AZ-400 · Question #403
Drag and Drop Question You have an Azure Key Vault that contains an encryption key named key1. You plan to create a Log Analytics workspace that will store logging data. You need to encrypt the worksp
The correct answer is Enable soft delete for the key vault.; Register the Azure subscription to allow cluster creation.; Grant permissions to the key vault.; Link the workspace.. To encrypt a Log Analytics workspace with a customer-managed key from Azure Key Vault, you must follow a specific sequence: first enable soft delete on the Key Vault to protect the key from accidental deletion, then register the Azure subscription to enable Log Analytics dedicate
Question
Exhibit
Answer Area
Drag items
Correct arrangement
- Enable soft delete for the key vault.
- Register the Azure subscription to allow cluster creation.
- Grant permissions to the key vault.
- Link the workspace.
Explanation
To encrypt a Log Analytics workspace with a customer-managed key from Azure Key Vault, you must follow a specific sequence: first enable soft delete on the Key Vault to protect the key from accidental deletion, then register the Azure subscription to enable Log Analytics dedicated cluster creation, then grant the cluster's managed identity permissions to the Key Vault so it can access key1, and finally link the workspace to the cluster to apply the encryption. 'Create a Log Analytics cluster' is actually an implied prerequisite step that happens between subscription registration and granting permissions, but based on the four options provided, the listed sequence represents the required ordered actions. The linking step must be last because the workspace can only be associated after the cluster has the necessary Key Vault permissions configured.
Topics
Community Discussion
No community discussion yet for this question.
