Which two actions should you perform?

totally agree with Mcjohn. (C,E)

I would argue that the correct answer is A,C.

It is said you don’t want the compromised key to allow accessing user data: you therefore need to remove it. Therefore A.

And you clearly need to generate a new one, therefore C.

While they mention you administer the AAD tenant and its application, nobody says you administer the Sharepoint web application. Updating the key in the client application is probably not up to you, and not relevant to this question.

Answer is A,C.

You need to ensure the compromised key does not allow to access the user data. The only way to do this is to remove it, therefore A.

You need a generate a new key otherwise it will be impossible for the Sharepoint app to access the AAD tenant for user information, therefore C.

While the question mentions that you administer an AAD tenant and its applications, nowhere does it mention that you also manage the Sharepoint site. This may well be left to another system administrator. This lead to think that updating the key in the Sharepoint web app is unrelated to this question and not our concern. Where I work, that would be the case.

remove
generate a new application key

Agreed on A & C.
Why not E: because you cannot replace/update unless you generate a new key.

“Update the connection strings in your application code to reference the secondary access key of the storage account.
Regenerate the primary access key for your storage account. On the Access Keys blade, click Regenerate Key1, and then click Yes to confirm that you want to generate a new key.
Update the connection strings in your code to reference the new primary access key.
Regenerate the secondary access key in the same manner.”