Microsoft Azure Architect Design (AZ-304) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Microsoft Azure Architect Design (AZ-304) Exam with comprehensive quiz questions designed to enhance your understanding and confidence. Master essential Azure concepts and strategies to excel on your test day!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which Azure service can be used to encrypt data while at rest with company-generated keys?

  1. Azure Blob storage

  2. Azure SQL Database

  3. Azure Queue storage

  4. Azure Kubernetes Service

The correct answer is: Azure Blob storage

Azure Blob Storage is designed to store massive amounts of unstructured data and comes with built-in capabilities to handle data encryption. When it comes to encrypting data at rest, Azure Blob Storage allows for the use of customer-managed keys (CMK). This means that organizations can generate their own keys and store them in Azure Key Vault, giving them full control over the security and management of encryption keys. This feature is particularly important for organizations with strict compliance requirements or those that want to maintain tighter security over their data. It ensures that even if Azure systems were to be compromised, the data remains encrypted and inaccessible without the appropriate keys. The other services listed, while they may have encryption capabilities, do not offer the same level of flexibility with customer-generated keys as Azure Blob Storage does. For example, Azure SQL Database does support encryption but primarily uses Transparent Data Encryption (TDE) with Azure-managed keys by default. Similarly, Azure Queue storage also supports encryption but primarily relies on Azure-managed keys instead of allowing full control over customer-generated keys. Azure Kubernetes Service is primarily an orchestration platform and does not focus on data storage in the way that would involve at rest encryption like the other services do.

More Questions Like This