B. blobs in a general purpose v2 storage account

B. blobs in a general purpose v2 storage account A General Purpose v2 (GPv2) storage account can store blobs, files, queues, and tables, making it a versatile option for a wide range of applications. It supports customer-managed keys for encryption, allowing you to maintain control over the encryption keys. To encrypt each user's data with a separate key, you can use Azure Blob Storage Service Encryption with customer-managed keys, storing each user's data in separate containers, and then configuring separate encryption keys for each container.

At the time the question was designed only B would have been correct. Currently, C is also correct. The question requires support for two features: 1. Encryption scopes (different users encrypt with different keys) 2. Customer managed keys with key vault https://learn.microsoft.com/en-us/azure/storage/blobs/storage-feature-support-in-storage-accounts: Check for current support of these features for the different types of blob storage configurations.

Appeared on 11/21/2023

B is the answer

B is the answer. https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management You can specify a customer-provided key on Blob Storage operations. A client making a read or write request against Blob Storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted.

blobs in a general purpose v2 storage account

ADLS GEN 2 DOES NOT SUPPORT CMK ON THE FLY, HENCE B

B. Blobs in an Azure Data Lake Storage Gen2 account would be the best option to meet the given requirements. Azure Data Lake Storage Gen2 offers support for object storage and is designed to store and analyze large amounts of unstructured data. It also offers the ability to use customer-managed keys for encryption and supports the use of Azure Key Vault. Additionally, ADLS Gen2 offers a hierarchical namespace, which makes it easy to manage large data sets and access them efficiently.

B - HNS does not support encryption keys on request. https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-customer-provided-keys

B. blobs in a general purpose v2 storage account

Answer C

Ans: B Only blobs can use customer provided keys for container level or blob level custom encryption https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management

Obviously B

I'm a bit confused. What is the difference between B and C?

B. blobs in a general purpose v2 storage account

is "Encrypt each user's data by using a separate key." means "Provide an encryption key on a request to Blob storage" reference : https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-customer-provided-keys if so ,this feature not support Data Lake Storage Gen2, Network File System (NFS) 3.0 protocol, or the SSH File Transfer Protocol (SFTP) So, I think it is B