ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 5 question 48 discussion

Actual exam question from Microsoft's AZ-500
Question #: 48
Topic #: 5
[All AZ-500 Questions]

DRAG DROP -
You have an Azure subscription that contains a Microsoft SQL server named Server1 and an Azure key vault named vault1. Server1 hosts a database named
DB1. Vault1 contains an encryption key named key1.
You need to ensure that you can enable Transparent Data Encryption (TDE) on DB1 by using key1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-configure?tabs=azure-powershell
by makimaki at Sept. 15, 2022, 2:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
zellck
Highly Voted 9 months, 2 weeks ago
1. Create a managed identity for Server1. 2. Configure permissions for Server1. 3. Add key1 to Server1. 4. Configure the TDE protector on Server1. https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-configure?tabs=azure-powershell&view=azuresql#assign-an-azure-active-directory-azure-ad-identity-to-your-server - Assign an Azure Active Directory (Azure AD) identity to your server - Grant Key Vault permissions to your server - Add the Key Vault key to the server and set the TDE Protector
upvoted 14 times
...
Nickname01
Highly Voted 1 year, 1 month ago
I think the answer is wrong: first you create the managed identity for server 1 then you configure the access permissions for vault 1 (so the managed identity has acces to the key) than you add the key to server1 and last you configure the TDE protector on server1
upvoted 10 times
RickMorais
1 year ago
The given answer is correct. Check the answer provided link. You need to give permission for the SERVER, not to the Vault.
upvoted 1 times
...
Ajdlfasudfo0
1 year ago
I think so too, "Grant Key Vault permissions to your server" => configure permission for vault1 https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-configure?view=azuresql&tabs=azure-powershell#assign-an-azure-active-directory-azure-ad-identity-to-your-server
upvoted 4 times
...
...
tutonata
Most Recent 11 months, 1 week ago
Answer is correct
upvoted 4 times
...
majstor86
11 months, 2 weeks ago
1. create the managed identity for Server 1 2. configure permissions for Server 1 3. add key1 to server1 4. configure the TDE protector on server1
upvoted 5 times
...
nnd
1 year, 2 months ago
correct answer.
upvoted 1 times
...
makimaki
1 year, 5 months ago
The answer is correct. The reference says the same thing.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel