exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 23 discussion

Actual exam question from Microsoft's AZ-305
Question #: 23
Topic #: 1
[All AZ-305 Questions]

You plan to deploy an app that will use an Azure Storage account.
You need to deploy the storage account. The storage account must meet the following requirements:
✑ Store the data for multiple users.
✑ Encrypt each user's data by using a separate key.
✑ Encrypt all the data in the storage account by using customer-managed keys.
What should you deploy?

  • A. files in a premium file share storage account
  • B. blobs in a general purpose v2 storage account
  • C. blobs in an Azure Data Lake Storage Gen2 account
  • D. files in a general purpose v2 storage account
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
kay000001
Highly Voted 2 years, 2 months ago
Selected Answer: B
B. blobs in a general purpose v2 storage account
upvoted 20 times
TaoLu
1 year, 1 month ago
az storage container create --name <container_name> --public-access off --metadata encryptionScope="<customer_managed_key_url>"
upvoted 3 times
...
...
NotMeAnyWay
Highly Voted 1 year, 8 months ago
Selected Answer: B
B. blobs in a general purpose v2 storage account A General Purpose v2 (GPv2) storage account can store blobs, files, queues, and tables, making it a versatile option for a wide range of applications. It supports customer-managed keys for encryption, allowing you to maintain control over the encryption keys. To encrypt each user's data with a separate key, you can use Azure Blob Storage Service Encryption with customer-managed keys, storing each user's data in separate containers, and then configuring separate encryption keys for each container.
upvoted 19 times
malcubierre
1 year, 2 months ago
I don't think you can choose different keys on every container.... contiguration is at storage level, not container.
upvoted 1 times
...
sieira
1 year, 2 months ago
Thanks for sharing this point of view.
upvoted 1 times
...
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
Selected Answer: B
B is correct
upvoted 1 times
...
7054bfc
4 months ago
THIS-->You can specify a customer-managed key to use for encrypting and decrypting data in Blob Storage and in AZURE FILES. https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management
upvoted 2 times
...
23169fd
5 months, 2 weeks ago
B and C are correct but B is a better choice because if the application involves big data analytics, C would be more appropriate. For general-purpose storage, B is suitable.
upvoted 1 times
...
MelKr
8 months, 1 week ago
Selected Answer: B
At the time the question was designed only B would have been correct. Currently, C is also correct. The question requires support for two features: 1. Encryption scopes (different users encrypt with different keys) 2. Customer managed keys with key vault https://learn.microsoft.com/en-us/azure/storage/blobs/storage-feature-support-in-storage-accounts: Check for current support of these features for the different types of blob storage configurations.
upvoted 2 times
...
Sandeep1981
1 year, 6 months ago
Selected Answer: B
B is the answer
upvoted 3 times
...
zellck
1 year, 9 months ago
Selected Answer: B
B is the answer. https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management You can specify a customer-provided key on Blob Storage operations. A client making a read or write request against Blob Storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted.
upvoted 7 times
zellck
1 year, 9 months ago
https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-customer-provided-keys Clients making requests against Azure Blob storage can provide an AES-256 encryption key to encrypt that blob on a write operation. Subsequent requests to read or write to the blob must include the same key. Including the encryption key on the request provides granular control over encryption settings for Blob storage operations. Customer-provided keys can be stored in Azure Key Vault or in another key store.
upvoted 4 times
...
...
jj22222
1 year, 9 months ago
Selected Answer: B
blobs in a general purpose v2 storage account
upvoted 1 times
...
Ilky
1 year, 9 months ago
ADLS GEN 2 DOES NOT SUPPORT CMK ON THE FLY, HENCE B
upvoted 1 times
Lazylinux
8 months ago
Do Not shout we are deaf!!!
upvoted 2 times
...
...
Joule
1 year, 9 months ago
Selected Answer: C
B. Blobs in an Azure Data Lake Storage Gen2 account would be the best option to meet the given requirements. Azure Data Lake Storage Gen2 offers support for object storage and is designed to store and analyze large amounts of unstructured data. It also offers the ability to use customer-managed keys for encryption and supports the use of Azure Key Vault. Additionally, ADLS Gen2 offers a hierarchical namespace, which makes it easy to manage large data sets and access them efficiently.
upvoted 2 times
...
sainandam
1 year, 10 months ago
B - HNS does not support encryption keys on request. https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-customer-provided-keys
upvoted 2 times
...
OPT_001122
1 year, 10 months ago
Selected Answer: B
B. blobs in a general purpose v2 storage account
upvoted 2 times
...
VBK8579
1 year, 10 months ago
Answer C
upvoted 1 times
...
armpro
1 year, 10 months ago
Selected Answer: B
Ans: B Only blobs can use customer provided keys for container level or blob level custom encryption https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management
upvoted 1 times
...
sporting1
1 year, 11 months ago
I'm a bit confused. What is the difference between B and C?
upvoted 2 times
MadSysadmin
1 year, 11 months ago
B and C are different, eg. Data Lake Storage supports paths and subdirectories
upvoted 1 times
...
Mltytskr
1 year, 11 months ago
Data Lake on GPv2 means hierarchical namespace (HNS) is enabled, and according to: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-feature-support-in-storage-accounts, HNS does not support customer-managed keys so it would have to be B.
upvoted 9 times
Mltytskr
1 year, 11 months ago
Sorry, meant customer-provided, not managed, which I think is required because of "Encrypt each user's data by using a separate key." Open to correction.
upvoted 4 times
...
...
...
Born_Again
1 year, 12 months ago
Selected Answer: B
B. blobs in a general purpose v2 storage account
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...