Microsoft Azure Administrator Associate AZ-104 Practice Question
You are an Azure administrator for a company that must comply with strict regulatory standards requiring full control over encryption keys for all stored data. You need to ensure that a new Azure Storage account adheres to this policy. What should you do to meet this requirement?
Configure the storage account to use Microsoft-managed keys
Configure the storage account to use customer-managed keys in Azure Key Vault
Create a shared access signature for the storage account
Enable infrastructure encryption on the storage account
To have full control over the encryption keys used for your Azure Storage account, you should configure the account to use customer-managed keys in Azure Key Vault. This allows you to manage and control the key lifecycle, including key rotation and revocation. Using Microsoft-managed keys does not provide control over the keys, and enabling infrastructure encryption adds a secondary layer but still relies on Microsoft-managed keys unless configured otherwise. Configuring a shared access signature (SAS) is related to access control, not encryption key management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are customer-managed keys in Azure Key Vault?
Open an interactive chat with Bash
What is the difference between customer-managed keys and Microsoft-managed keys?
Open an interactive chat with Bash
What is encryption key lifecycle management?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Implement and manage storage
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Information Technology Package Join Premium for Full Access