Microsoft Cybersecurity Architect — Question 97

You have an Azure subscription that contains several storage accounts. The storage accounts are accessed by legacy applications that are authenticated by using access keys.
You need to recommend a solution to prevent new applications from obtaining the access keys of the storage accounts. The solution must minimize the impact on the legacy applications.
What should you include in the recommendation?

Answer options

• A. Set the AllowSharedKeyAccess property to false.
• B. Apply read-only locks on the storage accounts.
• C. Set the AllowBlobPublicAccess property to false.
• D. Configure automated key rotation.

Correct answer: B

Explanation

Implementing read-only locks on the storage accounts (option B) prevents any modifications to the storage accounts, thereby protecting the access keys from being changed or retrieved by new applications. The other options either do not directly prevent access key retrieval (A and D) or are not relevant to key access in the context of legacy applications (C).