ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 3 question 31 discussion

Actual exam question from Microsoft's AZ-304
Question #: 31
Topic #: 3
[All AZ-304 Questions]

You have an Azure subscription that contains 100 virtual machines.
You plan to design a data protection strategy to encrypt the virtual disks.
You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks.
What should you include in the recommendation?

  • A. a certificate
  • B. a key
  • C. a passphrase
  • D. a secret
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
For enhanced virtual machine (VM) security and compliance, virtual disks in Azure can be encrypted. Disks are encrypted by using cryptographic keys that are secured in an Azure Key Vault. You control these cryptographic keys and can audit their use.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
by speedminer at Sept. 7, 2020, 12:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
speedminer
Highly Voted 4 years, 9 months ago
Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets. Your key vault and VMs must reside in the same Azure region and subscription.
upvoted 28 times
...
saditya1
Highly Voted 4 years, 6 months ago
B is correct
upvoted 15 times
...
AberdeenAngus
Most Recent 3 years ago
I created a VM and key vault, and encrypted the os disk following the steps in https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-cli-quickstart Afterwards my key vault contained no keys, 1 secret
upvoted 1 times
...
Dawn7
3 years, 3 months ago
Selected Answer: B
A key is correct
upvoted 1 times
...
us3r
3 years, 4 months ago
Selected Answer: B
vote b
upvoted 1 times
...
Dpejic
3 years, 5 months ago
Appere on exam 23-dec-2021
upvoted 1 times
...
sharepoint_Azure_pp
3 years, 7 months ago
Key is correct choose the same cleared with 900 on 17th October 2021
upvoted 7 times
...
syu31svc
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-key-vault B for sure
upvoted 1 times
...
Gautam1985
3 years, 9 months ago
correct
upvoted 1 times
...
tvs2021
3 years, 11 months ago
this on exam (7-19-2021) . passed 304
upvoted 5 times
...
Amit3
4 years ago
B is the only answer here, keys could be customer or Azure assiged in AKV.
upvoted 2 times
...
Prince2690
4 years ago
It requires key to be created in AKV. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
upvoted 2 times
...
glam
4 years, 4 months ago
B. a key
upvoted 4 times
...
David_986969
4 years, 8 months ago
Why not a secret that configures the key as the secret?
upvoted 1 times
KakashiHatake
4 years, 8 months ago
Eventually, you are configuring a key only. B is correct.
upvoted 14 times
...
biboker766
4 years, 4 months ago
with data disk secret may not work
upvoted 1 times
...
pentium75
3 years, 9 months ago
I too was wondering if a key isn't considered a secret, but no, KV manages "secrets and keys" per MS documentation. Thus a key is not considered a "secret."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel