ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-204 All Questions

View all questions & answers for the AZ-204 exam
Go to Exam

Exam AZ-204 topic 4 question 30 discussion

Actual exam question from Microsoft's AZ-204
Question #: 30
Topic #: 4
[All AZ-204 Questions]

DRAG DROP -
You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key.
The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process.
You need to securely transfer the key to Azure Key Vault.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
To perform a key transfer, a user performs following steps:
✑ Generate KEK.
✑ Retrieve the public key of the KEK.
✑ Using HSM vendor provided BYOK tool - Import the KEK into the target HSM and exports the Target Key protected by the KEK.
✑ Import the protected Target Key to Azure Key Vault.
Step 1: Generate a Key Exchange Key (KEK).
Step 2: Retrieve the Key Exchange Key (KEK) public key.
Step 3: Generate a key transfer blob file by using the HSM vendor-provided tool.
Generate key transfer blob using HSM vendor provided BYOK tool
Step 4: Run the az keyvault key import command
Upload key transfer blob to import HSM-key.
Customer will transfer the Key Transfer Blob (".byok" file) to an online workstation and then run a az keyvault key import command to import this blob as a new
HSM-backed key into Key Vault.
To import an RSA key use this command:
az keyvault key import
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/keys/byok-specification
by aradice at June 30, 2021, 7:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aradice
Highly Voted 2 years, 11 months ago
correct: https://docs.microsoft.com/en-us/azure/key-vault/keys/byok-specification#user-steps
upvoted 52 times
Esward
1 year, 4 months ago
Agreed
upvoted 1 times
Esward
1 year, 4 months ago
Given answers are correct
upvoted 1 times
...
...
TakumaK
2 years, 11 months ago
agree with you!
upvoted 4 times
...
...
MasterQuestMaster
Highly Voted 2 years, 4 months ago
Got this on the exam. :) top kek
upvoted 23 times
mandynotmandy
2 years, 3 months ago
this is still showing up in feb 2022 exams, the kek definitely made this question unforgettable for me top kek
upvoted 8 times
...
...
vizay
Most Recent 1 month, 1 week ago
You encrypt your key using Azure’s public key ➡️ make a secure file ➡️ upload it to Azure ➡️ Azure decrypts and stores it.
upvoted 1 times
...
kotireddy4120
6 months, 3 weeks ago
Given Answer is correct
upvoted 1 times
...
mewan
1 year ago
is it enough to pass the exam to read up to 22 pages
upvoted 7 times
...
Videira
1 year, 3 months ago
On my exam 2023-02-25
upvoted 2 times
...
NombreFalso
1 year, 3 months ago
based kek question
upvoted 2 times
...
Jeff8888
1 year, 4 months ago
Agreed
upvoted 1 times
...
petitbilly
2 years, 3 months ago
Got it in exam 03/22
upvoted 4 times
...
oescm
2 years, 4 months ago
Got this one 02/2022. Went with most voted
upvoted 6 times
...
lugospod
2 years, 4 months ago
Got this one 01/2022. Went with originally proposed solution
upvoted 6 times
danila16030
2 years, 4 months ago
Ho many questions from you test you find on this site? Just interesting)
upvoted 1 times
...
...
mcbc
2 years, 10 months ago
Generate KEK. Retrieve the public key of the KEK. Using HSM vendor provided BYOK tool - Import the KEK into the target HSM and exports the Target Key protected by the KEK. Import the protected Target Key to Azure Key Vault.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel