You have an Azure virtual machine named VM1 and an Azure key vault named Vault1.
On VM1, you plan to configure Azure Disk Encryption to use a key encryption key (KEK)
You need to prepare Vault! for Azure Disk Encryption.
Which two actions should you perform on Vault1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To prepare a key vault for Azure Disk Encryption, you need to select Azure Virtual machines for deployment and select Azure Disk Encryption for volume encryption in the key vault access policy settings. These options enable the VMs to access the keys and secrets stored in the key vault for disk encryption. Creating a new key or secret is not required, as Azure Disk Encryption can generate them automatically. Configuring a key rotation policy is optional and not related to preparing the key vault for disk encryption. Reference:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
Ayomide Oluwaga
1 years agoNoushu
1 years agoNoushu
1 years ago