Question 74 of 179 from exam AZ-204: Developing Solutions for Microsoft Azure

Prev Question Next Question

Question

HOTSPOT - You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure.

The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements.

You need to configure Azure Disk Encryption for the VM.

How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

$Answer Area az provider register -n Microsoft .Keyvault resourcegroup="myResourceGroup" az group create --name $resourcegroup --location westus keyvault_name=myvaultname$RANDOM az YW) create \ --name $keyvault_name \ --resource-group $resourcegroup \ --location eastus \ ~-enabled-for-disk-encryption True az create \ [vie keyvault keyvault key wm encryption --vault-name $keyvault_name \ --name Namel \ --protection software az create \ keyvault key lym encryption --resource-group $resourcegroup \, --name Name2 \ mage Canonical:UbuntuServer:16.04-LTS:latest \ --admin-username azureuser \ --generate-ssh-keys \ --data-disk-sizes-gb 5 az W enable\ aa keyvault keyvault key vm encryption --resource-group $resourcegroup \ --name Name2 \ --disk-encryption-keyvault $keyvault_name \ --key-encryption-key Namel \ --volume-type all data os$

Show Answer

Explanations

$Answer Area az provider register -n Microsoft.Keyvault resourcegroup="myResourceGroup" az group create --name $resourcegroup --location westus keyvault_name=myvaultname$RANDOM az W create \ vm |keyvault keyvault key jvm encryption --name $keyvault_name \ --resource-group $resourcegroup \ --location eastus \ ~-enabled-for-disk-encryption True az create \ es kexauhts PSSA S82 lym encryption --vault-name $keyvault_name \ --name Namel \ --protection software az create \ --resource-group $resourcegroup \, name Name2 \ --image Canonical:UbuntuServer:16.04-LTS:latest \ admin-username azureuser \ generate-ssh-keys \ --data-disk-sizes-gb 5 az Ww enable\ aa keyvault keyvault key lym encryption --resource-group $resourcegroup \ --name Name2 \ --disk-encryption-keyvault $keyvault_name \ --key-encryption-key Namel \ --volume-type v all data os$

Box 1: keyvault - Create an Azure Key Vault with az keyvault create and enable the Key Vault for use with disk encryption.

Specify a unique Key Vault name for keyvault_name as follows: keyvault_name=myvaultname$RANDOM az keyvault create \ --name $keyvault_name \ --resource-group $resourcegroup \ --location eastus \ --enabled-for-disk-encryption True Box 2: keyvault key - The Azure platform needs to be granted access to request the cryptographic keys when the VM boots to decrypt the virtual disks.

Create a cryptographic key in your Key Vault with az keyvault key create.

The following example creates a key named myKey: az keyvault key create \ --vault-name $keyvault_name \ --name myKey \ --protection software Box 3: vm - Create a VM with az vm create.

Only certain marketplace images support disk encryption.

The following example creates a VM named myVM using an Ubuntu 16.04 LTS image: az vm create \ --resource-group $resourcegroup \ --name myVM \ --image Canonical:UbuntuServer:16.04-LTS:latest \ --admin-username azureuser \ --generate-ssh-keys \ Box 4: vm encryption - Encrypt your VM with az vm encryption enable: az vm encryption enable \ --resource-group $resourcegroup \ --name myVM \ --disk-encryption-keyvault $keyvault_name \ --key-encryption-key myKey \ --volume-type all Note: seems to an error in the question.

Should haveenable instead of create.

Box 5: all - Encrypt both data and operating system.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-cli-quickstart

Prev Question Next Question