Exam AI-102 topic 4 question 2 discussion

logicly it should be C. A can not be the answer as you regenerated the secondry key after your already add to your app. the right order to minize downtime is to regenerate the secondary, add to your app and then regenerate the primary

If you change the application to use the secondary key and then you regenerate the key the application in not going to work. So C is the right one.

By sheer reasoning this is C for sure Option A is redundant; change to secondary key but regenerate it again? Options B and D are just time consuming

C & A both work, C is better as it minmises downtime

Selected Answer: C

Has to be C. First you regenerate the secondary Key, which previously might have been compromised too - no downtime. Then you switch your app to use that new uncompromised secondary Key - no downtime Then you regenerate the compromised primary Key

I say this answer is C.

C is answer.

C for sure

Try to separate out the admin keys vs the query keys. The question is NOT ABOUT QUERY KEYS SO THAT rules out 2 answers

for minimum to no downtime: The Answer is C, Azure Cognitive Search provides two admin keys (primary and secondary) to facilitate key rotation without downtime. The existence of two keys is specifically designed to handle scenarios where one key may need to be changed (e.g., if it is compromised) without interrupting the service. Immediate switch to the secondary admin key: By immediately switching the application to use the secondary admin key (which is assumed to be secure), you ensure that the application retains uninterrupted access to the management capabilities of Azure Cognitive Search. Regenerate the primary admin key: Once the application is using the secondary admin key, regenerating the primary admin key does not cause downtime because the application is not currently using this key. The new primary key can be stored securely for future use or key rotation purposes.

"The app is configured to use the *primary admin key*." ... "You suspect that the primary access key is compromised. You need to prevent unauthorized access to the index management endpoint." I think it's B: "Change the app to use a query key, and then regenerate the primary admin key and the secondary admin key." So basically there are two admin keys. One of those is compromised. Both are reset for security. This way, the app is just using a query key with not enough privileges to make changes to the Cognitive Search service, so even if that key was leaked again unauthorized access to the management endpoint can be made. https://learn.microsoft.com/en-us/azure/search/search-security-api-keys?tabs=portal-use%2Cportal-find%2Cportal-query

To me the correct answer is C. https://learn.microsoft.com/en-us/azure/search/search-security-api-keys?tabs=portal-use%2Cportal-find%2Cportal-query

The moment you see "Regenerate the primary admin key" as the first action you already know it violates the minimum downtime requirement. Answer A makes it even worse - the web app will stop working all together in the end as the web app will be using an invalid secondary admin key. For answer C, regenerating the secondary admin key seems redundant as you suspect only the primary access key is compromised but it's safer and meet the minimum downtime requirement anyway. As for answer B, it won't provide the required permissions to manage the indexes hence the app won't be functioning and this violates the requirement. This question requires you to really think it through or you might be tricked easily.

To avoid any downtime, regenerate the second key and use it ( as a precaution, and only if it is not currently being used by anything else). Then regenerate the first key

C is the answer. https://learn.microsoft.com/en-us/azure/search/search-security-api-keys?tabs=portal-use%2Cportal-find%2Cportal-query#regenerate-admin-keys Two admin keys are created for each service so that you can rotate a primary key while using the secondary key for business continuity. - Under Settings, select Keys, then copy the secondary key. - For all applications, update the API key settings to use the secondary key. - Regenerate the primary key. - Update all applications to use the new primary key.

C. Regenerate the secondary admin key, change the app to use the secondary admin key, and then regenerate the primary key --- By regenerating the secondary admin key first, you can address the potential compromise of the primary key. Then, changing the app to use the regenerated secondary admin key ensures continued access to the index management endpoint. Finally, regenerating the primary key provides a new security key for future use