ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 6 question 25 discussion

Actual exam question from Microsoft's AZ-301
Question #: 25
Topic #: 6
[All AZ-301 Questions]

Your company plans to migrate its on-premises data to Azure.
You need to recommend which Azure services can be used to store the data. The solution must meet the following requirements:
✑ Encrypt all data while at rest.
✑ Encrypt data only by using a key generated by the company.
Which two possible services can you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Azure Table storage
  • B. Azure Backup
  • C. Azure Blob storage
  • D. Azure Queue storage
  • E. Azure Files
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managed-keys
by onlyfunmails at Jan. 3, 2020, 8:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ekramy_Elnaggar
Highly Voted 5 years, 5 months ago
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management
upvoted 12 times
ablab
4 years, 11 months ago
You can specify a customer-managed key with Azure Key Vault to use for encrypting and decrypting data in Blob storage and in Azure Files.1
upvoted 6 times
tartar
4 years, 9 months ago
CE is ok
upvoted 2 times
...
...
...
2cool2touch
Highly Voted 5 years ago
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management You can specify a customer-managed key with Azure Key Vault to use for encrypting and decrypting data in Blob storage and in Azure Files
upvoted 5 times
...
AKumar
Most Recent 4 years, 3 months ago
No Doubt in given answer. By default Blob and File is always managed by customer key. Table and queue are always used Microsoft managed key.
upvoted 2 times
...
glam
4 years, 3 months ago
C. Azure Blob storage E. Azure Files
upvoted 1 times
...
sanketshah
4 years, 5 months ago
given answer is correct.
upvoted 1 times
...
pdad
4 years, 9 months ago
Data in Blob storage and Azure Files is always protected by customer-managed keys when customer-managed keys are configured for the storage account. https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
upvoted 1 times
...
macco455
4 years, 9 months ago
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management You can specify a customer-managed key with Azure Key Vault to use for encrypting and decrypting data in Blob storage and in Azure Files.1,2 For more information about customer-managed keys, see Use customer-managed keys with Azure Key Vault to manage Azure Storage encryption. Ans: Files and Blob.
upvoted 1 times
...
user_name
4 years, 9 months ago
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management About encryption key management Answers are OK
upvoted 1 times
...
exams0123456
4 years, 9 months ago
E: Azure Files is correct because we are using this same scenario in our production environment. B: Blob storage - may be correct because - another requirement is to provide Encryption-at-rest ( which incase is provided by Blob - because the data can be encrypted while being stored on a Blob storage in the cloud)
upvoted 1 times
...
Duva
4 years, 10 months ago
given answers are correct
upvoted 1 times
...
manu202020
4 years, 10 months ago
Think the answers are correct, but the reference seem irrelevant.
upvoted 1 times
...
[Removed]
4 years, 11 months ago
I find this requirement somehow vague. "Encrypt data only by using a key generated by the company.". The requirement asks for a key _generated_ by the company. The provided answers are valid for "customer-managed keys", which are store in Azure Key Vault. Then however the Azure Key Vault would generate the keys, no? If so the only valid answer would be "Blob Storage"
upvoted 2 times
Yannor
4 years, 11 months ago
You can bring your keys and save them to a key vault. Then use the keys where you want.
upvoted 2 times
...
...
pandeya442
5 years, 1 month ago
given ans is correct
upvoted 3 times
...
phony
5 years, 4 months ago
i also see this: All Azure Storage resources are encrypted, including blobs, disks, files, queues, and tables. All object metadata is also encrypted. - so queues and tables are also encrypted at rest and i see this: 1 For information about creating an account that supports using customer-managed keys with Queue storage, see Create an account that supports customer-managed keys for queues. 2 For information about creating an account that supports using customer-managed keys with Table storage, see Create an account that supports customer-managed keys for tables. so there is a way to use customer-managed keys for queues and tables. i stick with the answer but it's doubtful
upvoted 1 times
Venk331991
5 years, 4 months ago
"But they mentioned on-premises data" no mention about what kind of data. so we have go by most closely related answers based on given data. So there is no explicit mention about type of data so I infer as Files.
upvoted 3 times
...
nieuw
5 years, 1 month ago
It is probably recent.
upvoted 1 times
...
jcarlos
5 years ago
From "https://docs.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?toc=%2Fazure%2Fstorage%2Ftables%2Ftoc.json&tabs=powershell"To create a storage account that relies on the account encryption key for Queue and Table storage, you must first register to use this feature with Azure. Due to limited capacity, be aware that it may take several months before requests for access are approved. So, I think given answers are correct
upvoted 1 times
...
...
onlyfunmails
5 years, 5 months ago
https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel