Skip to Content

AZ-500: Securing Your Azure VMs: Key Vault Options for Azure Disk Encryption

Discover the key vaults available for storing encryption keys for your Azure virtual machines. Ensure the security of your VMs by choosing the right key vaults. Learn the options with our expert guide.

Table of Contents

Question

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table.

Name Region Resource group
Vault1 West Europe RG1
Vault2 East US RG1
Vault3 West Europe RG2
Vault4 East US RG2

In Sub1, you create a virtual machine that has the following configurations:

  • Name: VM1
  • Size: DS2v2
  • Resource group: RG1
  • Region: West Europe
  • Operating system: Windows Server 2016

You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?

A. Vault1 or Vault3 only
B. Vault1, Vault2, Vault3, or Vault4
C. Vault1 only
D. Vault1 or Vault2 only

Answer

A. Vault1 or Vault3 only

Explanation

Your key vault and VMs must be in the same subscription. Also, to ensure that encryption secrets don’t cross regional boundaries, Azure Disk Encryption requires the Key Vault and the VMs to be co-located in the same region.

Microsoft Certified Azure Security Engineer Associate AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft Certified Azure Security Engineer Associate AZ-500 exam and earn Microsoft Certified Azure Security Engineer Associate AZ-500 certification.