Microsoft Azure Administrator Associate AZ-104 Practice Question
You are an Azure administrator for a company that requires all data stored in Azure Storage Accounts to be encrypted using customer-managed keys stored in Azure Key Vault. The company policy mandates that the encryption key is rotated every 90 days. You need to configure a Storage Account to meet these requirements. Which of the following steps should you perform?
Set the default encryption key to a customer-managed key in Key Vault and configure a key rotation policy
Disable encryption on the Storage Account and configure the application to encrypt data before storing it
Enable Infrastructure Encryption for the Storage Account and select the customer-managed key from Key Vault
Create a Key Vault, generate a key, and set the Storage Account to use service-managed keys in the Key Vault