Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You are securing an Azure general-purpose v2 storage account that uses Microsoft-managed keys and is replicated with zone-redundant storage (ZRS). The security team has asked that every object written to the account be protected by two independent encryption layers while it is stored in Azure. Which action should you take to meet the requirement with the least administrative effort?
Migrate the data to a newly created Premium block blob account configured for encryption scopes.
Turn on Infrastructure encryption for the storage account.
Switch the account to customer-managed keys stored in Azure Key Vault and enable automatic key rotation.
Enable client-side encryption in all applications that write data to the account.
Azure Storage already performs server-side encryption with Microsoft-managed keys. Enabling the Infrastructure encryption setting on the storage account adds a second, entirely independent encryption layer that is applied beneath the existing one, providing double encryption of data at rest. The feature is supported for accounts that use Microsoft-managed keys and LRS or ZRS replication. No additional keys, key rotation, or client-side configuration are required. Creating a new account, changing to customer-managed keys, or enabling client-side encryption would add management overhead without providing the same infrastructure-level double encryption.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure Encryption in Azure Storage?
Open an interactive chat with Bash
How do Microsoft-Managed keys differ from Customer-Managed keys?
Open an interactive chat with Bash
What is Zone-Redundant Storage (ZRS) in Azure?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .