AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 119

You have an Azure Storage account named storage1 that is accessed by several applications.

An administrator manually rotates the access keys for storage1.

After the rotation, the applications fail to access the storage account.

A developer manually modifies the applications to resolve the issue.

You need to implement a solution to rotate the access keys automatically. The solution must minimize the need to update the applications once the solution is implemented.

What should you include in the solution?

Show Answer
Correct Answer: B

To rotate access keys automatically and minimize the need to update applications, Azure Key Vault should be included in the solution. Azure Key Vault can securely store and manage access keys, secrets, and certificates. It also allows for automated key rotation, reducing potential disruptions to applications. Integrating with Azure Key Vault means that applications can retrieve the updated keys from the vault without needing manual updates each time the keys are rotated.

Discussion

6 comments
Sign in to comment
AAPaul
Jul 4, 2021

Correct Answer . Microsoft recommends that the access keys be regularly rotated. Rotating the keys helps to keep the storage accounts secure by invalidating old keys. To manually rotate the keys, the following process must be followed: Alter service connections to use the secondary key. Rotate the primary key in the Azure portal or on the command line. For example, to rotate key1 for the az303fsdemosa storage account in PowerShell, execute the following commands: Click here to view code image New-AzStorageAccountKey ' -ResourceGroupName $resourceGroupName ' -Name $storageAccountName ' -KeyName key1 Alter service connections to use the primary key again. Rotate the secondary key using the same method as shown in step2. The switch between primary and secondary in this process is why Microsoft recommends that only the primary or secondary keys are used by all services by default. Otherwise, connections to storage accounts will be lost when you rotate the keys.

TSMRE
Jun 1, 2021

Correct

Ramkid
Jun 6, 2021

Correct Reference : https://docs.microsoft.com/en-us/azure/key-vault/secrets/tutorial-rotation-dual?tabs=azure-cli

syu31svc
Aug 28, 2021

an Azure AD enterprise application - Azure AD must be configured to integrate with an application. You manage applications on the Enterprise applications. Azure Logic Apps - Though we can rotate the keys using Azure Logic apps implementation, we have simplified approach using Azure Key Vault. an Azure Desired State Configuration (DSC) extension - The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. Answer is B

moon2351
Feb 6, 2022

Correct

EW3772Option: B
Feb 20, 2022

B is correct