ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 10 discussion

Actual exam question from Microsoft's AZ-204
Question #: 10
Topic #: 4
[All AZ-204 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms.
If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised.
You need to store the intake forms according to the requirements.
Solution:
1. Create an Azure Key Vault key named skey.
2. Encrypt the intake forms using the public key portion of skey.
3. Store the encrypted data in Azure Blob storage.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pac1311 at Feb. 10, 2021, 8:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pac1311
Highly Voted 4 years, 2 months ago
Correct!
upvoted 37 times
...
bingohah
Highly Voted 4 years, 2 months ago
The answer is right, but not good. Because we should use symmetric key to encrypt file, instead of public key. The best practise is: encrypt file by symmetric key, and the symmetric key is protected by public key.
upvoted 29 times
vb3d
4 years, 1 month ago
Not sure what do you mean, but check the link below. Symmetric key means the same key is used for encryption and decryption. When you use an Asymmetric key, you encrypt with the public key and decrypt with a secret key, which is what the solution is talking about and is better. https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences#:~:text=Symmetric%20encryption%20uses%20a%20single,and%20decrypt%20messages%20when%20communicating.
upvoted 11 times
aarrtturas
3 years, 11 months ago
We should use symmetric key not asymmetric key. Asymmetric key is used for small amount's of data to encrypt. Usually asymmetric key encrypts symmetric key, and symmetric key encrypts data
upvoted 5 times
fearoffree
3 years, 2 months ago
The asymmetric key is used to sign the intake so it could not be compromised!
upvoted 1 times
...
...
...
...
2f17d52
Most Recent 1 week ago
Selected Answer: B
From Chatgpt: Problem: Directly Encrypting the Forms with the Key Vault RSA Key Azure Key Vault RSA keys are asymmetric and typically support encrypting only small payloads (e.g., up to 4 KB). Scanned medical forms are typically large files (hundreds of KB to several MB). Trying to encrypt these large files directly with the RSA public key stored in Key Vault will: Fail due to size limits, or Be extremely inefficient and non-scalable.
upvoted 1 times
...
Vichu_1607
7 months ago
Selected Answer: A
The solution does meet the goal. Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. In this case, the intake forms are encrypted using the public key of a key stored in Azure Key Vault (skey). This means that even if the data is downloaded by a third party, they would not be able to decrypt and read the data without access to the corresponding private key. Storing the encrypted data in Azure Blob Storage is a common and secure method for storing large amounts of unstructured data in the cloud.
upvoted 1 times
...
obllew
7 months, 1 week ago
It's poorly worded - is the 3rd party an authorized party? By "compromised" do they mean confidential info would be revealed? Are they saying docs should be encrypted at rest such that if someone gains access to the account, patient data would not be leaked? In which case A meets that goal, because only the website may securely access the doc by accessing the private key from Key Vault to decrypt them.
upvoted 2 times
...
CafeLago
8 months, 3 weeks ago
Shouldn't this be WORM with immutable policies and NOT CMK or client-side encryption? There is no requirement for Confidentiality, only Integrity. Without mention of sharing the key with the third-party, it cannot read the intake forms and so the solution does not meet the goal.
upvoted 1 times
...
richardc7
1 year, 7 months ago
Selected Answer: A
Got 29/09/2023
upvoted 3 times
...
notedo
1 year, 7 months ago
Selected Answer: A
Correct
upvoted 1 times
...
MysticalSam
1 year, 11 months ago
This question was in today's exam on 10-June-2023
upvoted 4 times
...
Saluk_DE
2 years, 1 month ago
Selected Answer: A
Question was in Exam 2023-03-30
upvoted 2 times
...
sarmaria
2 years, 1 month ago
Got this on 16/03/23. Chosen yes. Make sure to prepare for case study. I got city and lights case study. No Kubernetes, Search, Logic Apps questions for me.
upvoted 1 times
...
Bear_Polar
2 years, 5 months ago
Selected Answer: A
AZ-900, is that you? :)))
upvoted 1 times
...
OPT_001122
2 years, 5 months ago
Selected Answer: A
A. Yes
upvoted 2 times
...
OPT_001122
2 years, 5 months ago
Selected Answer: A
A. Yes
upvoted 2 times
...
coffecold
2 years, 6 months ago
The anwser is B (NO) This is a business case of digital signing. In digital signing the sender's private key encrypts the data -- this is the digital signature -- and the receiver uses the public key to decrypt it and verify it matches the attachment. "2. Encrypt the intake forms using the public key portion of skey." must be "2. Encrypt the intake forms using the private key portion of skey." Digital signing is opposed to encryption : Encryption uses a public key to ensure the ciphertext cannot be deciphered by anyone but the authorized recipient with the private key.
upvoted 4 times
...
gmishra88
2 years, 7 months ago
Client side encryption is a valid method to do this. Asymmetric key can be used (RSA in keyvault). If using Asymetric key then client side encryption should be done with the public key because it can only be decrypted with a private key (which other people do not have). One will encrypt with private key only as a signature to prove she has the private key so that it can be verified with the public key. But still a difficult question in a certification exam with a time limit if you used their SDK to do the encryption and decryption.
upvoted 1 times
gmishra88
2 years, 7 months ago
And, I will always use a symmetric key for client side encryption. But god knows what Microsoft want as an answer and what the question creator experienced in life.
upvoted 1 times
...
...
Dani_ac7
2 years, 8 months ago
Selected Answer: A
Correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago