SC-100 · Question #111
SC-100 Question #111: Real Exam Question with Answer & Explanation
The correct answer is B: No. {"question_number": 1, "correct_answer": "B", "explanation": "The answer is No. Microsoft-managed keys in Azure Storage encrypt data using AES-256, but they do not allow you to control or schedule key rotation. Microsoft rotates these keys on its own schedule, which you cannot cu
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are designing the encryption standards for data at rest for an Azure resource You need to provide recommendations to ensure that the data at rest is encrypted by using AES- 256 keys. The solution must support rotating the encryption keys monthly. Solution: For blob containers in Azure Storage, you recommend encryption that uses Microsoft- managed keys within an encryption scope. Does this meet the goal?
Options
- AYes
- BNo
Explanation
{"question_number": 1, "correct_answer": "B", "explanation": "The answer is No. Microsoft-managed keys in Azure Storage encrypt data using AES-256, but they do not allow you to control or schedule key rotation. Microsoft rotates these keys on its own schedule, which you cannot customize. To support monthly key rotation as required by this scenario, you must use customer-managed keys (CMK) stored in Azure Key Vault, where you can configure automatic rotation policies on your own schedule. Microsoft-managed keys fail the 'rotate monthly' requirement.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.