ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 2 question 19 discussion

Actual exam question from Microsoft's AZ-303
Question #: 19
Topic #: 2
[All AZ-303 Questions]

HOTSPOT -
You have an Azure subscription that includes an Azure key vault named Vault1.
You create the Azure virtual machines shown in the following table.

You enable Azure Disk Encryption for all the virtual machines and use the `"VolumeType All parameter.
You add data disks to the virtual machines as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Premium and standard, but not basic, account types support disk encryption.
Disk encryption requires managed disks.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
by jay505 at Jan. 2, 2021, 8:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Deepbond
Highly Voted 4 years, 5 months ago
Y Y Y Azure Encryption is supported on all types of disks
upvoted 78 times
ahorva
3 years, 5 months ago
agree YYY - unsupported scenarios: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows#unsupported-scenarios
upvoted 2 times
...
prashantjoge
4 years, 4 months ago
agreed...ADE does not care about the disk type
upvoted 6 times
...
AberdeenAngus
3 years, 4 months ago
Agree Azure Disk Encryption = Bitlocker (Windows) or dm-crypt (Linux). Requires a key vault.
upvoted 1 times
...
azurelearner666
3 years, 5 months ago
wrong, first disk is not managed, so encryption is not supported.
upvoted 3 times
...
...
jay505
Highly Voted 4 years, 5 months ago
It should be N Y Y Because "Disk encryption requires managed disks" and first is not managed disks
upvoted 77 times
ahmd6
3 years, 5 months ago
There is also nice practical differences summary here Managed Disks = are managed by Microsoft Azure and you don't need any storage account while created new disk. Since the storage account is managed by Azure you do not have full control of the disks that are being created. Un-managed Disks = is something which requires you to create a storage account before you create any new disk. Since, the storage account is created and owned by you, you have full control over all the data that is present on your storage account. Additionally, you also need to take care of encryption, data recovery plans etc.
upvoted 4 times
...
robotcop
4 years, 5 months ago
The question is asking on the Data Disks. the non-managed disks is on VM1 OS disks, which is not asked in the question. the answer should be YYY
upvoted 18 times
nicksu
3 years, 11 months ago
You can't encrypt data disk unless the OS disk is also encrypted. So, NNY would be the answer
upvoted 3 times
...
nExoR
4 years, 2 months ago
table says 'use managed disks: no' which can be unfolded to 'don't use managed disk at all for this VM'. NYY
upvoted 5 times
...
...
...
rxlicon
Most Recent 1 year, 10 months ago
Y Premium SSD Y Standard SSD Y Standard HDD Regardless of the physical type they all support ADE (except ultra and pre v2) Managed + unmanaged can be encrypted VolumeType All parameter set yes, includes the data disks added later
upvoted 1 times
...
altafpatel1984
3 years, 4 months ago
Y Y Y There is no condition to encrypt only managed disk. All azure storage encrypted by default. https://docs.microsoft.com/en-us/learn/modules/secure-azure-storage-account/2-storage-security-features
upvoted 2 times
...
BhupalS
3 years, 5 months ago
Azure Disk Encryption for Windows virtual machines (VMs) uses the BitLocker feature of Windows to provide full disk encryption of the OS disk and data disk. Additionally, it provides encryption of the temporary disk when the VolumeType parameter is All. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows
upvoted 1 times
...
plmmsg
3 years, 6 months ago
YES YES YES
upvoted 2 times
...
jmay
3 years, 6 months ago
Y,Y,Y The ADE is achieved at the OS level (BitLocker for Win, DM-Crypt for Linux), so managed or unmanaged disks, it does not matter. The VolumeType parameter is set to All, so all disk will be automatically encrypted given the OS disk is already ADE'ed - and they are.
upvoted 1 times
...
tallurhi
3 years, 7 months ago
the key in the question is automatically. For sure unmanaged disks are not automatically encrypted and doesnt allow mix of unmanaged and managed disks for a VM - Hence NYY
upvoted 6 times
...
poplovic
3 years, 8 months ago
Y Y Y. See the q/a here from MS ADE dev team '' Closed Can Azure Disk Encryption is possible for unmanaged disks ? '' https://github.com/MicrosoftDocs/azure-docs/issues/69516
upvoted 3 times
Beuz
3 years, 3 months ago
Key here is 'automatically'. I don't think unmanaged disks are encrypted automatically. Managed disks are
upvoted 1 times
...
...
ixl2pass
3 years, 9 months ago
Answer YYY. Because when encryption was enabled the opion "Azure Disk Encryption for volume encryption" was used. This setting means that anything that you add later will automatically be encrypted as well. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-portal-quickstart
upvoted 1 times
...
waqas
3 years, 9 months ago
When you add (attach and mount) a new disk after enabling ADE, newly added unmanaged disks show Enabled in the encryption field, while Managed disks, show only SSE with PMK. Unmanaged data disks added after enabling ADE with the flag –volume-type all are automatically encrypted with ADE - Managed data disks added after enabling ADE with the flag –volume-type all are not automatically encrypted with ADE, and remain only with the default SSE with PMK encryption. You all may check/confirm.
upvoted 5 times
mandusya
3 years, 7 months ago
just tested in my sandbox managed data disk added after enabling ADE on VM with –volume-type all wasn't automatically encrypted with ADE, I had to run the command again
upvoted 1 times
...
max_n
3 years, 8 months ago
totally agree i done this in my lab.
upvoted 2 times
max_n
3 years, 8 months ago
answer is y,n,n
upvoted 3 times
...
...
...
syu31svc
3 years, 10 months ago
The volume type parameter is set to All, so both OS and data disks will be encrypted. https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryption All Yes
upvoted 2 times
...
network_zeal
3 years, 10 months ago
YYY There are some comments that disks need to be managed. That's not documented anywhere as unsupported configuration https://github.com/MicrosoftDocs/azure-docs/issues/69516 https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows#unsupported-scenarios
upvoted 2 times
...
willdy123
3 years, 11 months ago
I tried the automatic encryption on a VM with unmanaged disks. Initially created VN with only one OS disk unmanaged, then enabled encryption, then created another unmanaged data disk. The newly added data disk was automatically encrypted. This supports the YYY answer. See screenshot: https://imgur.com/a/HHn4pGF
upvoted 7 times
tita_tovenaar
3 years, 11 months ago
If I understood you correctly, that proves it's N--Y-Y. The unmanaged disk was not encrypted automatically.
upvoted 2 times
AZ_Apprentice
3 years, 11 months ago
I have understood it to mean that its YYY. Once the unmanaged OS disk was encrypted, when the data disk was added, it was automatically encrypted hence Y Y Y.
upvoted 1 times
...
...
...
ConradGroot
4 years ago
The sequence version has to be unique. The script below generates a GUID for the sequence version. In some cases, a newly added data disk might be encrypted automatically by the Azure Disk Encryption extension. Auto encryption usually occurs when the VM reboots after the new disk comes online. This is typically caused because "All" was specified for the volume type when disk encryption previously ran on the VM. If auto encryption occurs on a newly added data disk, we recommend running the Set-AzVmDiskEncryptionExtension cmdlet again with new sequence version. If your new data disk is auto encrypted and you do not wish to be encrypted, decrypt all drives first then re-encrypt with a new sequence version specifying OS for the volume type.
upvoted 1 times
...
nfett
4 years ago
YYY for me. reference comment about premium storage here. https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview
upvoted 1 times
...
g_db1
4 years ago
bit insecure, because everbody here is pretty firm. But I'll go to NNN. It's talking about ADE, not SSE which is automatic. So new attached disk will be encrypted by default with SSE but not with ADE
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel