Exam AI-102 topic 4 question 9 discussion

The answer is wrong regenerated secondary key update the app to use the secondary key regenarated the primary key

The answer is correct. The question specifically mentioned a read-only access to the documents which is achieved only through query keys. And it is a query key that was compromised. Any of the admin keys (primary and secondary) allows read-write operations. Hence, solution is to create a new query key, switch to the new query key and delete the compromised query key.

1) Add a new query key is CORRECT. This step ensures that a fresh query key is created to replace the compromised one. Azure AI Search allows you to create up to 50 query keys, specifically designed to give read-only access to the documents in the search index. This method isolates the compromised key without immediately disrupting the application's functionality. 2) Change the app to use the new key is CORRECT. After generating the new query key, it’s crucial to update the application to use this key instead of the compromised one. This ensures that the app continues functioning securely and that only authorized users have access. 3) Delete the compromised key is CORRECT. Once the app is using the new query key, deleting the compromised key prevents any further unauthorized access, securing the system effectively without downtime.

how can exam topics can be so wrong??

Given that the scenario specifically mentions QUERY key, the answer is correct.

i chose: regenerated secondary key update the app to use the secondary key regenarated the primary key

Since access is stated as read-only the answer is correct

regenerated secondary key update the app to use the secondary key regenarated the primary key

The stated answer is correct. - Query keys do not have the concept of primary and secondary key. - The concept of primary key and secondary key applies only to admin keys. - You get one key by default, and then you can create additional keys (up to 50).

It's a little bit confused when I met similar question in the topic 4 question 2. 2 questions have almost similar contents but different answer. Can you guys check it out

1. Add a new query key. 2. Change the app to use the new key. 3. Delete the compromised key.

Suspecting unauthorized access doesn’t give you a reason to interrupt legit users. Also by looking the read only access requirement to the document collections already tells you this is about query keys.

1. Add new query key 2. Change app to use new key 3. Delete compromised key https://learn.microsoft.com/en-us/azure/search/search-security-api-keys?tabs=portal-use%2Cportal-find%2Cportal-query#create-query-keys

ChatGPT answer : The answer is correct but in a different order. 1. Revoke the compromised query key immediately to prevent further unauthorized access. 2. Create a new query key for the application to use for authorized access. 3. Update the search endpoint and application to use the new query key and ensure that it is properly secured.

The answer is correct. As its about query key and not for admin key.

Answer is correct. Add a new query key Change the app to use the new key Delete the compromised key

1. Regenerate 2nd key 2. Change the app to use the regenerated 2nd key 3. Regenerate the 1st key