Microsoft Exam AZ-104 Topic 17 Question 79 Discussion

Actual exam question for Microsoft's AZ-104 exam

Question #: 79
Topic #: 17

[All AZ-104 Questions]

You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.

On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK)

You need to prepare Vault! for Azure Disk Encryption.

Which two actions should you perform on Vault1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

ACreate a new key.

BSelect Azure Virtual machines for deployment

CConfigure a key rotation policy.

DCreate a new secret.

ESelect Azure Disk Encryption for volume encryption

Show Suggested Answer

Suggested Answer: B, E

To prepare a key vault for Azure Disk Encryption, you need to select Azure Virtual machines for deployment and select Azure Disk Encryption for volume encryption in the key vault access policy settings. These options enable the VMs to access the keys and secrets stored in the key vault for disk encryption. Creating a new key or secret is not required, as Azure Disk Encryption can generate them automatically. Configuring a key rotation policy is optional and not related to preparing the key vault for disk encryption. Reference:

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

by Daniel at Jul 03, 2023, 07:11 PM

Limited Time Offer

25%

Off

Get Premium AZ-104 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ayomide Oluwaga

1 years ago

Answer is correct https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault?tabs=azure-portal#azure-portal-1

upvoted 1 times

...