[&] You need to provide a web app access to a storage account.  The web app needs full access to all operations on the storage account.  What steps would you take to provide access to the storage account in the most secure way possible?
- Store the key/SAS in a key vault instance and grant the appropriate access to the managed identity for the web app -- Correct
- Generate a SAS based on a storage access policy. Update the expiration on the policy as necessary
- Use the primary key for the storage account.  Periodically refresh the key for security purposes. -- Correct
- Store the key/SAS in the web app configuration

[&] Which of the following are not security best practices for storage account keys?
- Periodically switch applications from the primary key to the secondary key and vice versa -- Correct
- Always use HTTP when accessing a storage account using a key
- Always use the secondary key to provide access for desktop applications
- Store the key as a secret in a key vault and control access to the secret -- Correct