AZ-204 – Question 63

You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure.
The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements.
You need to configure Azure Disk Encryption for the VM.
How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Correct Answer: 

Box 1: keyvault –
Create an Azure Key Vault with az keyvault create and enable the Key Vault for use with disk encryption. Specify a unique Key Vault name for keyvault_name as follows: keyvault_name=myvaultname$RANDOM az keyvault create \
–name $keyvault_name \
–resource-group $resourcegroup \
–location eastus \
–enabled-for-disk-encryption True

Box 2: keyvault key –
The Azure platform needs to be granted access to request the cryptographic keys when the VM boots to decrypt the virtual disks. Create a cryptographic key in your Key Vault with az keyvault key create. The following example creates a key named myKey: az keyvault key create \
–vault-name $keyvault_name \
–name myKey \
–protection software

Box 3: vm –
Create a VM with az vm create. Only certain marketplace images support disk encryption. The following example creates a VM named myVM using an Ubuntu
16.04 LTS image:
az vm create \
–resource-group $resourcegroup \
–name myVM \
–image Canonical:UbuntuServer:16.04-LTS:latest \
–admin-username azureuser \
–generate-ssh-keys \

Box 4: vm encryption –
Encrypt your VM with az vm encryption enable:
az vm encryption enable \
–resource-group $resourcegroup \
–name myVM \
–disk-encryption-keyvault $keyvault_name \
–key-encryption-key myKey \
–volume-type all
Note: seems to an error in the question. Should have enable instead of create.

Box 5: all –
Encrypt both data and operating system.