AZ-400 Question #403: Real Exam Question with Answer & Explanation

Question

Drag and Drop Question You have an Azure Key Vault that contains an encryption key named key1. You plan to create a Log Analytics workspace that will store logging data. You need to encrypt the workspace by using key1. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

Explanation

To encrypt a Log Analytics workspace with a customer-managed key from Azure Key Vault, you must follow a specific sequence: first enable soft delete on the Key Vault to protect the key from accidental deletion, then register the Azure subscription to enable Log Analytics dedicated cluster creation, then grant the cluster's managed identity permissions to the Key Vault so it can access key1, and finally link the workspace to the cluster to apply the encryption. 'Create a Log Analytics cluster' is actually an implied prerequisite step that happens between subscription registration and granting permissions, but based on the four options provided, the listed sequence represents the required ordered actions. The linking step must be last because the workspace can only be associated after the cluster has the necessary Key Vault permissions configured.

No community discussion yet for this question.