You are responsible for designing the security architecture of an Azure landing zone for your company. The organization has outlined specific compliance and privacy requirements that must be met:

• Cardholder data must be encrypted using encryption keys managed by the company internally.
• Insurance claim files must be encrypted using encryption keys that are hosted on-premises.

Which two configurations will fulfill these compliance and privacy requirements? Each correct answer is a part of the complete solution. NOTE: Each correct selection is worth one point.