Exam AZ-305 topic 1 question 23 discussion

B. blobs in a general purpose v2 storage account A General Purpose v2 (GPv2) storage account can store blobs, files, queues, and tables, making it a versatile option for a wide range of applications. It supports customer-managed keys for encryption, allowing you to maintain control over the encryption keys. To encrypt each user's data with a separate key, you can use Azure Blob Storage Service Encryption with customer-managed keys, storing each user's data in separate containers, and then configuring separate encryption keys for each container.

B. blobs in a general purpose v2 storage account

B is correct

THIS-->You can specify a customer-managed key to use for encrypting and decrypting data in Blob Storage and in AZURE FILES. https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management

B and C are correct but B is a better choice because if the application involves big data analytics, C would be more appropriate. For general-purpose storage, B is suitable.

At the time the question was designed only B would have been correct. Currently, C is also correct. The question requires support for two features: 1. Encryption scopes (different users encrypt with different keys) 2. Customer managed keys with key vault https://learn.microsoft.com/en-us/azure/storage/blobs/storage-feature-support-in-storage-accounts: Check for current support of these features for the different types of blob storage configurations.

B is the answer

B is the answer. https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management You can specify a customer-provided key on Blob Storage operations. A client making a read or write request against Blob Storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted.

blobs in a general purpose v2 storage account

ADLS GEN 2 DOES NOT SUPPORT CMK ON THE FLY, HENCE B

B. Blobs in an Azure Data Lake Storage Gen2 account would be the best option to meet the given requirements. Azure Data Lake Storage Gen2 offers support for object storage and is designed to store and analyze large amounts of unstructured data. It also offers the ability to use customer-managed keys for encryption and supports the use of Azure Key Vault. Additionally, ADLS Gen2 offers a hierarchical namespace, which makes it easy to manage large data sets and access them efficiently.

B - HNS does not support encryption keys on request. https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-customer-provided-keys

B. blobs in a general purpose v2 storage account

Answer C

Ans: B Only blobs can use customer provided keys for container level or blob level custom encryption https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption#about-encryption-key-management

I'm a bit confused. What is the difference between B and C?

B. blobs in a general purpose v2 storage account