Configure stored access policies

Practice Test

True or False: A stored access policy provides a range of functionality over individual ad-hoc signatures.

• True
• False

Answer: True

Explanation: A stored access policy offers additional features such as revoking futures, modifying rights, and setting the expiry times.

What does the Configure Stored Access Policies allow you to do?

• a) Set permissions and a date range for the Shared Access Signature
• b) Remove unwanted permissions on the go
• c) Monitor real-time traffic
• d) Manage stored disk space

Answer: a) Set permissions and a date range for the Shared Access Signature

Explanation: The Stored Access Policies in Azure allows you to set permissions and a date range for a Shared Access Signature.

Until when are the permissions valid for a given stored access policy on Azure?

• a) Until the expiry time if defined
• b) Until the lease is broken
• c) Until the account’s subscription is active
• d) Until the blob data is modified

Answer: a) Until the expiry time if defined

Explanation: Permissions for a stored access policy are valid until the defined expiry time.

True or False: In Azure, you cannot edit a stored access policy after it’s been created.

• True
• False

Answer: False

Explanation: It’s possible to modify the attributes of a stored access policy such as the expiry time or permissions, even after it’s been created.

Multiple Select: Which of the following can be configured in a stored access policy in Azure?

• a) Start time
• b) End time
• c) Access permissions
• d) Disk space

Answer: a) Start time, b) End time, c) Access permissions

Explanation: You can specify the start time, end time and the access permissions in a stored access policy.

True or False: A stored access policy can have multiple shared access signatures associated with it.

• True
• False

Answer: True

Explanation: A stored access policy can indeed have multiple shared access signatures associated with it, all sharing the same policy constraints.

Which Azure service uses the stored access policies?

• a) Azure Active Directory
• b) Azure Blob storage
• c) Azure Traffic Manager
• d) Azure Web Apps

Answer: b) Azure Blob storage

Explanation: The Azure Blob Storage services use stored access policies to provide additional control over service-level shared access signatures.

True or False: If you delete a stored access policy, any associated shared access signatures become invalid.

• True
• False

Answer: True

Explanation: Deleting a stored access policy invalidates any shared access signatures associated with it and they will no longer work.

Multiple Select: What type of access permissions can be set in stored access policies?

• a) Read
• b) Write
• c) Delete
• d) Update

Answer: a) Read, b) Write, c) Delete

Explanation: Stored access policies can be configured to permit read, write, or delete access to resources.

True or False: When you modify a stored access policy, the modifications take effect immediately on any associated shared access signatures.

• True
• False

Answer: True

Explanation: Any changes made to the stored access policy are instantly reflected on all the shared access signatures related with it.

Interview Questions

What are Stored Access Policies in Microsoft Azure?

Stored Access Policies in Azure are global parameters that can be used by any number of shared access signatures. They allow you to manage constraints such as start time, expiry time, and permissions for service-level shared access signatures.

In which services of Azure can Stored Access Policies be configured?

Stored Access Policies can be configured in Blob service, Queue service, and Table service in Azure Storage.

What types of permissions can be provided with Stored Access Policies?

The permissions provided by Stored Access Policies include: read, write, delete, list, add, create, update and process messages.

Can Stored Access Policies be modified after configuration?

Yes, Stored Access Policies can be modified after they are configured. Changes in the policy become effective for all associated shared access signatures immediately.

Can a Stored Access Policy extend the expiration time of a Shared Access Signature?

Yes, a Stored Access Policy allows you to extend the expiration time of a Shared Access Signature by increasing the expiry time of the policy.

How many Stored Access Policies can be associated with a container or a queue?

You can associate up to 5 Stored Access Policies with a container or a queue.

How do you revoke a Shared Access Signature in Azure?

Revoking a Shared Access Signature in Azure can be done by either deleting the corresponding Stored Access Policy or by modifying it to an earlier expiry time.

How do you configure a Stored Access Policy in Azure Storage?

Stored Access Policies are configured in Azure Storage via the Azure portal, Azure PowerShell, Azure CLI, or the Storage Client Libraries.

Can you restrict IP addresses using Stored Access Policies?

No, you cannot restrict IP addresses using Stored Access Policies in Azure. This is a constraint that must be specified on each Shared Access Signature.

Can you grant a user permissions to both read and write, but not delete, using Stored Access Policies?

Yes, in Stored Access Policies, you can independently specify read, write and delete permissions. For example, you can just grant read and write permissions, but deny delete permission.

Can I modify Stored Access Policies if I have generated any SAS linked with it?

Yes, you can modify Stored Access Policies even if you have a Shared Access Signature (SAS) linked to it. The modifications will immediately affect the SAS.

Is it necessary to associate a SAS token with a Stored Access Policy?

No, you can create an ad hoc SAS without a Stored Access Policy. However, it gives you better control and flexibility to manage the SAS if it’s associated with one.

What happens when we delete a Stored Access Policy associated with a SAS?

When a Stored Access Policy that’s associated with a Shared Access Signature (SAS) is deleted, the SAS becomes immediately invalid.

Can Stored Access Policies be used in combination with Azure AD based authorization?

No, Stored Access Policies cannot be used to further restrict Azure AD based authorization.

Can Azure File Share services use Stored Access Policies?

No, Azure File Share services do not support Stored Access Policies.