AZ-500 Question #140: Real Exam Question with Answer & Explanation

Question

SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: Ag1Bh9!#Bd The following information is for technical support purposes only: Lab Instance: 10598168 You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault. To complete this task, sign in to the Azure portal. Answer:

Options

• taskEnsure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault.
• prerequisitesAzure Username: [email protected], Azure Password: Ag1Bh9!#Bd, Azure portal access

Explanation

To encrypt an Azure Storage account using a customer-managed key (CMK) stored in Azure Key Vault, you must navigate to the Storage account's Encryption settings and select 'Customer-managed keys' (Use your own key), then specify the Key Vault and key to use. This leverages Azure Key Vault integration with Storage Service Encryption (SSE), giving the customer control over the encryption keys rather than relying on Microsoft-managed keys. The Key Vault must have soft-delete and purge protection enabled, and the storage account must be granted access to the Key Vault via a managed identity or access policy.

No community discussion yet for this question.