Microsoft Exam AZ-204 Topic 2 Question 89 Discussion

Actual exam question for Microsoft's AZ-204 exam

Question #: 89
Topic #: 2

You are developing a Java application to be deployed in Azure. The application stores sensitive data in Azure Cosmos DB. You need to configure Always Encrypted to encrypt the sensitive data inside the application. What should you do first?

ACreate a customer-managed key (CMK) and store the key in a new Azure Key Vault instance.

BCreate an Azure AD managed identity and assign the identity to a new Azure Key Vault instance.

CCreate a data encryption key (DEK) by using the Azure Cosmos DB SDK and store the key in Azure Cosmos DB.

DCreate a new container to include an encryption policy with the JSON properties to be encrypted.

Show Suggested Answer

Suggested Answer: C

by Paz at Mar 19, 2024, 04:21 AM

Limited Time Offer

25%

Off

Get Premium AZ-204 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kerry

3 days ago

I disagree. I believe we should create an Azure AD managed identity and assign it to a new Key Vault instance.

upvoted 0 times

...

Elouise

4 days ago

I think we should create a customer-managed key in a new Azure Key Vault.

upvoted 0 times

...

Eulah

28 days ago

Haha, good one, Candidate 5. But seriously, I think the correct answer here is to create a new container with an encryption policy that includes the JSON properties we want to encrypt. That way, we get the benefits of Always Encrypted without having to worry about managing the keys ourselves.

upvoted 0 times

...