

  • __typehotspot
  • variantyes_no

Explanation

This question tests knowledge of which authorization types (Shared Key, SAS, Azure AD/RBAC, Anonymous) are supported by different Azure Storage account kinds and configurations, particularly focusing on how the 'Allow storage account key access' setting and storage account type affect authorization options.

Approach. Azure Storage supports multiple authorization types depending on the storage account configuration. If 'Allow storage account key access' is enabled, both Shared Key and SAS (which derives from Shared Key) are available. If it is disabled, only Azure AD (RBAC/ABAC) and Anonymous access (if configured) are available. Azure Data Lake Storage Gen2 (hierarchical namespace enabled) supports Azure AD and SAS/Shared Key if key access is enabled. Standard general-purpose v2 accounts support all four types when key access is enabled: Shared Key, SAS, Azure AD, and Anonymous (for blobs/containers configured for public access). Accounts with 'Allow storage account key access' set to false cannot use Shared Key or SAS tokens derived from the account key, leaving only Azure AD and potentially Anonymous access as valid options.

Concept tested. Azure Storage authorization methods - Shared Key, Shared Access Signature (SAS), Azure Active Directory (Azure AD / RBAC), and Anonymous public access - and how storage account settings (key access enabled/disabled, hierarchical namespace, account kind) determine which authorization types are available for each storage account.

Reference. https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access

Topics

#Azure Storage#Authorization#Shared Key#Shared Access Signature#Azure Active Directory authentication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-500 PracticeBrowse All AZ-500 Questions