DRAG DROP
You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of
actions to the answer area and arrange them in the correct order.
Select and Place:
Answer: 
My answer would be:
1- Update the cloud service configuration with the secondary access key.
2- Regenerate the primary access key.
3- Update the cloud service configuration with the primary access key.
“update the configuration file with the secondary access keys and only then regenerate the primary access key. Once the new primary access key is regenerated you can now use this key to update the configuration file once again.”
Source: https://blogs.msdn.microsoft.com/mast/2013/11/06/why-does-an-azure-storage-account-have-two-access-keys/
Changed 4,2,1 to 3,4,2.
But as per policy ALL the keys need to be regenerated, so if we do 4,2, 1 and if the secondary key has been compromised then there is no point of
regenerating the Primary Key every month.
Its as if you change the combination of your main door every month but keep your garage door unlocked.
So I think 3,4,2 is correct because we are regenerating both keys monthly as required by security policy and in next month we can swap it with Primary
key and use same logic.
That is the only way to change both access keys in 3 steps without causing downtime.
(From one of the dump )