Skip to Content

Microsoft AZ-104: How to Automatically Rotate Access Keys for Azure Storage Account?

By: Author Alex Lim

Posted on

Categories Exam

Learn the correct way to ensure automatic rotation of access keys for an Azure storage account. Find out which Azure service enables key rotation and secure key management.

Table of Contents

Question

You have an Azure subscription that contains a storage account named storage1.

You need to ensure that the access keys for storage1 rotate automatically.

What should you configure?

A. a backup vault
B. redundancy for storage1
C. lifecycle management for storage1
D. an Azure key vault
E. a Recovery Services vault

Answer

D. an Azure key vault

Explanation

To automatically rotate the access keys for an Azure storage account like storage1, the correct solution is to configure an Azure Key Vault (Option D).

Azure Key Vault is a cloud service for securely storing and managing secrets such as encryption keys, passwords, certificates, and storage account keys. It provides features like automatic key rotation, which allows you to set an expiration date or validity period for keys. When the specified time arrives, Key Vault automatically generates a new version of the key.

By storing your storage account access keys in Key Vault and configuring automatic rotation, you ensure that the keys are periodically updated without manual intervention. This enhances security by regularly changing the keys, reducing the risk of unauthorized access if a key is compromised.

The other options mentioned are not directly related to automatic key rotation:

  • Backup vault (A) and Recovery Services vault (E) are used for backup and disaster recovery purposes.
  • Redundancy (B) refers to data replication for high availability and durability.
  • Lifecycle management (C) is used for managing the lifecycle of data in a storage account, such as transitioning to cooler tiers or archiving.

Therefore, configuring an Azure Key Vault is the correct answer to ensure automatic rotation of access keys for the storage account.

Microsoft AZ-104 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.