You have an Azure Data Factory version 2 (V2) resource named Df1. Df1 contains a linked service. You have an Azure Key vault named vault1 that contains an encryption key named key1. You need to encrypt Df1 by using key1. What should you do first?
A.
Add a private endpoint connection to vault1.
B.
Enable Azure role-based access control on vault1.
I believe this is correct, based on the question: What should you do FIRST?
A DF needs to be empty to be encrypted: https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key#post-factory-creation-in-data-factory-ui
So FIRST we need to empty the DF - then we can move on.
Correct answer:
A customer-managed key can only be configured on an empty data Factory. The data factory can't contain any resources such as linked services, pipelines and data flows.
https://learn.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key#post-factory-creation-in-data-factory-ui
Correct answer should be A. When encrypting Azure Data Factory (ADF) resources using Azure Key Vault (AKV), a private endpoint connection ensures that the communication between the Data Factory and Key Vault happens over a private network rather than a public endpoint. This is required to securely retrieve encryption keys like key1.
A customer-managed key can only be configured on an empty data Factory. The data factory can't contain any resources such as linked services, pipelines and data flows.
https://learn.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key#post-factory-creation-in-data-factory-ui
You don't need to enable "RBAC", access policies is a default and more simple way to assign permissions, so B option is not necesary, but it is a requirement to delete the linked services to configure customer-managed key. So the correct answer is C - Delete linked services first.
https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal
https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key#enable-customer-managed-keys
Correct. "A customer-managed key can only be configured on an empty data Factory. The data factory can't contain any resources such as linked services, pipelines and data flows."
A customer-managed key can only be configured on an empty data Factory. The data factory can’t contain any resources such as linked services, pipelines and data flows. It is recommended to enable customer-managed key right after factory creation.
Note: Azure Data Factory encrypts data at rest, including entity definitions and any data cached while runs are in progress. By default, data is encrypted with a randomly generated Microsoft-managed key that is uniquely assigned to your data factory.
Reference: https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key
I thin k it's B. I recently changed a linked service pwf to key vault. I didn't delete the service and just added the managed Identity access to the vault with all the desired rules.
This section is not available anymore. Please use the main Exam Page.DP-203 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
gnulf69
Highly Voted 2 years, 7 months agohanzocuk
1 year, 3 months agoauwia
Highly Voted 9 months, 3 weeks agoaca357f
Most Recent 3 months agokkk5566
7 months, 3 weeks ago[Removed]
9 months, 2 weeks agovctrhugo
10 months agorzeng
1 year, 5 months agoRajashekharc
1 year, 7 months agoDeeksha1234
1 year, 8 months agojuanlu46
1 year, 11 months agoploer
2 years, 2 months agoMFR
2 years, 3 months agoCanary_2021
2 years, 3 months agox089797
2 years, 4 months agoeoicp
2 years, 5 months agoSatschi
2 years, 7 months ago