AZ-304 – Question #47


Question #47

You need to create an Azure Storage account that uses a custom encryption key.
What do you need to implement the encryption?

A. a certificate issued by an integrated certification authority (CA) and stored in Azure Key Vault
B. a managed identity that is configured to access the storage account
C. an Azure Active Directory Premium subscription
D. an Azure key vault in the same Azure region as the storage account

Correct Answer: A
You can use your own encryption key to protect the data in your storage account. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data.
You must use either Azure Key Vault or Azure Key Vault Managed Hardware Security Model (HSM) (preview) to store your customer-managed keys.