You are responsible for designing the security architecture of an Azure landing zone for your company. The organization has outlined specific compliance and privacy requirements that must be met:

Cardholder data must be encrypted using encryption keys managed by the company internally.

Insurance claim files must be encrypted using encryption keys that are hosted on-premises.

Which two configurations will fulfill these compliance and privacy requirements? Each correct answer is a part of the complete solution. NOTE: Each correct selection is worth one point.

Exam-Like

Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed keys.

0.0%

Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.

41.7%

Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM.

50.0%

Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.

8.3%

Microsoft Cybersecurity Architect Expert SC-100