nerdexam
ExamsAZ-500Questions#494
MicrosoftMicrosoft

AZ-500 · Question #494

AZ-500 Question #494: Real Exam Question with Answer & Explanation

The correct procedure requires navigating to the storage account's Encryption settings and configuring a customer-managed key (CMK) by referencing a key stored in Azure Key Vault. This involves either selecting the key vault and key directly through the portal UI or providing the

Submitted by haruto_sh· Mar 6, 2026Implement and Manage Storage Security / Configure encryption for Azure Storage using customer-managed keys stored in Azure Key Vault - aligned with AZ-104 'Implement and manage storage' or AZ-500 'Secure data and applications' domains.

Question

SIMULATION You need to ensure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault. To complete this task, sign in to the Azure portal. Answer:

Options

  • taskEnsure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault.
  • prerequisitesAzure portal access

Explanation

The correct procedure requires navigating to the storage account's Encryption settings and configuring a customer-managed key (CMK) by referencing a key stored in Azure Key Vault. This involves either selecting the key vault and key directly through the portal UI or providing the Key Identifier URI from Key Vault, which links the storage account's encryption to the specific key version in KeyVault28681041. This implements Customer-Managed Keys (CMK) rather than the default Microsoft-managed keys, giving the customer control over the encryption key lifecycle.

Topics

#Azure Storage Encryption#Customer-Managed Keys (CMK)#Azure Key Vault#Data Security at Rest

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-500 PracticeBrowse All AZ-500 Questions