Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Practice this question and more.

What is the most effective method for revoking access to an Azure Storage account in the event of unauthorized access?

Create a lock on the storage account
Create a new stored access policy
Generate new shared access signatures (SAS)
Regenerate the Azure storage account access keys

The correct answer is: Regenerate the Azure storage account access keys

Revoking access to an Azure Storage account effectively usually involves taking decisive actions that ensure unauthorized users cannot access the resources. The most effective method in this scenario is regenerating the Azure storage account access keys. When access keys are regenerated, any active connections using the previous keys are immediately invalidated. This action provides a quick and comprehensive means to cut off access without needing to manually track or identify specific users or permissions that may have been granted. It effectively refreshes the security context of the storage account, ensuring no unauthorized users retain access. In contrast, creating a lock on the storage account primarily prevents any modifications to the storage account, but it does not restrict access to existing users. Similarly, creating a new stored access policy or generating new shared access signatures (SAS) might alter or limit access for specific resources or timeframes, but these methods still allow for the possibility of unauthorized access through existing keys or permissions. Thus, for a quick and thorough revocation of access due to security concerns, regenerating the access keys is the most effective approach.