Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your Windows and Linux VMs run in multiple availability zones. A regulation requires that OS, data, and temporary disks be encrypted at rest with customer-managed keys (CMKs) stored in Azure Key Vault. Additional constraints: no in-guest agent is allowed and the disk host cache must also be encrypted. Which Azure capability meets these requirements?
Default server-side encryption with platform-managed keys
Encryption at host enabled through a disk encryption set that uses customer-managed keys
Encryption at host performs encryption on the Azure compute host before any data is written to the storage service. When a disk encryption set that references a Key Vault key is associated with the VM's managed disks, the CMK is used transparently by the host. Because encryption happens outside the guest OS, no agent is required, and the protection extends to OS, data, temporary disks, and their caches.
Azure Disk Encryption relies on BitLocker or DM-Crypt inside the guest, so it needs an agent and does not encrypt the temp disk or host cache. Server-side encryption with platform-managed keys does not satisfy the CMK requirement. Confidential disk encryption applies only to specific confidential VM series and is unnecessary here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a disk encryption set in Azure?
Open an interactive chat with Bash
What is 'encryption at host' in Azure and how does it work?
Open an interactive chat with Bash
What is the difference between customer-managed keys (CMKs) and platform-managed keys in Azure?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure compute, storage, and databases
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .