Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You regenerate the Azure storage account access keys.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.A
Generating new storage account keys will invalidate all SAS's that were based on the previous keys.
The given solution, "You regenerate the Azure storage account access keys," will revoke all access to the storage account, and thus, it meets the goal of revoking unauthorized access to the file service and the blob service.
Explanation: Azure Storage provides two types of keys that are used for authentication to access the storage account - "storage account access keys" and "shared access signatures (SAS)". Storage account access keys provide full access to the storage account, and they can be used to perform all operations on the storage account, including creating SAS tokens and managing stored access policies.
Regenerating the storage account access keys will revoke all access to the storage account, including all SAS tokens and stored access policies associated with the storage account. This means that all unauthorized access to the storage account, including the file service and the blob service, will be revoked. Once the keys are regenerated, all applications and users that use the previous keys or SAS tokens will no longer be able to access the storage account.
Therefore, the given solution meets the goal of revoking all access to the storage account, and thus the correct answer is A. Yes.