exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam

Exam AZ-500 topic 5 question 37 discussion

Actual exam question from Microsoft's AZ-500
Question #: 37
Topic #: 5
[All AZ-500 Questions]

DRAG DROP -
You have an Azure subscription.
You plan to create a storage account.
You need to use customer-managed keys to encrypt the tables in the storage account.
From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
majstor86
Highly Voted 6 months, 1 week ago
New-AzStorageAccount New-AzStorageAccountKey New-AzStorageTable
upvoted 10 times
Hot_156
2 days, 18 hours ago
This question doesn't make sense, so it could be outdated! You don't use New-AzStorageAccountKeys if you want to use user-managed keys.
upvoted 1 times
...
...
tutonata
Most Recent 6 months, 1 week ago
Why would you have to regenerate the access key ? Is this a mistake ? You need to generate a Keyvault encryption key when you use customer provided keys, NOT storage account keys. Should be Add-AzKeyvVaultKey commandlet... I do not get why we need to regen SA key at all since tney get created when you issue the New-AzStorageAccount commandlet. It's not like the existing key has been compromised...
upvoted 2 times
...
CeliaZhou
8 months, 2 weeks ago
This is very confusing, since New-AzStorageAccountKey is used to generage a key access key for storage account instead of encrytion key, for encryption you only need to run New-AzStorageAccount New-AzStorageAccount -ResourceGroupName <resource_group> ` -AccountName <storage-account> ` -Location <location> ` -SkuName "Standard_RAGRS" ` -Kind StorageV2 ` -EncryptionKeyTypeForTable Account ` -EncryptionKeyTypeForQueue Account https://learn.microsoft.com/en-us/powershell/module/az.storage/new-azstorageaccountkey?view=azps-9.2.0 https://learn.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?tabs=powershell
upvoted 3 times
Fal991l
8 months, 1 week ago
Agree.
upvoted 1 times
Fal991l
8 months, 1 week ago
But, the question is 'You need to use customer-managed keys to encrypt the tables in the storage account'. so the answer is right.
upvoted 2 times
...
...
...
licna
1 year, 8 months ago
Following the given link for explanation it seems that the last option is not correct. It should be "Set-AzStorageAccount" instead (which is missing so it can not be chosen). Also what sense it would make to deal with Azure Tables in this scenario, right?
upvoted 2 times
waqas
1 year, 8 months ago
read the line "You need to use customer-managed keys to encrypt the TABLES in the storage account"
upvoted 5 times
licna
1 year, 8 months ago
You are right, I did not notice that. Then the answer might be correct. Anyway, this question is a bit strange for MS security exam.
upvoted 3 times
...
...
...
sudarchary
1 year, 10 months ago
Correct Answer
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago