Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You backed up a customer-managed RSA key named "ProdSigningKey" from an Azure Key Vault. The backup file was downloaded to a secure location on your workstation. Later the security team asks you to restore the key into a newly created vault that is owned by another Azure AD tenant. Which statement accurately describes what will happen when you run the Restore-Key operation against the new vault?
The restore succeeds as long as the destination vault is located in the same Azure region as the source vault, regardless of tenant.
The restore fails because a key backup can only be restored to a vault that resides in the same Azure AD tenant as the source vault.
The restore succeeds, but the key material is automatically re-wrapped with a new tenant master key.
The restore fails unless the destination vault has an identical name to the source vault and is placed in the same resource group.
The backup package created by Azure Key Vault is encrypted with a key that is internal to the source tenant. Because that encryption key is not shared across Azure AD tenants, the Restore-Key operation can succeed only when the target vault is in the same Azure AD tenant as the vault that produced the backup. If you attempt to restore the package to a vault in a different tenant, Key Vault rejects the request and returns an error indicating that the package cannot be decrypted. Subscription, resource group, vault name, or region do not have to match, but tenant membership must.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are Azure Key Vault backups tied to the same Azure AD tenant?
Open an interactive chat with Bash
What is the process for backing up a key in Azure Key Vault?
Open an interactive chat with Bash
What happens if you try to restore a key to a new vault in a different tenant?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .