ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 4 question 54 discussion

Actual exam question from Microsoft's AZ-400
Question #: 54
Topic #: 4
[All AZ-400 Questions]

DRAG DROP -
You have an Azure subscription that uses Azure Monitor and contains a Log Analytics workspace.
You have an encryption key.
You need to configure Azure Monitor to use the key to encrypt log data.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Customer-Managed key provisioning steps:
Step 1: Create an Azure Key vault and store the key.
Creating Azure Key Vault and storing key. Create or use an existing Azure Key Vault in the region that the cluster is planed, and generate or import a key to be used for logs encryption.
Step 2: Create an Azure Monitor Logs dedicate cluster that has a system-assigned managed identity
Clusters uses managed identity for data encryption with your Key Vault. Configure identity type property to SystemAssigned when creating your cluster to allow access to your Key Vault for "wrap" and "unwrap" operations.
Step 3: Grant the system-assigned managed Identity Key permissions for the key vault.
Grant Key Vault permissions.
Create Access Policy in Key Vault to grants permissions to your cluster. These permissions are used by the underlay cluster storage. Open your Key Vault in
Azure portal and click Access Policies then + Add Access Policy to create a policy with these settings:
Key permissionsג€"select Get, Wrap Key and Unwrap Key.
Etc.

1. Creating cluster
2. Granting permissions to your Key Vault
3. Updating cluster with key identifier details
4. Linking workspaces
Step 4: Configure the key vault properties for the cluster.
Update cluster with key identifier details.
Step 5: Link the Log Analytics workspace to the cluster
Link workspace to cluster.
This step should be performed only after the cluster provisioning. If you link workspaces and ingest data prior to the provisioning, ingested data will be dropped and won't be recoverable.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys
by syu31svc at Sept. 2, 2022, 8:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
resonant
Highly Voted 1 year, 11 months ago
This question was on my exam on September 12, 2023. Choosed the given answer and passed with 877.
upvoted 14 times
...
syu31svc
Highly Voted 2 years, 11 months ago
Given answer is correct and is supported by given link plus explanation
upvoted 8 times
...
ppp_ppp1
Most Recent 3 months ago
1. Create an AML dedicated cluster that has system assigned MI 2. Create KV 3. Configure KV properties for the cluster 4. Grant permission 5. Link LAW
upvoted 1 times
...
Dimedrol1
1 year, 7 months ago
Considering the statement "More than one order of answer choices is correct," the steps "Creating an Azure Monitor Logs dedicated cluster" and "Create an Azure key vault and store the key" can be performed in any sequence. As per the documentation (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-dedicated-clusters?tabs=cli), Creating an Azure Monitor Logs dedicated cluster doesn't require a predefined key. This means we can first set up the cluster and then create the Key Vault. My answer: - Create an Azure Monitor Logs dedicated cluster - Create an Azure key vault and store the key - Grant the system-assigned managed identity Key permissions - Configure the key vault properties for the cluster - Link the Log Analytics workspace to the cluster
upvoted 2 times
...
vsvaid
1 year, 7 months ago
ExamTopics seems correct as per article this https://learn.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys?tabs=portal -------------------------- Customer-Managed key provisioning steps Creating Azure Key Vault and storing key Creating cluster Granting permissions to your Key Vault Updating cluster with key identifier details Linking workspaces
upvoted 1 times
...
varinder82
1 year, 8 months ago
Final answer after all the comments - Answer provided by examtopic is correct
upvoted 3 times
...
flafernan
2 years ago
Issues surrounding the specific sequence of steps to configure services on Azure can be tricky as they can vary depending on specific environment requirements and security policies. These questions can lead to ambiguous or subjective answers, which can make the assessment more difficult for candidates.
upvoted 3 times
...
yana_b
2 years ago
@zellck, did you have simulations and if yes, how many and were they from the exam topics site? Thank you!
upvoted 1 times
UrbanRellik
9 months, 2 weeks ago
There is three parts: 30 multiple choice questions. 4 - 10 scenario questions that you cannot go back for. 5 - 16 lab questions. Total of 48 questions.
upvoted 2 times
...
...
zellck
2 years, 2 months ago
1. Create Azure key vault and store key 2. Create Azure Monitor Logs dedicated cluster with system-assigned managed identity 3. Grant system-assigned managed identity key permissions for key vault 4. Configure key vault properties for cluster 5. Link the Log Analytics workspace to cluster https://learn.microsoft.com/en-us/azure/azure-monitor/logs/customer-managed-keys?tabs=portal#customer-managed-key-provisioning-steps - Creating Azure Key Vault and storing key - Creating cluster - Granting permissions to your Key Vault - Updating cluster with key identifier details - Linking workspaces
upvoted 7 times
zellck
2 years, 2 months ago
Gotten this in Jun 2023 exam.
upvoted 6 times
...
...
itbrpl
2 years, 4 months ago
I am missing te cluster information on the question.. which cluster? Questions is about Azure Monitore and Log Workspace
upvoted 5 times
...
Darkeh
2 years, 10 months ago
Customer-Managed key provisioning steps: Creating Azure Key Vault and storing key Creating cluster Granting permissions to your Key Vault Updating cluster with key identifier details Linking workspaces
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel