Microsoft Azure Architect Design (AZ-304) Practice Test

What Azure Disk Encryption method allows you to audit encryption keys and manage them?

• A. BitLocker Drive Encryption
• B. Azure Storage Service Encryption
• C. Client-side encryption
• D. Azure Disk Encryption

The correct answer is: Azure Disk Encryption

The method that allows you to audit encryption keys and manage them is Azure Disk Encryption. This service leverages BitLocker technology in Windows and DM-Crypt technology in Linux to provide encryption for the virtual hard drives (VHDs) associated with managed and unmanaged disks. One of the key features of Azure Disk Encryption is its integration with Azure Key Vault. This integration enables organizations to have centralized control over storage and management of the encryption keys. Administrators can generate, store, and manage keys in Azure Key Vault, allowing for greater flexibility and security, such as key rotation and auditing access to the keys. This ensures that organizations can maintain compliance and security standards that often require detailed tracking of who has access to encryption keys. While BitLocker Drive Encryption is a technology that encrypts data on Windows machines, it doesn't provide direct management or auditing capabilities for keys. Similarly, Azure Storage Service Encryption automatically encrypts data at rest, but it does not offer the same level of key management and auditing features as Azure Disk Encryption does. Client-side encryption involves encryption done by the client before data is sent to Azure, which does not interact with Azure's key management features. Ultimately, Azure Disk Encryption stands out because it allows more sophisticated management and auditing of the encryption keys