AZ-104 · Question #666
AZ-104 Question #666: Real Exam Question with Answer & Explanation
The correct answer is B: Create a new key.. To prepare Vault1 for Azure Disk Encryption with a key encryption key (KEK): 1. You need to have a key in the Key Vault. This will be the KEK. Azure Disk Encryption uses BitLocker for Windows VMs, which requires a key for encrypting the data disk. If you're using a KEK, the BEK (
Question
You have an Azure virtual machine named VM1 and an Azure key vault named Vault1. On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK). You need to prepare Vault1 for Azure Disk Encryption. Which two actions should you perform on Vault1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Options
- ASelect Azure Virtual machines for deployment.
- BCreate a new key.
- CCreate a new secret.
- DConfigure a key rotation policy.
- ESelect Azure Disk Encryption for volume encryption.
Explanation
To prepare Vault1 for Azure Disk Encryption with a key encryption key (KEK): 1. You need to have a key in the Key Vault. This will be the KEK. Azure Disk Encryption uses BitLocker for Windows VMs, which requires a key for encrypting the data disk. If you're using a KEK, the BEK (BitLocker Encryption Key) will be wrapped by this KEK. 2. The key vault itself should be configured for Azure Disk Encryption. This ensures the vault is set up to work with Azure VMs and their disks.
Community Discussion
No community discussion yet for this question.