Microsoft Azure Administrator Associate AZ-104 Practice Question
An organization requires control over the encryption keys used to encrypt data in their Azure Storage account. Which configuration should you implement?
Disable storage encryption to manage encryption externally.
Implement Advanced Threat Protection on the storage account.
Enable storage encryption with Microsoft-managed keys.
Enable storage encryption with customer-managed keys stored in Azure Key Vault.
To have control over the encryption keys used for data at rest in Azure Storage, you need to use customer-managed keys stored in Azure Key Vault. This allows the organization to manage the encryption keys, including key rotation and revocation, providing greater control over data security. Using Microsoft-managed keys does not provide this level of control, as the keys are managed by Azure. Disabling storage encryption is not advisable and would not meet the security requirements. Implementing Advanced Threat Protection enhances security but does not affect encryption key management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are customer-managed keys in Azure?
Open an interactive chat with Bash
What is Azure Key Vault and how does it work?
Open an interactive chat with Bash
What is the difference between customer-managed keys and Microsoft-managed keys?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access