ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 39 discussion

Actual exam question from Microsoft's AZ-303
Question #: 39
Topic #: 2
[All AZ-303 Questions]

You have an Azure Storage account named storage1 that is accessed by several applications.
An administrator manually rotates the access keys for storage1.
After the rotation, the applications fail to access the storage account.
A developer manually modifies the applications to resolve the issue.
You need to implement a solution to rotate the access keys automatically. The solution must minimize the need to update the applications once the solution is implemented.
What should you include in the solution?

  • A. an Azure AD enterprise application
  • B. Azure Key Vault
  • C. Azure Logic Apps
  • D. an Azure Desired State Configuration (DSC) extension
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Microsoft recommends that you use Azure Key Vault to manage your access keys, and that you regularly rotate and regenerate your keys. Using Azure Key Vault makes it easy to rotate your keys without interruption to your applications. You can also manually rotate your keys.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage
by TSMRE at June 1, 2021, 6:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AAPaul
Highly Voted 4 years ago
Correct Answer . Microsoft recommends that the access keys be regularly rotated. Rotating the keys helps to keep the storage accounts secure by invalidating old keys. To manually rotate the keys, the following process must be followed: Alter service connections to use the secondary key. Rotate the primary key in the Azure portal or on the command line. For example, to rotate key1 for the az303fsdemosa storage account in PowerShell, execute the following commands: Click here to view code image New-AzStorageAccountKey ' -ResourceGroupName $resourceGroupName ' -Name $storageAccountName ' -KeyName key1 Alter service connections to use the primary key again. Rotate the secondary key using the same method as shown in step2. The switch between primary and secondary in this process is why Microsoft recommends that only the primary or secondary keys are used by all services by default. Otherwise, connections to storage accounts will be lost when you rotate the keys.
upvoted 11 times
...
TSMRE
Highly Voted 4 years, 2 months ago
Correct
upvoted 5 times
...
EW3772
Most Recent 3 years, 5 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
moon2351
3 years, 5 months ago
Correct
upvoted 1 times
...
syu31svc
3 years, 11 months ago
an Azure AD enterprise application - Azure AD must be configured to integrate with an application. You manage applications on the Enterprise applications. Azure Logic Apps - Though we can rotate the keys using Azure Logic apps implementation, we have simplified approach using Azure Key Vault. an Azure Desired State Configuration (DSC) extension - The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. Answer is B
upvoted 3 times
...
Ramkid
4 years, 1 month ago
Correct Reference : https://docs.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel