You create an Azure Storage account. You plan to add 10 blob containers to the storage account. For one of the containers, you need to use a different key to encrypt data at rest. What should you do before you create the container?
D) Create an encryption scope
Why?
In Azure Storage, encryption of data at rest is done using Azure Storage Service Encryption (SSE). Azure Storage SSE uses Microsoft-managed encryption keys to encrypt the data in the storage account.
In the scenario described, you need to use a different key to encrypt data at rest for one of the containers. To do this, you need to create an encryption scope, which is a named configuration that defines the default encryption settings for a container. By creating an encryption scope, you can use a customer-managed key, stored in Azure Key Vault, to encrypt the data in that specific container.
Therefore, option D (Create an encryption scope) is the correct answer as it allows you to use a different key for data encryption for the specific container.
For Azure Blob storage, if you want to use a different key for encrypting data at rest for a specific blob container, you would use encryption scopes. An encryption scope defines the key that will be used to encrypt blob data and associated metadata. Once you've set up an encryption scope, you can associate it with a blob container to ensure that all data written to that container uses the key specified by the encryption scope.
Therefore, before creating the container with a different key for encryption, you should:
D. Create an encryption scope.
"By default, a storage account is encrypted with a key that is scoped to the entire storage account. When you define an encryption scope, you specify a key that may be scoped to a container or an individual blob. When the encryption scope is applied to a blob, the blob is encrypted with that key. When the encryption scope is applied to a container, it serves as the default scope for blobs in that container, so that all blobs that are uploaded to that container may be encrypted with the same key. The container can be configured to enforce the default encryption scope for all blobs in the container, or to permit an individual blob to be uploaded to the container with an encryption scope other than the default."
Similar question on exam May-11-2023:
Which types of services storage encryption scope is enable.
1) Only Containers (correct)
2) Only Azure Files
3) Azure Files and Containers
4) Containers and Tables
5) Containers and Queue
When you define an encryption scope, you specify a key that may be scoped to a **container*** or an ***individual blob***.
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview#how-encryption-scopes-work
D is the answer.
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview
Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. You can use encryption scopes to create secure boundaries between data that resides in the same storage account but belongs to different customers.
Encryption scopes enable you to manage encryption with a key that is scoped to a container or an individual blob. You can use encryption scopes to create secure boundaries between data that resides in the same storage account but belongs to different customers.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
omgMerrick
Highly Voted 2 years agoNaoVaz
Highly Voted 2 years, 5 months ago[Removed]
Most Recent 6 months agoAmir1909
11 months, 2 weeks agoiamchoy
1 year, 5 months agoMehedi007
1 year, 7 months agoMehedi007
1 year, 7 months agoTinyRunner
1 year, 9 months agoJunetGoyal
1 year, 10 months agoUmbongoDrink
2 years agozellck
2 years, 1 month agormsdg
2 years, 3 months agobdumois
2 years, 5 months agoAZOU
2 years, 5 months agoMev4953
2 years, 5 months agolibran
2 years, 6 months agoqwerty100
2 years, 6 months agoEmnCours
2 years, 6 months ago