Data Protection Strategy for Azure Virtual Machines - Solution Recommendation
Question
You are designing a data protection strategy for Azure virtual machines. All the virtual machines use managed disks.
You need to recommend a solution that meets the following requirements:
-> The use of encryption keys is audited.
-> All the data is encrypted at rest always.
-> You manage the encryption keys, not Microsoft.
What should you include in the recommendation?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overviewThe requirement states that all data must be encrypted at rest, the use of encryption keys should be audited, and you must manage the encryption keys. Managed disks are already encrypted by default in Azure, but you can provide additional encryption on top of this default encryption for added security.
Option A, client-side encryption, involves encrypting data before it's uploaded to Azure Storage. While this provides an additional layer of encryption, it doesn't satisfy the requirement to have all data encrypted at rest in Azure.
Option B, Azure Storage Service Encryption, encrypts data at rest in Azure Storage. However, this option doesn't provide encryption for Azure virtual machines.
Option C, Azure Disk Encryption, satisfies all the requirements. This option provides encryption for virtual machine disks and allows you to manage the encryption keys used for the encryption. With Azure Disk Encryption, data is encrypted at rest in Azure and you can audit the use of the encryption keys.
Option D, Encrypting File System (EFS), is not applicable in this scenario because it's a Windows feature that provides file-level encryption, not disk-level encryption for virtual machines in Azure.
Therefore, the correct answer is C, Azure Disk Encryption.
