Designing a Data Protection Strategy for Azure Virtual Machine Disk Encryption

Encrypting Azure Virtual Disks: Recommended Solution

Question

You have an Azure subscription that contains 100 virtual machines.

You plan to design a data protection strategy to encrypt the virtual disks.

You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks.

What should you include in the recommendation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C

For enhanced virtual machine (VM) security and compliance, virtual disks in Azure can be encrypted. Disks are encrypted by using cryptographic keys that are secured in an Azure Key Vault. You control these cryptographic keys and can audit their use.

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

To encrypt virtual disks in Azure, you can use Azure Disk Encryption. Azure Disk Encryption can encrypt both the operating system and data disks for virtual machines running Windows or Linux. The encryption process uses a key to encrypt and decrypt the data, and you can store the key in Azure Key Vault to improve security.

When recommending a solution to encrypt virtual disks using Azure Disk Encryption, you need to consider the type of key used for encryption. The key used for encryption can be a passphrase, a certificate, a key, or a secret.

In this scenario, you need to recommend a solution that provides the ability to encrypt both operating system and data disks, which means you need to choose a key that is flexible enough to work with both types of disks.

Passphrase: A passphrase is a string of characters used to generate a key. While a passphrase is easy to remember, it may not provide enough security for sensitive data. Additionally, a passphrase is typically used to encrypt data at rest, rather than operating systems.

Certificate: A certificate is a digital document that contains a public key and a signature that proves the authenticity of the certificate. Certificates can be used for encryption, but they are typically used for authentication and identity verification rather than encryption of data at rest or operating systems.

Key: A key is a secret value used to encrypt and decrypt data. A key can be generated by Azure Key Vault or imported from an external source. When you use a key for encryption, you can store the key in Azure Key Vault, which provides additional security for the key.

Secret: A secret is similar to a key, but it is typically used for authentication and identity verification rather than encryption of data at rest or operating systems.

Therefore, the correct answer to this question is C. a key. You should recommend a solution that uses a key to encrypt the virtual disks in Azure. By using a key, you can encrypt both operating system and data disks, and store the key in Azure Key Vault to improve security.