Answer-first summary for fast verification
Answer: Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys., Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM.
Option C meets the requirement for encrypting cardholder data using company-managed keys, as Azure Key Vault Managed HSM allows the use of keys managed by the company (BYOK - Bring Your Own Key). Option B meets the requirement for encrypting insurance claim files using encryption keys hosted on-premises, as it utilizes customer-provided keys that can be stored on-premises. Option A is incorrect because the company must manage the keys, not Microsoft-managed keys. Option D is incorrect because Azure Key Vault Managed HSM is not hosted on-premises, which is required for the insurance claim files.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are responsible for designing the security architecture of an Azure landing zone for your company. The organization has outlined specific compliance and privacy requirements that must be met:
Which two configurations will fulfill these compliance and privacy requirements? Each correct answer is a part of the complete solution. NOTE: Each correct selection is worth one point.
A
Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed keys.
B
Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
C
Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM.
D
Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.