-
AZ-500 – Securing storage account
-
Hi,
Can you explain why the correct answer for the below question is “YES” ?
<i style=”font-family: inherit; font-size: inherit;”>You have discovered that one of your Azure Storage account access keys has been compromised. You need to ensure that the compromised access key cannot be used anymore while minimizing disruption to your services.
Solution: Rotate both primary and secondary access keys for the Azure Storage account and update all applications and services to use the new keys.
Does the solution meet the goal?
If just one of the access keys was compromised, why do we need to rotate both keys?
Can’t we just rotate the key that was compromised?
I.e., in this scenario, we could update the applications/code to use the 2nd key (non-compromised) and then rotate the compromised key in the portal.
Thanks,
André
-
Hi André,
In this case, rotating both the primary and secondary keys is recommended for security reasons. Even though only one key was compromised, rotating both keys ensures that no unauthorized access remains possible. This approach invalidates both keys and makes the account fully secure.
While rotating both keys does require updating all applications, it simplifies the process by ensuring that both keys are refreshed at once. This can help minimize the time the compromised key is still in use and reduce any potential gaps in security. Hence, rotating both keys meets the goal of securing the account while addressing the compromise immediately.
Best regards,
Irene @ Tutorials Dojo -
Hi Irene,
Got it, thanks for the confirmation.
Cheers,
André
-
This reply was modified 1 month, 1 week ago by
aocferreira.
-
You’re very welcome! Feel free to reach out if you need anything else or have any further questions.
Cheers,
Irene @ Tutorials Dojo
-
This reply was modified 1 month, 1 week ago by
Log in to reply.