Microsoft Azure Security Engineer Associate AZ-500 Practice Question
You need to encrypt an Azure Storage account with a customer-managed key generated in an on-premises HSM. After importing the key into Azure Key Vault through Bring Your Own Key (BYOK), which Key Vault permissions must you assign to the Storage account's managed identity (or the Microsoft.Storage resource provider) so it can use the key for encryption at rest?
Azure Storage requires only three Key Vault permissions when using a customer-managed key: Get, WrapKey, and UnwrapKey. Get lets the service retrieve the public portion and attributes of the key. WrapKey and UnwrapKey allow Storage to wrap and unwrap data-encryption keys that protect the stored data. Encrypt and Decrypt permissions are not needed because Storage never sends plaintext data to Key Vault; it only wraps and unwraps its own data-encryption keys. List, Sign, and Verify do not satisfy the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a customer-managed key and how does it differ from a Microsoft-managed key?
Open an interactive chat with Bash
What is Bring Your Own Key (BYOK) in Azure Key Vault?
Open an interactive chat with Bash
What are WrapKey and UnwrapKey permissions, and why are they necessary in this scenario?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .