AZ-500 Question #52: Real Exam Question with Answer & Explanation

Question

Hotspot Question You have two Azure virtual machines in the East US2 region as shown in the following table. You deploy and configure an Azure Key vault. You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2. What should you modify on each virtual machine? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Options

• __typehotspot
• variantdropdown

Explanation

Azure Disk Encryption (ADE) — Hotspot Explanation

Background

Azure Disk Encryption requires a VM to meet three key prerequisites:

1. Supported OS version — e.g., Windows Server 2008 R2+, supported Linux distros
2. Supported tier — Basic tier VMs do NOT support ADE; Standard or higher is required
3. Supported type — Certain VM series/types are excluded from ADE support

The question states a Key Vault is already deployed and configured, which satisfies the external dependency.

Dropdown 1 — VM1: None

The table (not shown here) presents VM1 with a configuration that already satisfies all ADE prerequisites. No modification is needed because:

• The OS version is already on the supported list
• The VM is already on a supported tier (Standard or higher)
• The VM type is already ADE-compatible

Why the alternatives are wrong:

• Operating system version — only wrong if the VM ran an unsupported OS (e.g., Windows Server 2003 or an unsupported Linux distro); VM1 does not
• Tier — only wrong if the VM were on the Basic tier, which explicitly blocks ADE; VM1 is not
• Type — only wrong if the VM series were excluded from ADE (e.g., some older A-series or ultra-disk configs); VM1 is not

Dropdown 2 — VM2: None

Same reasoning applies. VM2's configuration in the table also already meets all ADE requirements. Key Vault is configured, OS is supported, tier is Standard+, and type is compatible.

Why the alternatives are wrong: same as VM1 — each alternative only applies when a specific prerequisite is not met, and VM2 meets all of them as-given.

Core Concept

The question tests knowledge of ADE prerequisites. The trap is assuming something must need changing. When a VM already satisfies OS, tier, and type requirements, and the Key Vault is already in place, no VM-level modification is required — you can enable ADE directly.

Key rule: Basic tier = no ADE. Unsupported OS = no ADE. Incompatible VM type = no ADE. All three must be clear for ADE to work.

No community discussion yet for this question.