SC-100 · Question #252
SC-100 Question #252: Real Exam Question with Answer & Explanation
The correct answer is B: container. {"question_number": 5, "correct_answer": "B", "explanation": "In Azure Data Lake Storage Gen2 (and Azure Blob Storage), the most granular level at which customer-managed keys (CMKs) can be applied via service-side encryption is the container level, using encryption scopes. Encryp
Question
You have an Azure subscription that contains multiple Azure Data Lake Storage accounts. You need to recommend a solution to encrypt the content of the accounts by using service-side encryption and customer-managed keys. The solution must ensure that individual encryption keys are applied at the most granular level. At which level should you recommend the encryption be applied?
Options
- Afile
- Bcontainer
- Cfolder
- Daccount
Explanation
{"question_number": 5, "correct_answer": "B", "explanation": "In Azure Data Lake Storage Gen2 (and Azure Blob Storage), the most granular level at which customer-managed keys (CMKs) can be applied via service-side encryption is the container level, using encryption scopes. Encryption scopes allow you to assign a different CMK to each container within the same storage account, providing per-container key isolation. This is more granular than account-level (D), which applies one key to all data. File-level (A) and folder-level (C) encryption with separate CMKs are not supported natively by the service-side encryption model in Azure Storage - individual files and folders do not have their own encryption scope assignment. Container-level scopes represent the most granular supported boundary.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.