If you get here you notice that there are a lot of trolls or people who does not have idea about anything. Don loose your time and find different questions since mostly of these ones are wrongly wording, bad answers , outdated and with a lot of trolling people who i dont understand what is their intention to confuse students.
A is correct ans: https://learn.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys-powershell#:~:text=Enable%20key%20regeneration,the%20active%20key.
B. Set-AzStorageAccountManagementPolicy
This cmdlet is used to configure management policies for the Storage Account, including the ability to set policies like key regeneration.
Explanation of other options:
A. Add-AzKeyVaultflanagedStorageAccount: This cmdlet is not a valid cmdlet and seems to be a typo. I could not find it in any document
C. Set-AzStorageAccount: This cmdlet is used to configure general settings for the storage account but doesn’t include key regeneration settings.
D. Add-AzStorageAccountManagementPolicyAction: This cmdlet is used to add actions to an existing management policy but doesn’t directly configure key regeneration for the storage account.
To support the answer.
No, you cannot use Add-AzKeyVaultManagedStorageAccount to automatically regenerate keys every 90 days. The Add-AzKeyVaultManagedStorageAccount cmdlet is used to add a managed storage account to a key vault,
To automatically rotate storage account keys, you should use Azure Key Vault's key rotation policy feature.
Set-AzKeyVaultKeyRotationPolicy `
-VaultName "your-key-vault-name" `
-KeyName "your-key-name" `
-ExpiresIn (New-TimeSpan -Days 90) `
-KeyRotationLifetimeAction @{Action="Rotate"; TimeAfterCreate=(New-TimeSpan -Days 90)}
Confused because question says "you need to configure STORAGE1 to regenerate keys automatically every 90 days …" while documentation of Add-AzKeyVaultManagedStorageAccount says "If you want KEY VAULT to regenerate your storage account keys periodically …"
B. Set-AzStorageAccountManagementPolicy
B. Set-AzStorageAccountManagementPolicy
B. Set-AzStorageAccountManagementPolicy
B. Set-AzStorageAccountManagementPolicy
The answer is A. Read the link below.
https://learn.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys-powershell#enable-key-regeneration
A Add-AzKeyVaultManagedStorageAccount
Adds an existing Azure Storage Account to the specified key vault for its keys to be managed by the Key Vault service.
To configure storage account keys to regenerate automatically every 90 days in Azure, you should use the Set-AzStorageAccount cmdlet. The Set-AzStorageAccount cmdlet allows you to update various properties of a storage account, including the key regeneration policy.
The Add-AzKeyVaultManagedStorageAccount cmdlet is not used for this purpose. It is typically used to link a storage account to an Azure Key Vault for managing keys securely.
To configure storage1 to regenerate keys automatically every 90 days, you should run the cmdlet Add-AzKeyVaultManagedStorageAccount.
Sets up an existing Azure Storage Account with Key Vault for Storage Account keys to be managed by Key Vault. The Storage Account must already exist. The Storage Keys are never exposed to caller. Key Vault auto regenerates and switches the active key based on the regeneration period.
https://learn.microsoft.com/en-us/powershell/module/az.keyvault/add-azkeyvaultmanagedstorageaccount
To create a key expiration policy with PowerShell, use the Set-AzStorageAccount command and set the -KeyExpirationPeriodInDay parameter to the interval in days until the access key should be rotated.
Add-AzKeyVaultManagedStorageAccount
An example here
https://learn.microsoft.com/en-us/powershell/module/az.keyvault/add-azkeyvaultmanagedstorageaccount?view=azps-10.3.0#:~:text=set%0A%24regenerationPeriod%20%3D%20%5BSystem.Timespan%5D%3A%3AFromDays(90)-,Add%2DAzKeyVaultManagedStorageAccount,-%2DVaultName%20%27myvault%27%20%2DAccountName%20%27mystorageaccount%27%20%2DAccountResourceId%20%27/subscriptions/%3Csubscription
HERE IS THE WHOLE COMMAND FROM MICRSOFT:
Add-AzKeyVaultManagedStorageAccount -VaultName 'myvault' -AccountName 'mystorageaccount' -AccountResourceId '/subscriptions/<subscription id>/resourceGroups/myresourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/mystorageaccount' -ActiveKeyName 'Primary' -RegenerationPeriod $regenerationPeriod
What is the point of KeyVault answers here ?
We want the storage account to rotate the keys itself, this is what is asked.. Not to store the the keys in key vault and have it rotating them for the storage account...
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-powershell#create-a-key-expiration-policy
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jvallespin
Highly Voted 2 years, 2 months agomajstor86
Highly Voted 2 years, 3 months agomajstor86
2 years, 3 months ago_punky_
1 year, 8 months agorandy0077
Most Recent 3 months agogolitech
4 months, 3 weeks agoITFranz
6 months, 2 weeks agopentium75
10 months, 4 weeks agoda
1 year, 4 months agoGinairo214
1 year, 5 months ago[Removed]
1 year, 6 months agohandstand
1 year, 6 months agoOrangeSG
1 year, 7 months agoTheProfessor
1 year, 8 months agoTheProfessor
1 year, 8 months agoAzureAdventure
1 year, 9 months agoheatfan900
1 year, 9 months agoheatfan900
1 year, 9 months agoESAJRR
1 year, 9 months ago_fvt
1 year, 10 months agoArio
1 year, 11 months agoArio
1 year, 11 months ago