ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AI-100 All Questions

View all questions & answers for the AI-100 exam
Go to Exam

Exam AI-100 topic 1 question 19 discussion

Actual exam question from Microsoft's AI-100
Question #: 19
Topic #: 1
[All AI-100 Questions]

DRAG DROP -
You are designing an AI solution that will analyze media data. The data will be stored in Azure Blob storage.
You need to ensure that the storage account is encrypted by using a key generated by the hardware security module (HSM) of your company.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal https://docs.microsoft.com/en-us/azure/key-vault/key-vault-hsm-protected-keys
by exam_taker5 at Aug. 8, 2019, 4:39 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
exam_taker5
Highly Voted 5 years, 10 months ago
I believe the answer is: 1: generate an encryption key 2: upload a key to key vault 3: enable customer encryption keys
upvoted 45 times
CodeAnant
5 years, 9 months ago
can you please describe why u think that...
upvoted 2 times
Bharat
5 years, 9 months ago
It is a user generated key. You don't want it to be lost, hence store it in the Key Vault. Also, the service using encryption will try to find it in the Key Vault by default since that is the recommended best practice.
upvoted 5 times
kozakpawel
4 years, 4 months ago
I don't agree because key will be generated and stored in HSM.
upvoted 2 times
...
...
...
...
valar_morghulis
Highly Voted 4 years, 5 months ago
answer is: 1: generate an encryption key 2: upload a key to key vault 3: enable customer encryption keys
upvoted 6 times
Cornholioz
4 years, 3 months ago
Why does it say upload "A" key to key vault and not "The" key (that was encrypted)? Typo? I think not! The links shared in the comments here provide descriptions of how things get done but is it precisely addressing the given scenario?
upvoted 1 times
...
...
YipingRuan
Most Recent 3 years, 10 months ago
First, query for the key vault URI by calling az keyvault show, and for the key version by calling az keyvault key list-versions. Then call az storage account update to update the storage account's encryption settings to use the new version of the key, as shown in the previous example. https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault-hsm
upvoted 1 times
...
Derin_tade
3 years, 10 months ago
from this link here https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal I think we create the vault which is the storage endpoint, upload the keys same as add keys and then enable encryption or Configure encryption with customer-managed keys.
upvoted 1 times
...
[Removed]
4 years, 2 months ago
If you go to Azure Portal and select your storage account then select Encryption option from Settings this how you will get option in sequence: 1. Encryption Type: Microsoft-managed keys or Customer-managed keys Once you select "Customer-managed keys" you will get add option called 'Key Selection' 2. Key Selection has two options for "Encryption Key" 1. Select from 'key vault' ( where you need to identity your key vault & Encryption key it will allow you to create a new 'key vault' & 'Encryption Key' or upload existing key ' 2. Enter key URI ( If you already have URI for key vault & keys). Summary : 1. Enable Customer Encryption Keys 2. Generate Encryption Key 3. Upload key to Azure vault.
upvoted 4 times
...
vendelino
4 years, 7 months ago
https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault-hsm contains same answer as mentioned in the question - HSM is the clue here
upvoted 5 times
...
sayak17
4 years, 9 months ago
Link provided in solution should be updated to do this: https://docs.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys as the previous link doesn't work anymore
upvoted 2 times
...
fred777
4 years, 11 months ago
agreed with exam taker5. Proof is there : https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal
upvoted 4 times
sayak17
4 years, 8 months ago
yes this proves exam_taker5's answer
upvoted 2 times
...
DaveHuynh
4 years, 3 months ago
agree with you
upvoted 1 times
...
...
SamSmith
5 years, 1 month ago
Agree to Bharat, key needs to be uploaded to key vault as it's user generated
upvoted 1 times
...
Bharat
5 years, 9 months ago
Agreed again
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel