Recover From Compromised Azure Cognitive Search Admin Keys
MDFT Pro, a well-known training agency, has deployed a course management portal that uses Azure Cognitive Search to index and manage their extensive course catalog. Mark, the IT Security Manager, discovers during a security review that unauthorized changes have been made to the search index containing course information, student enrollment data, and instructor profiles.
The web application is currently configured to use the primary admin key for all index management operations, and Mark suspects this key has been compromised by unauthorized users. The solution must prevent any further unauthorized access while ensuring the course management portal remains available to staff without interruption.
What should Mark do next to secure the search service with minimal downtime?
Choose the correct answer from the options below.
Please select at least one answer!
Congratulations, that is the correct answer!
I'm sorry, but your answer is not correct.
Explanations for each answer:
Add a new query key, change the app to use the new query key, and then delete all the unused query keys is incorrect. Query keys only provide read-only access and cannot be used for index management operations, which require admin key permissions.
Regenerate the primary admin key, change the app to use the secondary admin key, and then regenerate the secondary admin key is incorrect. Regenerating the primary key first would immediately break the application since it's currently using that key for authentication.
Change the app to use a query key, and then regenerate the primary admin key and the secondary admin key is incorrect. Query keys cannot perform index management operations, so the application would lose its ability to manage the search index.
Regenerate the secondary admin key, change the app to use the secondary admin key, and then regenerate the primary key is correct. This approach ensures zero downtime by first creating a clean secondary key, switching to it, then cleaning up the compromised primary key.