Discover the key vaults available for storing encryption keys for your Azure virtual machines. Ensure the security of your VMs by choosing the right key vaults. Learn the options with our expert guide.
Table of Contents
Question
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table.
| Name | Region | Resource group |
|---|---|---|
| Vault1 | West Europe | RG1 |
| Vault2 | East US | RG1 |
| Vault3 | West Europe | RG2 |
| Vault4 | East US | RG2 |
In Sub1, you create a virtual machine that has the following configurations:
- Name: VM1
- Size: DS2v2
- Resource group: RG1
- Region: West Europe
- Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
A. Vault1 or Vault3 only
B. Vault1, Vault2, Vault3, or Vault4
C. Vault1 only
D. Vault1 or Vault2 only
Answer
A. Vault1 or Vault3 only
Explanation
Your key vault and VMs must be in the same subscription. Also, to ensure that encryption secrets don’t cross regional boundaries, Azure Disk Encryption requires the Key Vault and the VMs to be co-located in the same region.
Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.