Home / Microsoft / AZ-303 / Question 24

Question 24

You need to enable encryption for a running Windows Infrastructure-as-a-Service (IaaS) virtual machine (VM).

Which PowerShell cmdlet should you use?

Answers

A. Set-AzDiskDiskEncryptionKey
B. Set-AzVMDataDisk
C. Set-AzVMDiskEncryptionExtension
D. ConvertTo-AzVMManagedDisk

Show answer and vote

A

B

C

D

Advertisement

Explanation

You should use the Set-AzVMDiskEncryptionExtension cmdlet. This cmdlet is used to enable encryption on a running VM by installing the disk encryption extension. This cmdlet is used to enable encryption for a Windows or supported Linux VM. You should create a snapshot of the VM before enabling encryption.

You should not use the Set-AzVMDataDisk cmdlet. This cmdlet is used to modify properties for a VM data disk but does not include properties related to encryption.

You should not use the Set-AzDiskDiskEncryptionKey cmdlet. This cmdlet sets the disk encryption key properties on a disk but does not enable encryption.

You should not use the ConvertTo-AzVMManagedDisk cmdlet. This cmdlet is used to convert a VM with blob-based disks to a VM with managed disks.

References

Azure Disk Encryption for virtual machines and virtual machine scale sets

Azure Disk Encryption for Linux VMs

Quickstart: Create and encrypt a Windows virtual machine in Azure with PowerShell

Set-AzVMDiskEncryptionExtension

Set-AzVMDataDisk

Set-AzDiskDiskEncryptionKey

Comments

Load more