nerdexam
Microsoft

AZ-120 · Question #320

AZ-120 Question #320: Real Exam Question with Answer & Explanation

The correct answer is B. Encryption at rest with customer-managed keys. Customer-managed keys for Azure Storage encryption You can use your own encryption key to protect the data in your storage account. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Customer-managed keys of

Question

You have an SAP landscape on Azure that contains a virtual machine named VM1. VM1 hosts the central services application. You need to encrypt VM1. The solution must meet the following requirements: - All disks must be encrypted. - The impact on the CPU of VM1 must be minimized. - The manual rotation of encryption keys must be supported. Which type of encryption should you use?

Options

  • AEncryption at rest with platform-managed keys
  • BEncryption at rest with customer-managed keys
  • CAzure Disk Encryption
  • DEncryption at host

Explanation

Customer-managed keys for Azure Storage encryption You can use your own encryption key to protect the data in your storage account. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Customer-managed keys offer greater flexibility to manage access controls. Update the key version Following cryptographic best practices means rotating the key that is protecting your storage account on a regular schedule, typically at least every two years. Azure Storage never modifies the key in the key vault, but you can configure a key rotation policy to rotate the key according to your compliance requirements.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-120 Practice