Implementing Azure Disk Encryption

B

The correct answer is B. an Azure key vault.

Azure Disk Encryption is a feature that helps encrypt virtual machine disks using keys and policies that are managed in Azure Key Vault. Azure Disk Encryption helps protect your virtual machine data and helps you meet organizational security and compliance commitments by encrypting disks at rest using industry-standard encryption technology.

Before implementing Azure Disk Encryption, you must create an Azure Key Vault and configure it with a cryptographic key to be used for disk encryption. This key will be used to encrypt and decrypt data on the virtual machine disks. You must also grant the appropriate permissions to the virtual machine and the Azure Active Directory identity that will be used to enable Azure Disk Encryption.

A. Customer Lockbox for Microsoft Azure is not a prerequisite for implementing Azure Disk Encryption. It is a feature that provides an additional layer of control over access to customer data stored in Azure by allowing customers to approve or deny requests for access to their data by Microsoft personnel.

C. A BitLocker recovery key is not a prerequisite for implementing Azure Disk Encryption. BitLocker is a disk encryption feature that is built into Windows and can be used to encrypt Windows virtual machine disks. However, for Azure Disk Encryption, you need to use Azure Key Vault.

D. Data-link layer encryption in Azure is a networking feature that helps encrypt data in transit between virtual machines. It is not related to disk encryption and is not a prerequisite for implementing Azure Disk Encryption.