You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
In Sub1, you create a virtual machine that has the following configurations:
✑ Name: VM1
✑ Size: DS2v2
✑ Resource group: RG1
✑ Region: West Europe
✑ Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
Azure Disk Encryption requires that the Key Vault and the Virtual Machine be located in the same Azure region to ensure that encryption secrets don't cross regional boundaries. Since VM1 is located in the West Europe region, you can only store the encryption key in key vaults that are also located in the West Europe region. Therefore, the correct key vaults are Vault1 and Vault3. Vault2 and Vault4 are located in East US and therefore cannot be used for this purpose.
correct answer.
A, for sure Same Azure Region for KeyVault
in the exam
A is the answer. https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault?tabs=azure-portal#create-a-key-vault To ensure that encryption secrets don't cross regional boundaries, you must create and use a key vault that's in the same region and tenant as the VMs to be encrypted.
A. Vault1 or Vault3 only
Correct answer. "Your key vault and VMs must be in the same subscription. Also, to ensure that encryption secrets don't cross regional boundaries, Azure Disk Encryption requires the Key Vault and the VMs to be co-located in the same region." https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
correct answer
In Exam 8/4/2021
correct answer. Resource Group is irrelevant. Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets. Your key vault and VMs must reside in the same Azure region and subscription.
Correct answer is A: Vault1 or Vault3 only https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault?tabs=azure-portal Please note that for storage accounts, Key Vaults can be located in different regions, as long as they are within the same tenant: https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-existing-account?WT.mc_id=Portal-Microsoft_Azure_Storage&tabs=azure-portal (there exist a case study about this topic on page 47)
A. Vault1 or Vault3 only
In the exam on 6/27/2023
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview#encryption-key-storage-requirements "Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets. Your key vault and VMs must reside in the same Azure region and subscription."
To ensure that encryption secrets don't cross regional boundaries, you must create and use a key vault that's in the same region and tenant as the VMs to be encrypted. https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault?tabs=azure-portal
Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region.
#exam ques # 29 Sep
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets.