Home › Azure AZ-500 › cloudcomputing › az500compstoragedb › Which Azure storage authentication option should…
Which Azure storage authentication option should a security engineer prefer over shared-key access for an application reading a blob — to enable IAM-controlled, auditable access without shared secrets?
AAzure DNS
BHardcoded storage account access keys in source code
CMicrosoft Entra ID authentication (or Managed Identity) on the storage account
DPublic anonymous read
Answer & Solution
Correct answer: C. Microsoft Entra ID authentication (or Managed Identity) on the storage account
Entra-auth on storage replaces shared keys (per AZ-500 §3 storage access). The other options leak credentials or expose data.
Related questions
Which Azure Storage feature should a security engineer enable to require all reads/writes Which Azure VM security feature lets a security engineer require all data passing between Which Azure SQL feature lets a security engineer enable Microsoft Entra ID-based DB loginsWhich Azure SQL feature should a security engineer enable to obscure sensitive column valuWhich Azure SQL Database feature should a security engineer recommend to encrypt sensitiveWhich Azure SQL Database feature should a security engineer enable to encrypt data at restWhich Azure storage feature lets a security engineer generate a TIME-LIMITED, scope-bound Which Azure storage feature should a security engineer use to PROTECT BLOBS from accidenta