Answer-first summary for fast verification
Answer: Apply read-only locks on the storage accounts.
A read-only lock on a storage account prevents users from listing the account keys. The Azure Storage List Keys operation, which is handled by a POST request, is restricted with a read-only lock, thus protecting access to the account keys. This ensures that new applications cannot obtain the access keys, while minimizing the impact on the legacy applications that continue to use the keys for access. Applying a read-only lock affects only the control plane and not the data plane, meaning that the legacy applications can still read and write data as needed.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are managing an Azure subscription with multiple storage accounts, which are currently accessed by legacy applications using access keys for authentication. To improve security, you need to propose a solution that prevents new applications from acquiring these access keys. This solution should ensure minimal disruption to the functioning of the legacy applications. What would be the appropriate recommendation to fulfill this requirement?
A
Set the AllowSharedKeyAccess property to false.
B
Apply read-only locks on the storage accounts.
C
Set the AllowBlobPublicAccess property to false.
D
Configure automated key rotation.
No comments yet.