Microsoft Azure Architect Design (2020, legacy) — Question 30
You are designing a data protection strategy for Azure virtual machines. All the virtual machines use managed disks.
You need to recommend a solution that meets the following requirements:
✑ The use of encryption keys is audited.
✑ All the data is encrypted at rest always.
✑ You manage the encryption keys, not Microsoft.
What should you include in the recommendation?
Answer options
- A. client-side encryption
- B. Azure Storage Service Encryption
- C. Azure Disk Encryption
- D. Encrypting File System (EFS)
Correct answer: C
Explanation
The correct answer is Azure Disk Encryption, as it allows you to manage your own encryption keys while ensuring that data is encrypted at rest and includes auditing capabilities for key usage. The other options do not provide the same level of key management control or the specific requirements for auditing and encryption at rest.