ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-203 All Questions

View all questions & answers for the AZ-203 exam
Go to Exam

Exam AZ-203 topic 1 question 6 discussion

Actual exam question from Microsoft's AZ-203
Question #: 6
Topic #: 1
[All AZ-203 Questions]

DRAG DROP -
You are preparing to deploy a medical records application to an Azure virtual machine (VM). The application will be deployed by using a VHD produced by an on- premises build server.
You need to ensure that both the application and related data are encrypted during and after deployment to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer: Explanation
Step 1: Encrypt the on-premises VHD by using BitLocker without a TPM. Upload the VM to Azure Storage
Step 2: Run the Azure PowerShell command Set-AzureRMVMOSDisk
To use an existing disk instead of creating a new disk you can use the Set-AzureRMVMOSDisk command.
Example:
$osDiskName = $vmname+'_osDisk'
$osDiskCaching = 'ReadWrite'
$osDiskVhdUri = "https://$stoname.blob.core.windows.net/vhds/"+$vmname+"_os.vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -VhdUri $osDiskVhdUri -name $osDiskName -Create
Step 3: Run the Azure PowerShell command Set-AzureRmVMDiskEncryptionExtension
Use the Set-AzVMDiskEncryptionExtension cmdlet to enable encryption on a running IaaS virtual machine in Azure.
Incorrect:
Not TPM: BitLocker can work with or without a TPM. A TPM is a tamper resistant security chip on the system board that will hold the keys for encryption and check the integrity of the boot sequence and allows the most secure BitLocker implementation. A VM does not have a TPM.
References:
https://www.itprotoday.com/iaaspaas/use-existing-vhd-azurerm-vm
by PraPat at Dec. 29, 2019, 4:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PraPat
Highly Voted 5 years, 5 months ago
Check https://vceguide.com/which-three-actions-should-you-perform-in-sequence-606/ for options
upvoted 21 times
R2C
5 years, 1 month ago
The link does not work.
upvoted 3 times
...
Raevex
4 years, 11 months ago
The link worked fine for me. What is nice is the web page provides a graphic of the problem that is missing in this examtopics.com question.
upvoted 4 times
...
...
Not_Sure_Who_Am_I
Highly Voted 4 years, 11 months ago
Options: https://vceguide.com/wp-content/uploads/2019/10/Microsoft-AZ-203-date-01-06-2019-00001_Page_019_Image_0001.jpg
upvoted 10 times
...
jhonattansolarte
Most Recent 3 years, 11 months ago
RESPONSE: https://user-images.githubusercontent.com/8276103/125327598-e8359000-e308-11eb-8ee2-3c4c02a5a276.jpeg
upvoted 1 times
...
AnonymousJhb
4 years, 5 months ago
The answer is incorrect. as per the MS documentation, Set-AzureRmVMDiskEncryptionExtension Enables encryption on a running IaaS virtual machine in Azure. Thus, we need to first provision a New-AzVm in step 3 and then step 4 Set-AzureRmVMDiskEncryptionExtension https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/set-azurermvmdiskencryptionextension?view=azurermps-6.13.0
upvoted 1 times
altafpatel1984
3 years, 6 months ago
But question asks for only 3 steps, not 4 steps
upvoted 1 times
...
Cornholioz
4 years, 5 months ago
But the question says "encrypted during and after deployment to Azure". It does ask for an encryption step "After Deployment to Azure". Poorly framed question, but I'm guessing it is looking for the step to encrypt AFTER deployment to Azure which is the Set-AzVMDiskEncryptionExtension I'm inclined to going with given answer.
upvoted 1 times
...
...
NajamKhan
4 years, 6 months ago
Options: https://vceguide.com/wp-content/uploads/2019/10/Microsoft-AZ-203-date-01-06-2019-00001_Page_019_Image_0001.jpg
upvoted 1 times
...
Dirk
4 years, 10 months ago
I'm not so sure about the TPM. It should be possible as well with a VM: https://www.prajwaldesai.com/enable-trusted-platform-module-on-virtual-machine/
upvoted 1 times
...
agoncal
5 years ago
Last option should be New=AzureRmVM, encryption can be set in Set-AzureRMVMOSDisk cmd: "Encrypt VMs with pre-encrypted VHDs with Azure PowerShell You can enable disk encryption on your encrypted VHD by using the PowerShell cmdlet Set-AzVMOSDisk. The example below gives you some common parameters. PowerShell $VirtualMachine = New-AzVMConfig -VMName "MySecureVM" -VMSize "Standard_A1 " $VirtualMachine = Set-AzVMOSDisk -VM $VirtualMachine -Name "SecureOSDisk" -VhdUri "os.vhd" Caching ReadWrite -Windows -CreateOption "Attach" -DiskEncryptionKeyUrl "https://mytestvault.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bddaaaaaa" -DiskEncryptionKeyVaultId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myKVresourcegroup/providers/Microsoft.KeyVault/vaults/mytestvault" New-AzVM -VM $VirtualMachine -ResourceGroupName "MyVirtualMachineResourceGroup"" https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows-aad
upvoted 5 times
rrongcheng
4 years, 10 months ago
Yes, It should be: 1. get VHD without TPM ($VirtualMachine = New-AzureRmVMConfig) not include in option 2.Set-AzVMOSDisk -VM $VirtualMachine -VhdUri "os.vhd" 3.New-AzureRmVM -VM $VirtualMachine https://docs.microsoft.com/en-us/powershell/module/AzureRM.Compute/Set-AzureRmVMOSDisk?view=azurermps-6.13.0#examples
upvoted 9 times
...
...
tsimbah
5 years, 1 month ago
l ok ok l
upvoted 1 times
...
hmirko
5 years, 2 months ago
Is last step New-AzureRmVM or Set-AzureRmVMDiskEncryptionExtension?
upvoted 3 times
VMCoder
5 years, 2 months ago
I think it should be New-AzureRmVM as well. We have already encrypted the disk in first step.
upvoted 6 times
LTiwana
4 years, 10 months ago
looks correct to me as mentioned in this document: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows#new-iaas-vms-created-from-customer-encrypted-vhd-and-encryption-keys
upvoted 1 times
Cornholioz
4 years, 5 months ago
New-AzureRmVM is correct. NOT Set-AzureRmVMDiskEncryptionExtension because it enables encryption on a "running" IaaS virtual machine in Azure. In this case the VM is not created yet. We have only preped the OSDisk.
upvoted 1 times
Cornholioz
4 years, 5 months ago
Rethinking: But the question says "encrypted during and after deployment to Azure". It does ask for an encryption step "After Deployment to Azure". Poorly framed question, but I'm guessing it is looking for the step to encrypt AFTER deployment to Azure which is the Set-AzVMDiskEncryptionExtension I'm inclined to going with given answer.
upvoted 1 times
...
...
...
...
...
wlfjck
5 years, 4 months ago
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-sample-scripts
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel