Microsoft Azure Architect Design (AZ-301) Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Microsoft Azure Architect Design (AZ-301) Exam with interactive quizzes featuring flashcards and multiple-choice questions, each packed with hints and explanations to ace your certification test!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which Azure storage service can be used to encrypt all data while at rest, using a key generated by the company?

  1. Azure Table storage

  2. Azure Backup

  3. Azure Blob storage

  4. Azure Queue storage

The correct answer is: Azure Blob storage

Azure Blob storage is capable of encrypting all data at rest using keys that are generated and managed by the company, often referred to as customer-managed keys (CMK). This feature is part of Azure's commitment to security and compliance, allowing organizations to control their encryption keys for better governance. Blob storage supports server-side encryption (SSE) with various options for key management. If a company chooses to utilize a key generated by them, they can leverage Azure Key Vault to store and manage these keys securely. This gives organizations more flexibility and control over their data security, particularly for sensitive information. The other Azure storage services mentioned, such as Azure Table storage and Azure Queue storage, also provide security features but do not have the same level of flexibility for custom key management when it comes to encrypting data at rest. Azure Backup focuses on protecting and backing up data, rather than being a primary storage service like Blob storage. Therefore, when focusing specifically on the encryption of data at rest using a company-generated key, Azure Blob storage is the most appropriate choice.

More Questions Like This