AZ-500 Exam - Question 402

Question

You have an Azure subscription that contains as Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored in the key vault.

You plan to store data in Azure by using the following services:

✑ Azure Files

✑ Azure Blob storage

✑ Azure Table storage

✑ Azure Queue storage

Which two services support data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

Azure Files and Blob storage support data encryption using customer-managed keys stored in the key vault. When you configure customer-managed keys for the storage account, data in Blob storage and Azure Files is always protected by these keys. While Queue storage and Table storage do offer encryption, they are not automatically protected by customer-managed keys and require additional configuration during storage account creation. Therefore, the correct options are Azure Files and Blob storage.

majstor86 · Answer

B. Azure Files
C. Blob storage

zellck · Answer

BC is the answer.

https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#customer-managed-keys-for-queues-and-tables
Data stored in Queue and Table storage isn't automatically protected by a customer-managed key when customer-managed keys are enabled for the storage account. You can optionally configure these services to be included in this protection at the time that you create the storage account.

Data in Blob storage and Azure Files is always protected by customer-managed keys when customer-managed keys are configured for the storage account.

ESAJRR · Answer

B. Azure Files
C. Blob storage

wingcheuk · Answer

B and C support customer-managed keys.

Azure Table storage and Azure Queue storage do not support encryption with customer-managed keys. They are encrypted with service-managed keys by default.

thienvupt · Answer

Azure Storage services supported	All	Blob storage, Azure Files1,2	Blob storage

itbrpl · Answer

Today's exam 20/10/21..

zioggs · Answer

Exam - 4/11/21

sudarchary · Answer

Correct

somenick · Answer

Correct, but outdated. Customer-managed key (CMK) support can be limited to blob service and file service only, or to ALL service types. After the storage account is created, this support cannot be changed.

Ajdlfasudfo0 · Answer

outdated question

heatfan900 · Answer

ANSWERS R CORRECT FOR CMK:

https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption

[Removed] · Answer

Customer-managed key (CMK) support can be limited to blob service and file service only, or to all service types. After the storage account is created, this support cannot be changed.Learn more

JackGelder · Answer

Seems outdated for a bit, 'cause now you can choose what services you want to protect with CMK during creation of storage account: it can be blobs and files only or all services.

cfsxtuv33 · Answer

Answers are correct..C and D, the provided link gives informative info regarding question.

wsrudmen · Answer

Correct.

Data in Blob storage and Azure Files is always protected by customer-managed keys when customer-managed keys are configured for the storage account.
Data stored in Queue and Table storage isn't automatically protected by a customer-managed key when customer-managed keys are enabled for the storage account. You can optionally configure these services to be included in this protection at the time that you create the storage account.

tutonata · Answer

AD, you need to read the question.
When using customer managed keys on a storage account, the CMK are automatically enabled for BLOB and FILE. You can then optionaly configure Queues and Tables.
"Data stored in Queue and Table storage isn't automatically protected by a customer-managed key when customer-managed keys are enabled for the storage account. You can optionally configure these services to be included in this protection at the time that you create the storage account."
https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#customer-managed-keys-for-queues-and-tables

tutonata · Answer

AD, you need to read the question. Question says:
"storage account is configured to use the CMK stored in the keyvault"
so the question is about the additional services that can use the CMK, not the ones who are using it by default when configured.
When using customer managed keys on a storage account, the CMK are automatically enabled for BLOB and FILE. You can then optionaly configure Queues and Tables.
"Data stored in Queue and Table storage isn't automatically protected by a customer-managed key when customer-managed keys are enabled for the storage account. You can optionally configure these services to be included in this protection at the time that you create the storage account."
https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#customer-managed-keys-for-queues-and-tables

NotAChatBot · Answer

The question is misleading. All services support data encryption with customer managed keys stored in a key vault.

heatfan900 · Answer

the question should reference MMK not CMK. MMK, by default, only has BLOBS and FILES selected but CMK will automatically select all files types

4f13cca · Answer

"Data stored in Queue and Table storage isn't automatically protected by a customer-managed key when customer-managed keys are enabled for the storage account. You can optionally configure these services to be included in this protection at the time that you create the storage account."

https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
Isn't automatically, logical solution BC

AZ-500 Exam - Question 402

Discussion