Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam

Exam AZ-204 topic 14 question 1 discussion

Actual exam question from Microsoft's AZ-204

Question #: 1
Topic #: 14

HOTSPOT -
You need to add code at line PC26 of Processing.cs to ensure that security policies are met.
How should you complete the code that you will add at line PC26? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer

Suggested Answer:

Box 1: var key = await Resolver.ResolveKeyAsyn(keyBundle,KeyIdentifier.CancellationToken.None);
Box 2: var x = new BlobEncryptionPolicy(key,resolver);
Example:
// We begin with cloudKey1, and a resolver capable of resolving and caching Key Vault secrets.
BlobEncryptionPolicy encryptionPolicy = new BlobEncryptionPolicy(cloudKey1, cachingResolver); client.DefaultRequestOptions.EncryptionPolicy = encryptionPolicy;
Box 3: cloudblobClient. DefaultRequestOptions.EncryptionPolicy = x;
Reference:
https://github.com/Azure/azure-storage-net/blob/master/Samples/GettingStarted/EncryptionSamples/KeyRotation/Program.cs

by wumingshi at March 26, 2021, 8:36 a.m.

Comments

Submit Cancel

wumingshi

Highly Voted 3 years, 10 months ago

The answer is correct

upvoted 32 times

...

gmishra88

Highly Voted 2 years, 3 months ago

Also Microsoft says : you need not know .Net for this certification and proceed to ask questions deep in the dark corners of .Net libraries

upvoted 17 times

gmishra88

2 years, 3 months ago

The requirement says "Receipt data must always be encrypted at rest." That might make a person think do not use client side encryption. But then proceeds to make the person guess from the answer choices that it is client side encryption. Why does this organization think this is a good way to ask questions?

upvoted 1 times

gmishra88

2 years, 3 months ago

"Consider using service-side encryption features instead of client-side encryption. For more information about service-side encryption features, see Azure Storage encryption for data at rest."

upvoted 2 times

...

macobuzi

1 year, 5 months ago

To be honest, if you are an experienced programmer you can guess the right answer to this question by pure logic, no .Net code or even Azure knowledge is needed.

upvoted 6 times

AndySmith

1 year, 3 months ago

Exactly! Did it from 1st try, but originally was very confused with plenty of optins, LOL. So, 2nd and 3rd steps are easy to connect. And in 2nd step you should use "key" from Step1, but it only occurs in options 3 and 4. Since, 4 is about deletion policy, which doesn't make sense - then go with 3 which is Encryption Policy. And Encryption Policy is 1:1 mapping to last step 3 :)

upvoted 2 times

...

bp_a_user

1 year, 1 month ago

but guessing should not be the goal

upvoted 2 times

...

SaintBahamut

Most Recent 2 years, 8 months ago

Answer is correct, checked that in code, If we take second box as correct then only 4rd option from 1st box fits

upvoted 2 times

...

Yazhu

3 years, 1 month ago

Given Answer is correct. Refer the below URL. https://csharp.hotexamples.com/examples/Microsoft.WindowsAzure.Storage.Blob/BlobEncryptionPolicy/-/php-blobencryptionpolicy-class-examples.html

upvoted 2 times

...

UnknowMan

3 years, 8 months ago

BlobEncryptionPolicy accept "Ikey" on constructor => https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.storage.blob.blobencryptionpolicy.-ctor?view=azure-dotnet-legacy#Microsoft_Azure_Storage_Blob_BlobEncryptionPolicy__ctor_Microsoft_Azure_KeyVault_Core_IKey_Microsoft_Azure_KeyVault_Core_IKeyResolver_ (keyBundle.Key return a Microsoft.Azure.KeyVault.WebKey.JsonWebKey). The answer is correct !

upvoted 9 times

...

UnknowMan

3 years, 8 months ago

upvoted 1 times

...

SnakePlissken

3 years, 8 months ago

1. var key = keyBundle.Key; 2. var x = new BlobEncryptionPolicy(key, resolver); 3. cloudBlobClient.DefaultRequestOptions.EncryptionPolicy = x; But I'm afraid I've wasted my time. As you can see in the links, it's all legacy code. https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.keyvaultclientextensions.getkeyasync?view=azure-dotnet-legacy&viewFallbackFrom=azure-dotnet https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.storage.blob.blobencryptionpolicy.-ctor?view=azure-dotnet-legacy#Microsoft_Azure_Storage_Blob_BlobEncryptionPolicy__ctor_Microsoft_Azure_KeyVault_Core_IKey_Microsoft_Azure_KeyVault_Core_IKeyResolver_ https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.storage.blob.blobrequestoptions.encryptionpolicy?view=azure-dotnet-legacy#Microsoft_Azure_Storage_Blob_BlobRequestOptions_EncryptionPolicy

upvoted 6 times

coffecold

2 years, 3 months ago

yes legacy code.. for version 12 use KeyClient, ClientSideEncryptionOptions ... see https://stackoverflow.com/questions/64644174/encryption-with-azure-bob-storage-v12-sdk-for-net

upvoted 1 times

...

ning

3 years, 5 months ago

This is NOT correct, keyBundle.Key() is correct, it is a method, not a property, so no correct

upvoted 1 times

vokep77043

3 years, 5 months ago

No, it's a property. Read documenation. https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.models.keybundle.key?view=azure-dotnet-legacy#Microsoft_Azure_KeyVault_Models_KeyBundle_Key

upvoted 3 times

...

jvyas

3 years, 9 months ago

According to Udemy instructor Alan Rodriguez answer for first box is var key = keyBundle.key

upvoted 6 times

...

jokergester

3 years, 10 months ago

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-encrypt-decrypt-blobs-key-vault?tabs=dotnet11#encrypt-blob-and-upload

upvoted 4 times

...