AZ-203 Exam - Question 6

Question

DRAG DROP -You are preparing to deploy a medical records application to an Azure virtual machine (VM). The application will be deployed by using a VHD produced by an on- premises build server. You need to ensure that both the application and related data are encrypted during and after deployment to Azure. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:.

Examice · Accepted Answer

To ensure that both the application and related data are encrypted during and after deployment to Azure, follow these steps in sequence: Step 1: Encrypt the on-premises VHD by using BitLocker without a TPM. This ensures that the VHD is protected before it is uploaded to Azure. A TPM is not necessary because a virtual machine does not have a TPM. Step 2: Upload the VHD to Azure Storage. This step allows you to move the encrypted VHD to Azure. Step 3: Run the Azure PowerShell command Set-AzureRMVMOSDisk. This command attaches the encrypted VHD to an Azure VM. Step 4 involves using the Set-AzureRmVMDiskEncryptionExtension command, which is not applicable here because it is used to enable encryption on a running IaaS virtual machine in Azure and does not make sense in this context because the VM is already using an encrypted VHD attached in the previous step.

PraPat · Answer

Check https://vceguide.com/which-three-actions-should-you-perform-in-sequence-606/   for options

Not_Sure_Who_Am_I · Answer

Options: https://vceguide.com/wp-content/uploads/2019/10/Microsoft-AZ-203-date-01-06-2019-00001_Page_019_Image_0001.jpg

agoncal · Answer

Last option should be New=AzureRmVM, encryption can be set in Set-AzureRMVMOSDisk cmd:
"Encrypt VMs with pre-encrypted VHDs with Azure PowerShell
You can enable disk encryption on your encrypted VHD by using the PowerShell cmdlet Set-AzVMOSDisk. The example below gives you some common parameters.

PowerShell
$VirtualMachine = New-AzVMConfig -VMName "MySecureVM" -VMSize "Standard_A1
"
$VirtualMachine = Set-AzVMOSDisk -VM $VirtualMachine -Name "SecureOSDisk" -VhdUri "os.vhd" Caching ReadWrite -Windows -CreateOption "Attach" -DiskEncryptionKeyUrl "https://mytestvault.vault.azure.net/secrets/Test1/514ceb769c984379a7e0230bddaaaaaa" -DiskEncryptionKeyVaultId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myKVresourcegroup/providers/Microsoft.KeyVault/vaults/mytestvault"

New-AzVM -VM $VirtualMachine -ResourceGroupName "MyVirtualMachineResourceGroup""

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows-aad

hmirko · Answer

Is last step New-AzureRmVM or Set-AzureRmVMDiskEncryptionExtension?

wlfjck · Answer

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-sample-scripts

tsimbah · Answer

l ok ok

l

Dirk · Answer

I'm not so sure about the TPM.
It should be possible as well with a VM:
https://www.prajwaldesai.com/enable-trusted-platform-module-on-virtual-machine/

NajamKhan · Answer

Options: https://vceguide.com/wp-content/uploads/2019/10/Microsoft-AZ-203-date-01-06-2019-00001_Page_019_Image_0001.jpg

AnonymousJhb · Answer

The answer is incorrect.
as per the MS documentation, Set-AzureRmVMDiskEncryptionExtension Enables encryption on a running IaaS virtual machine in Azure. 
Thus, we need to first provision a New-AzVm in step 3 and then step 4 Set-AzureRmVMDiskEncryptionExtension
https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/set-azurermvmdiskencryptionextension?view=azurermps-6.13.0

jhonattansolarte · Answer

RESPONSE:
https://user-images.githubusercontent.com/8276103/125327598-e8359000-e308-11eb-8ee2-3c4c02a5a276.jpeg

AZ-203 Exam - Question 6

Discussion