Skip to Content

AZ-900: Which Azure Service Can Be Used to Encrypt Data at Rest Without Additional Overhead?

By: Author Alex Lim

Posted on

Categories Exam

Which Azure service enables seamless encryption of data at rest for virtual machines and storage, meeting security and compliance needs without extra management overhead? Learn how Azure Disk Encryption uses BitLocker and DM-Crypt for robust protection in the cloud.

Table of Contents

Question

A company is concerned about the security of their sensitive data in the cloud and wants to implement encryption for data at rest. Which Azure service can they use to encrypt their data without additional overhead?

A. Azure Key Vault
B. Azure Security Center
C. Azure Firewall
D. Azure Disk Encryption
E. Azure Active Directory

Answer

D. Azure Disk Encryption

Explanation

Azure Disk Encryption uses BitLocker for Windows and DM-Crypt for Linux to encrypt the data on Azure virtual machine disks, ensuring the data is securely stored at rest.

  • Azure Disk Encryption (ADE) uses BitLocker for Windows virtual machines and DM-Crypt for Linux virtual machines to provide volume-level encryption for both OS and data disks.
  • This encryption ensures that all data stored on the disk is protected while at rest, which means it is unreadable to unauthorized users if the disk is detached or accessed outside the VM environment.
  • ADE integrates with Azure Key Vault for secure storage and management of encryption keys, supporting both Microsoft-generated and customer-managed keys for compliance and security flexibility.
  • The encryption process is straightforward and can be enabled via the Azure portal, CLI, or PowerShell, requiring minimal additional overhead for configuration or ongoing management.
  • Once enabled, the encryption is transparent to applications and users, and does not require changes to existing workloads or manual intervention for daily operations.
  • ADE is designed to help organizations meet regulatory compliance requirements and protect sensitive data across a wide range of supported Windows and Linux VM types.

Azure Disk Encryption uses BitLocker (Windows) and DM-Crypt (Linux) to encrypt Azure VM disks, ensuring that data is securely stored at rest with minimal additional overhead. It integrates with Azure Key Vault for key management and supports both platform-managed and customer-managed keys, providing robust, transparent encryption for sensitive cloud data.

Microsoft Azure Fundamentals AZ-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Fundamentals AZ-900 exam and earn Microsoft Azure Fundamentals AZ-900 certification.