Azure Data Scientists Associate Practice Exam

If storage account keys are compromised, what should be done immediately?

• A. Regenerate the storage account keys
• B. Change the user passwords
• C. Create a new storage account
• D. Notify all users of the workspace

The correct answer is: Regenerate the storage account keys

Regenerating the storage account keys is the most appropriate immediate action if the keys are compromised. Storage account keys provide access to all data within the storage account, and if they fall into the wrong hands, it could lead to unauthorized access or data breaches. By regenerating the keys, the compromised keys are invalidated, thus preventing any further unauthorized access. This action secures the storage account by ensuring that only those who possess the new keys can access the resources. It’s a straightforward and effective method to mitigate risks associated with key compromise and is a standard best practice in security management for Azure services. Other actions, while potentially useful in a broader context of security management, do not directly address the immediate risk posed by compromised storage account keys. Changing user passwords may enhance overall security but does not resolve the immediate threat of unauthorized access to the storage account. Creating a new storage account could involve additional overhead, changes to application configurations, and potential data transfer, which are not necessary if the keys can simply be regenerated. Notifying users about the compromise may be important for awareness but does not directly protect the data or resources within the compromised storage account. Therefore, regenerating the keys is the swiftest and most direct method to secure access to the storage account