Microsoft Azure Architect Design (2020, legacy) — Question 9

You need to create an Azure Storage account that uses a custom encryption key.
What do you need to implement the encryption?

Answer options

• A. a certificate issued by an integrated certification authority (CA) and stored in Azure Key Vault
• B. a managed identity that is configured to access the storage account
• C. an Azure Active Directory Premium subscription
• D. an Azure key vault in the same Azure region as the storage account

Correct answer: D

Explanation

To implement custom encryption for an Azure Storage account, you need an Azure Key Vault in the same region as the storage account, as it securely stores the encryption keys. The other options, while useful in different contexts, do not directly facilitate the requirement for custom encryption key management.