Managing access keys in Azure Key Vault It is important to protect the storage account access keys because they provide full access to the storage account. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys….
Use user delegation SAS – MS AZ-104 Study Guide
Use user delegation SAS You can also create user delegation SAS using Microsoft Entra ID credentials. The user delega- tion SAS is only supported by Blob Storage, and it can grant access to containers and blobs. Currently, SAS is not supported for user delegation SAS. Configure stored access policies A SAS token incorporates the access…
Create and use shared access signature (SAS) tokens
Create and use shared access signature (SAS) tokens There are a few different ways you can create a SAS token. A SAS token is a way to granularly control how a client can access data in an Azure storage account. You can also use an account- level SAS to access the account itself. You can…
Virtual network service endpoints – MS AZ-104 Study Guide
Virtual network service endpoints In some scenarios, a storage account is only accessed from within an Azure virtual network. In this case, it is desirable from a security standpoint to block all internet access. Configuring virtual network service endpoints for your Azure storage account, you can remove access from the public internet and only allow…
Configure Azure Storage firewalls and virtual networks
Configure Azure Storage firewalls and virtual networks Storage accounts are managed through Azure Resource Manager. Management operations are authenticated and authorized using Microsoft Entra ID RBAC. Each storage service exposes its own endpoint used to manage the data in that storage service (blobs in Blob Storage, entities in tables, and so on). These service-specific endpoints…
Access tiers – Azure AZ-104 Exam
Access tiers Azure Blob Storage supports four access tiers: Hot, Cool, Cold, and Archive. Each represents a trade-off of availability and cost. There is no trade-off on the durability (probability of data loss), which is defined by the SKU and replication, not the access tier. The tiers are as follows: New blobs will default to…
Account types – Azure AZ-104 Exam
Account types There are three possible storage account types for the Standard tier: StorageV2 (General- Purpose V2), Storage (General-Purpose V1), and BlobStorage. There are four possible storage account types for the Premium tier: StorageV2 (General-Purpose V2), Storage (General- Purpose V1), BlockBlobStorage, and FileStorage. Table 2-1 shows the features for each kind of account. Key points…
Modifying node pools – Google Cloud Exam Guide
Command line The creation of a minimalistic deployment pool (bare minimum without any extra settings) can be achieved by executing the following command:gcloud container node-pools create POOL_NAME –cluster CLUSTER_NAME –region=REGION_NAME Execution of this command results in default settings configured for the node pool—three nodes with e2-medium as the machine type: Figure 6.21 – Default and…
Configure access to storage
Skill 2.1: Configure access to storage An Azure storage account is a resource that you create that is used to store data objects such as blobs, files, queues, tables, and disks. Data in an Azure storage account is durable and highly available, secure, massively scalable, and accessible from anywhere in the world over HTTP or…
Command line – Google Cloud Exam Guide
To delete a GKE cluster, we need to use the following command:gcloud container clusters delete CLUSTER_NAME –-zone=zone_name In the next screenshot, we see the progress and output of the command that leads to cluster deletion: Figure 6.13 – Cluster deletion using CLI By performing cluster operations, we have delved deeper into GKE management. Let’s move…