SC-100 · Question #20
SC-100 Question #20: Real Exam Question with Answer & Explanation
The correct answer is A: Apply read-only locks on the storage accounts.. A read-only lock on a storage account prevents users from listing the account keys. A POST request handles the Azure Storage List Keys operation to protect access to the account keys. The account keys provide complete access to data in the storage account. https://docs.microsoft.
Question
You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys. You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications. What should you include in the recommendation?
Options
- AApply read-only locks on the storage accounts.
- BSet the AllowSharcdKeyAccess property to false.
- CSet the AllowBlobPublicAcccss property to false.
- DConfigure automated key rotation.
Explanation
A read-only lock on a storage account prevents users from listing the account keys. A POST request handles the Azure Storage List Keys operation to protect access to the account keys. The account keys provide complete access to data in the storage account. https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources https://docs.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent https://docs.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
Topics
Community Discussion
No community discussion yet for this question.