DRAG DROP
You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Which three steps should you perform in sequence?
DRAG DROP
You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
is this correct?
I think you don´t need to regenerate the secondary.
it’s 4, 2, 1 in my opinion
Aggred
But as per policy the keys need to be regenerated, so if we do 4,2, 1 and if the secondary key has been compromised then there is no point of regenerating the Primary Key every month.
Its as if you change the combination of your main door every month but keep your garage door unlocked.
So I think above answer is correct. If we do 3,4,2 we are regenerating both keys monthly as required by security policy and in next month we can swap it with Primary key and use same logic.
I think given the question’s requirements, 3-4-2 is the right answer.
Applications – If you have web applications or cloud services using the storage account, you will lose the connections if you regenerate keys, unless you roll your keys. Here is the process:
Update the connection strings in your application code to reference the secondary access key of the storage account.
Regenerate the primary access key for your storage account. In the Management Portal, from the dashboard or the Configure page, click Manage Keys. Click Regenerate under the primary access key, and then click Yes to confirm you want to generate a new key.
Update the connection strings in your code to reference the new primary access key.
Regenerate the secondary access key.
WHAT IS THE CORRECT ANSWER…..in sequence ?
Update the cloud service configuration with the secondary access key
Regenerate the primary access key
Update the cloud service configuration with the primary access key
The supplied answer is correct. The requirement is that ALL shared access keys need to be changed. To minimize downtime, you would first regenerate the second shared access key and use that and then regenerate the first shared access key, so that both are changed.
4,2,1
if all keys, then supplied ans is right..
1. Update cloud service with the existing secondary access key.
2. Re-Generate primary access key.
3. Update cloud service with the new generated primary access key.
4. Re-Generate secondary access key.
http://azure.microsoft.com/en-gb/documentation/articles/storage-manage-storage-account/
Answer provided here and Samji’s answer are both correct. It depends on how you want to proceed with it. MS recommends that we use the existing secondary key to update the connection strings first, then regenerate Primary key and update the connection strings. Then they recommend to generate the secondary key. This is what I have seen on technet and many forums as the “recommended” process. So I am going to go with Samji’s answer.
Samji’s answer and abovethelimit comment are great, but you have to keep in mind that you have to provide 3 steps, instead of 4!! So, if we want to regenerate ALL keys, answer is correct.
Since the goal is to change the primary key
1. Regenerate the primary access key.
2. Update cloud service with secondary access key.
3. Regenerate the secondary access key.
The goal is that ALL keys are changed
Ref: -http://blogs.msdn.com/b/mast/archive/2013/11/07/why-does-a-storage-account-have-two-access-keys.aspx
1> Update cloud service configuration with the Secondary access key.
2> Regenerate the primary access key
3> Update cloud service configuration with the Primary access key.
Ignore my answer. The given Answer is correct – 3, 4, 2
That is the only way to change both access keys in 3 steps without causing downtime.
I also think that the correct answer should be 4,2,1 (plus 3 as a 4th step),
but since the questions only asks for 3 steps and NO downtime, I have to agree with Sandeep and that the given answer is correct.
Any thoughts?
we have to regenerate ALL keys, so 2 and 3 should appear in the answer
We also need no downtime, the only way is the solution provided: 3,4,2
According to the requirement:
“Security policy requires that all shared access keys are changed without causing application downtime.”
This tells me that “both” keys needs to change. It appears 3,4,2 will accomplish this.
Original answer is correct
Goal to regenerate ALL keys – you do this by updating the Cloud Service with the newly generated SECONDARY key – then you can regenerate the PRIMARY key.
Spells it out nicely.
With two keys, you can first update your configuration file to use the secondary key, then regenerate the primary key and update your application’s configuration to use that – with no downtime
http://blogs.msdn.com/b/jennifer/archive/2010/03/02/why-do-you-need-a-primary-and-a-secondary-access-key-for-windows-azure-storage.aspx
That is a nice way of making good use of your secondary key, but the question seems to be asking for both keys to be regenerated as the policy states “Security policy requires that ALL shared access keys are changed”
Passed the 70-533 exam few days ago! Scored 8XX!
I had 49 questions in total. Around 10-15 new questions, and new questions are about:
1. Backup Vault
2. Azure Powershell CMD
3. Drag and Drop steps involved in Site-to-Site VPN setup between branch offices and internal VMs
4. Contoso authentication in AAD
5. Powershell commands to create azurevm availability set
……more……sorry for forgotting
And, I learned all questions from passleader 70-533 exam dumps, its VCE and PDF dumps are available here: https://tr.im/Ctozs (117q dumps), really helpful for passing exam!
P.S. Remember to get the exam changes from Microsoft official websites (changes are effective as of March 10, 2016), Good Luck To Everybody!
New 70-533 Exam Questions and Answers Updated Recently (19/May/2016):
NEW QUESTION 117
Drag and Drop Question
You are the server administrator for several on-premises systems. You need to back up all the systems to the cloud by using Azure Backup. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1171_thumb.jpg
Answer:
IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1172_thumb.jpg
Explanation:
azure.microsoft.com/en-gb/documentation/articles/backup-configure-vault/
NEW QUESTION 118
For development purposes, you deploy several virtual machines in an Azure subscription. Developers report that the virtual machines fail to access each other. You export the virtual network configuration for the subscription as shown in the following output.
IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1181_thumb.jpg
You need to modify the network configuration to resolve the connection issue. What should you modify?
A. the IP address range of Subnet-1
B. the IP address range of the gateway subnet.
C. the IP address of the DNS server
D. the site of the virtual network
Answer: C
NEW QUESTION 119
You have an Azure subscription. You create an Azure Active Directory (Azure AD) tenant named Tenant1 that has a domain name of tenant1.onmicrosoft.com. You need to add the contoso.com domain name to Tenant1. Which DNS record should you add to the contoso.com zone to be able to verify from Azure whether you own the contoso.com domain?
A. standard alias (CNAME)
B. mail exchanger (MX)
C. host (AAAA)
D. signature (SIG)
Answer: A
NEW QUESTION 120
You purchase an Azure subscription. You plan to deploy an application that requires four Azure virtual machines (VMs). All VMs use Azure Resource Management (ARM) mode. You need to minimize the time that it takes for VMs to communicate with each other. What should you do?
A. Create a multi-site virtual network.
B. Create a regional virtual network.
C. Create a site-to-site virtual network.
D. Add the VMs to the same affinity group.
Answer: D
NEW QUESTION 121
You have an Azure subscription. In Azure, you create two virtual machines named VM1 and VM2. Both virtual machines are instances in a cloud service named Cloud1. You need to ensure that the virtual machines only replicate within the data center in which they were created. Which settings should you modify?
A. virtual machine
B. storage account
C. cloud services
D. Azure subscription
Answer: B
NEW QUESTION 122
You are the global administrator for a company’s Azure subscription. The company uses Azure Active Directory Premium and the Application Access Panel. You are configuring access to a Software as a Service (SaaS) application. You need to ensure that the sales team lead is able to manage user access to the application but is unable to modify administrative access to the application. In the Azure portal, what should you do?
A. Create an Azure group and assign it to the SaaS application.
Create an Azure user with the User Admin role, and assign the user as the owner of the new group.
B. Create an Azure group and assign it to the SaaS application.
Create an Azure user with the Service Admin role, and assign the user as the owner of the new group.
C. Set the values of the Delegated group management and Users can create groups settings to Enabled.
D. Create an Azure group and assign it to the SaaS application.
Create an Azure user with the Global Admin role, and assign the user as the owner of the new group.
Answer: A
NEW QUESTION 123
Drag and Drop Question
Fourth Coffee has an on-premises, multiple-forest Activity Directory (AD) domain. The company hosts web applications and mobile application services. Fourth Coffee uses Microsoft Office 365 and uses Azure Active Directory (Azure AD). You have the following requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1231_thumb.jpg
Answer:
IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1232_thumb.jpg
Explanation:
azure.microsoft.com/en-gb/documentation/articles/active-directory-passwords-getting-started/#writeback-prerequisites
azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect-get-started-custom/
NEW QUESTION 124
A company has an Azure subscription with four virtual machines (VM) that are provisioned in an availability set. The VMs support an existing web service. The company expects additional demand for the web service. You add 10 new VMs to the environment. You need to configure the environment. How many Update Domains (UDs) and Fault Domains (FDs) should you create?
A. 2 UDs and 5 FDs
B. 5 UDs and 2 FDs
C. 14 UDs and 2 FDs
D. 14 UDs and 14 FDs
Answer: B
NEW QUESTION 125
……
P.S. These New 70-533 Exam Questions Were Just Updated From The Real 70-533 Exam, You Can Get The Newest 70-533 Dumps In PDF And VCE From — http://bitly.com/70-533-dumps-vce-pdf (145q)
Good Luck !!!
BTW, NEW 70-533 PDF Dumps from Google Drive for Free: https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Read it again-
“Security policy requires that all shared access keys are changed without causing application downtime”
It can also be read as “Security policy requires that (all/any) shared access keys are changed *without causing application downtime*”
The “all” word is causing the confusion. It is a security policy. The emphasis is that whenever anyone is changing any access key, it should not cause downtime.
Point the app to the 2nd key; regen primary key; repoint to primary key.
It doesn’t state that secondary key was compromised. Even if it was, since primary key was anyway compromised, we are working on a compromised key in either case. Once the app is repointed to the newly generated primary key (without disruption), feel free to regen the 2nd key 🙂
“Point the app to the 2nd key; regen primary key; repoint to primary key.”
That doesn’t regenerate the secondary key.
The ONLY way to do this in 3 steps (from the list) is 3,4,2. That way there is no downtime and all keys are regenerated. Personally in real life I’d switch back to the primary key as a 4th step, but that’s not part of the answer 🙂
You are right. I got this mixed up with another question that states that the primary key is compromised, so list the steps to change the key without downtime. Now since this question simply asks to regenerate (all) keys without downtime, I fully agree.
There were questions related ,
1) Options for Migrating Azure VMs from ASM (v1) to ARM (v2)
2) How to set up the p2site VPN, how would you setup the root certificate on computers and Azure
Vikram- thanks for the posts. Can you please list more if you can recall? Also, some of the above can’t be understood. For instance, what was the question on Elastic DB, Classic to ARM migration etc. Can you please elaborate if you remember the question and the options?